Neil Brown [Fri, 23 Mar 2007 01:36:36 +0000 (12:36 +1100)]
statd - fix bug so statd can talk to kernel again.
We need to call statd_get_socket before dropping privileges so that we
have a privileged port. We use to do that when initialising
notification as the same socket was used for reboot notication as for
callbacks to the kernel. Now it is a different socket..
Neil Brown [Thu, 22 Mar 2007 05:56:20 +0000 (16:56 +1100)]
mount.nfs: Fix issue with -o user,exec
It would seem to make sense for mount.nfs to impose the
"-o user" => "-o noexec,nodev,nosuid"
rule. However if you give "user,exec" to /sbin/mount,
it will pass down
nodev,nosuid,user
with the 'exec' flag :-(
So we have to leave that handling of that particular rule to
/sbin/mount.
Neil Brown [Thu, 22 Mar 2007 05:06:22 +0000 (16:06 +1100)]
Never set SO_REUSEADDR on a UDP socket.
The effect is quite different from TCP sockets.
For TCP, it allows you to listen for new connections even if there
are outstanding old connections with the same local address.
For UDP, it allows other people to steal your packets by
binding to the same address.
Kevin Coffman [Tue, 20 Mar 2007 22:52:17 +0000 (18:52 -0400)]
Fix a couple of problems that crept into mount
Commit 6facb22402a0bd8cd49be2ed1a0856b24fef42f4 changed the allocation
of len to no longer get 20 extra bytes. It needs to get at least one
extra byte for a null character, otherwise a single extra option such
as "sec=krb5" is never copied in parse_opt() and is dropped.
Neil Brown [Tue, 20 Mar 2007 05:17:27 +0000 (16:17 +1100)]
statd - remove try_to_resolve
try_to_resolve is used to resolve a hostname when sending a notification.
But we now only send notifications to localhost, so name resolution is not
needed.
Neil Brown [Tue, 20 Mar 2007 00:47:28 +0000 (11:47 +1100)]
Allow disabling of libblkid usage.
Some versions of libblkid have a terrible memory leak which makes
mounted grow toooo big. So support
--disable-uuid
to remove the uuid functionality and liblkid with it.
Neil Brown [Tue, 20 Mar 2007 00:15:29 +0000 (11:15 +1100)]
Add --with-rpcgen= for configure so that the system rpcgen can be used.
Ultimately it makes sense to remove remove rpcgen from the nfs-utils
release as it is already in the glibc release. With this patch
you can use the system rpcgen to make sure it works.
It is not default yet, but it might be in a future release.
Neil Brown [Tue, 20 Mar 2007 00:13:42 +0000 (11:13 +1100)]
Handle -o remount better
On -o remount, we need to update the entry in mtab rather than
add a new one. update_mtab does this so use that.
However it might free some strings that shouldn't be freed, so
stop it from calling free - the program will exit soon anyway
so no exit is needed.
Neil Brown [Mon, 19 Mar 2007 22:50:33 +0000 (09:50 +1100)]
Prevent sm-notify from being run multiple times per reboot.
As "mount.nfs" can start statd, and as statd can start sm-notify,
the risk of sm-notify being run multiple times increases.
As this is not normally appropriate, sm-notify now creates a
file in /var/run which will stop future instances from being
run (though ofcourse this behaviour can be controlled by a
new command line option).
Karel Zak [Mon, 19 Mar 2007 19:33:17 +0000 (20:33 +0100)]
Correctly handle -f (fake) mount option.
The fake option has to write to mtab like a normal mount. Read mount(8) man
page for more details. It's very important for system init scripts that use
"-f" as a way how write info about mount points to /etc/mtab.
Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Mon, 19 Mar 2007 00:52:30 +0000 (11:52 +1100)]
Handle 'crossmnt' when kernel asked for export options for a directory.
If the kernel finds a mountpoint below a 'crossmnt' export, it will ask
mounted what export options to use. With this patch it will return
the same export options as for the top 'crossmnt' export unless
more specific options have been given.
Neil Brown [Mon, 19 Mar 2007 00:41:21 +0000 (11:41 +1100)]
Allow exporting of a subfilesystem when 'crossmnt' is set.
If we are asked to export a filesystem which is not explicitly
exported, but an ancestor is exported as 'crossmnt', export the
filesystems with the same options as the ancestor.
This is the first step to making 'crossmnt' effectively export
a tree of filesystems.
Kevin Coffman [Fri, 16 Mar 2007 14:27:48 +0000 (10:27 -0400)]
Create two separate paths for pipefs_dir and pipefs_nfsdir.
Future work needs access to the base pipefs directory rather than
the nfs subdirectory. Create two separate paths called
pipefs_dir and pipefs_nfsdir with the name of each.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 16 Mar 2007 14:27:46 +0000 (10:27 -0400)]
Allow any credential to be used for machine credentials
Don't restrict machine credentials to be "nfs/<machine.name>".
Use any usable credentials contained in the keytab file.
[We actually attempt to use the first entry found for each
realm, not every entry, in the keytab.]
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 16 Mar 2007 14:27:44 +0000 (10:27 -0400)]
Add option to allow root to use credentials other than machine credentials
Add a new option ("-n") to rpc.gssd to indicate that accesses as root
(uid 0) should not use machine credentials, but should instead use
"normal" Kerberos credentials obtained by root.
This change was prompted by a suggestion and patch from Daniel
Muntz <Dan.Muntz@netapp.com>. That patch suggested trying "normal"
credentials first and falling back to using machine creds for
uid 0 if normal creds failed.
This opens up the case where root may have credentials as "foo@REALM"
and begins accessing files. Then the context using those credentials
expires and must be renewed. If the credentials are now expired, then
root's new context would fall back and be created with the machine
credentials.
Instead, this patch insists that the administrator choose to use either
machine credentials for accesses by uid 0 (the default behavior, as
it was before) or "normal" credentials. In the latter case, arrangements
must be made to obtain credentials before attempting a mount. There
should be no doubts which credentials are used for uid 0.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Fri, 16 Mar 2007 07:07:41 +0000 (18:07 +1100)]
Correctly handle "user" and "users" mount options.
If "user" or "users" is given, then allow mount.nfs to be run
by a non-root user providing that the mountpoint, filesystem, and options
exactly match what is found in fstab.
For "user", record the user name in mtab so they can unmount the
filesystem later.
Also alwasys ignore auto, owner, group and their negations as well
as "_netdev", "comment" and "loop".
Neil Brown [Fri, 16 Mar 2007 05:50:11 +0000 (16:50 +1100)]
On "umount --lazy", don't tell the server we have unmounted.
Because, ofcourse, we haven't.
When we do finally let-go of the mount, the server won't get told,
but the same would happen on a crash, and the server just has to cope.
Neil Brown [Fri, 16 Mar 2007 02:56:25 +0000 (13:56 +1100)]
Further tidyup of nfs_umount.
- remove non-used arguments from del_mtab.
- Don't try to pass a "host:/path" string to umount.
It used to be possible to umount("/dev/whatever"). It has never
been possible to umount("host:/path").
- Don't try to read /proc/mounts first. Some mount options (mount_vers)
are only stored in /etc/mtab, not in /proc/mounts. So we have to
prefer /etc/mtab as getmntXbackwards do.
- Only every call one of getmnt{dir,dev}backwards, depending on whether
'spec' looks like a path name or a host:/path.
- Don't call _nfsumount unless we have a host:/path, or del_mtab unless we
have a path name.
Wei Yongjun [Wed, 14 Mar 2007 07:56:58 +0000 (15:56 +0800)]
Use correct UMNT protocol to do umount
This patch do following things:
1. When unmounting, we should try /proc/mounts first. Only then in
/etc/mtab if it wasn't found.
2. Reject name passed to us which is not starts with a '/' or not
contains a ':'
3. Fix the method to get UMNT protocol
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>
Wei Yongjun [Wed, 14 Mar 2007 08:07:09 +0000 (16:07 +0800)]
Fix nfs4 umount to not used umount procedure
This fix umount.nfs4's BUG, patch cleanup some useless code.
1. Combine nfs3_umount() and nfs2_umount() to nfs_umount()
2. If it is a nfs4 remote file system or unkown mount version, do not
probe remote mount port and not send UMNT request wich is not necessary
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>
Wei Yongjun [Wed, 14 Mar 2007 07:51:38 +0000 (15:51 +0800)]
Use correct UMNT version to do umount
This patch lets umount to use correct UMNT version to do umount.
In latest kernel, the version format is "vers=3" etc., and in old kernel
the version format is "v3","v4" etc.
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Fri, 16 Mar 2007 00:58:39 +0000 (11:58 +1100)]
Don't complain if two exports of different types match the same IP address.
As nfs-utils as an ordering of client types (hostname, netmask,
wildcard, netgroup), it is expected that sometimes the one IP will
match two or more of these and the first will over-ride. So
don't both complaining when that happens.
Neil Brown [Fri, 16 Mar 2007 00:56:59 +0000 (11:56 +1100)]
Install mount.nfs* in /sbin instead of /usr/sbin
This patch is now hard-coded in the Makefile.am and cannot
be changed by configure. But as it needs to match what
util-linux does, that is probably a good thing.
Neil Brown [Fri, 16 Mar 2007 00:24:15 +0000 (11:24 +1100)]
Automatically start statd when mounting an nfs filesystem.
If statd is not running (/var/run/rpc.statd.pid) when an nfs filesystem
is mounted (v2 or v3, with remote locking enabled), and if
/usr/sbin/start-statd (or other program specified at config time) is
present, then run that program to start statd.
This means that statd does not need to be running "just in case".
It only needs to be started at boot time if the nfs server is
started.
Neil Brown [Thu, 15 Mar 2007 04:38:35 +0000 (15:38 +1100)]
Make --enable-secure-statd the default.
i.e. you now need --disable-secure-statd if you want any client
other than lockd to talk to statd.
Also relax the RESTRICTED_STATD checks so that a recent kernel
with /proc/sys/fs/nfs/nsm_use_hostnames set can still talk to
statd.
Finally, restrict access to simulate_crash so that only privileged
processes on localhost can call it. Having it accessible by the
whole world is probably not much more than a minor inconvenience,
but it really should be kept closed.
Neil Brown [Wed, 14 Mar 2007 22:46:33 +0000 (09:46 +1100)]
If -o sec= is not specified for mount, allow either AUTH_SYS or AUTH_NONE.
Solaris servers, when asked to share a filesystem with an anon-uid, will
report the only available authentication style as AUTH_NONE in the
reply from mountd (even though they actually accept AUTH_SYS and simply
ignore the credentiuals).
So if no sec= is specified we should really accept anything that can easily
be handled. ie. AUTH_SYS or AUTH_NONE.
Simon Peter [Tue, 13 Mar 2007 04:19:24 +0000 (15:19 +1100)]
Use very long timeout for information in the filehandle->path cache.
/* The fsid -> path lookup can be quite expensive as it
* potentially stats and reads lots of devices, and some of those
* might have spun-down. The Answer is not likely to
* change underneath us, and an 'exportfs -f' can always
* remove this from the kernel, so use a really log
* timeout. Maybe this should be configurable on the command
* line.
*/
Neil Brown [Tue, 13 Mar 2007 03:39:49 +0000 (14:39 +1100)]
Restore use of un-connected socket for UDP mount requests.
When connecting to an NFSv4 server we need to find out IP address
as it would be seen by the server, to register an address for
callbacks.
This is most easily done by connecting the socket to the
servers address and then getting the address of our endpoint.
However with a connected UDP socket, replies that come from a
different IP address - as can happen with non-Linux multi-homed
servers - will be rejected.
So if we connected our UDP socket, we need to be sure to
disconnect it before using it.
This patch adds an option to get_socket to say if we want it
connected or not and, in the case where we do, we disconnect
a UDP socket after the connection information has been used.
Also clean up the error handling in clnt_ping which was getting
clumsy.
Kevin Coffman [Tue, 27 Feb 2007 04:26:44 +0000 (15:26 +1100)]
Fix reference error when writing fsloc data to cache
Use the correct pointer when writing fslocations data to the cache.
Also write the fsloc stuff before the uuid stuff so userland code
will work with or without the uuid kernel patches.
Fred Isaman [Thu, 22 Feb 2007 04:48:53 +0000 (15:48 +1100)]
Extend the exportfs interface to pass fslocations info into the kernel.
Extend exportfs interface to pass fslocations info into the kernel,
using syntax modelled after AIX. Adds "refer=" and "replicas="
options to /etc/exports to enable use of the kernel fslocation code.
Signed-off-by: Fred Isaman <iisaman@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Mon, 12 Feb 2007 05:30:23 +0000 (16:30 +1100)]
Support group-id looks for kernels that ask for them.
With "-g" mountd will listen for uid -> gidlist requests
from the kernel and provide the required mapping.
This is specific to AUTH_USER (aka AUTH_SYS) and is designed
to overcome the 16-gid limit in the AUTH_UNIX protocol.
Neil Brown [Mon, 12 Feb 2007 01:25:03 +0000 (12:25 +1100)]
Use UUIDs to identify filesystems if kernel supports it.
This introduces a new dependancy on libblkid.
If a filesystem being exported has a UUID that libblkid
can extract, then that is passed to the kernel for use
in identifying the filesystem in filehandles.
This means that 'fsid=' is no longer needed to work around the
problem of device numbers changing.
fsid= is still needed for fielsystems that have no device,
and can now be given 16byute uuid instead of just a 32bit one.
Kevin Coffman [Thu, 8 Feb 2007 22:27:51 +0000 (17:27 -0500)]
Add option to svcgssd to enable libnfsidmap debugging.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Glenn Machin <GMachin@sandia.gov>. Allow svcgssd
to turn on libnfsidmap debugging. This uses a new command-line
parameter so that it can be enabled independently from other
debugging. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:45 +0000 (17:27 -0500)]
Remove duplicated code.
Signed-off-by: Fred Isaman <iisaman@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Remove duplicated code. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:40 +0000 (17:27 -0500)]
Share handling of lucid_sec_context for Heimdal and MIT
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The 0.8 release of Heimdal has (will have) support for the lucid context.
The handling of lucid_sec_context can be shared between builds with MIT
or Heimdal Kerberos.
Split out the lucid_sec_context code from context_mit.c
and make a new common file, context_lucid.c. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:35 +0000 (17:27 -0500)]
Use owner rather than filename format in choosing cred cache files
Signed-off-by: Glenn Machin <gmachin@sandia.gov> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Some installations use different name formats for their credentials
caches. Instead of checking that the uid is part of the name, just
make sure that uid is the owner of the file.
This is a modification of the original patch from Glenn. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:30 +0000 (17:27 -0500)]
Various minor manpage fixes.
Signed-off-by: Steinar H. Gunderson <sgunderson@bigfoot.com> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
This mostly takes care of the difference between - and \-; in
man pages, the former is hyphen (which indicates, among others,
that a line might be split at that point), while the latter is a
dash. For options, the latter is correct.
There's also one minor grammatical fix. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:25 +0000 (17:27 -0500)]
Use the gssglue version of gssapi.h for svcgssd_mech2file.c
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Remove Kerberos implementation dependency from svcgssd_mech2file.c Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:19 +0000 (17:27 -0500)]
Stop using storage after free
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The previous patch seems to expose a use after free bug in dirscancb. At
least, I could reliably reproduce a segfault by doing a bunch of mounts
and then unmounting them all. The code uses the following list macro:
TAILQ_FOREACH(ic, icq, ic_next) {
...to iterate over all of the ic entries and clean up any that no longer
have a corresponding directory in rpc_pipefs. This macro unrolls into:
for(ic=icq->tqh_first; ic != NULL; ic=ic->ic_next.tqe_next) {
...but within this loop, we can free ic, and then the for loop can trip
over that when it tries to do the iteration. The attached patch works
around this by not using the TAILQ_FOREACH macro and saving off the
tqe_next pointer prior to the free.
Again, this was tested on a patched 1.0.6, but the 1.0.10 code is very
similar, and I think the problem exists there as well. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:14 +0000 (17:27 -0500)]
Fix memory leak in idmapd.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
There is a pretty nasty memory leak in idmapd in dirscancb(). Some of
our customers have reported that idmapd can eat gigabytes of memory on
machines with a large number of mounts and unmounts and a long uptime.
That function uses scandir(), which malloc's an array of strings, but
dirscancb() never frees the strings or the array. The following patch
should correct this, but I've not yet tested it on 1.0.10 (only on the
RHEL4 1.0.6 version). Still, the code is very similar and I'm fairly
certain the problem exists in both versions. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:27:09 +0000 (17:27 -0500)]
Treat GSSAPI error codes as unsigned.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
GSSAPI error codes (major and minor) are defined as unsigned values.
However, we treat them as signed while passing them down to the
kernel where conversion fails if they include the minus sign.
Convert them as unsigned. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:26:59 +0000 (17:26 -0500)]
Add AM_MAINTAINER_MODE to configure.in
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As requested by "Steinar H. Gunderson" <sgunderson@bigfoot.com>, add
AM_MAINTAINER_MODE to configure.in. See the description of this
macro below:
`AM_MAINTAINER_MODE' disables the so called "rebuild rules" bys
default. If you have `AM_MAINTAINER_MODE' in `configure.ac', and
run `./configure && make', then `make' will *never* attempt to
rebuild `configure', `Makefile.in's, Lex or Yacc outputs, etc.
I.e., this disables build rules for files which are usually
distributed and that users should normally not have to update.
If you run `./configure --enable-maintainer-mode', then these
rebuild rules will be active. Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Thu, 8 Feb 2007 22:26:53 +0000 (17:26 -0500)]
Touch up some of the autotools files
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
this patch touches up the autotool code a bit in nfs-utils:
- run autogen.sh with -e so if something fails, it'll abort properly
- set ACLOCAL_AMFLAGS so that when running autoreconf or when
autotools re-runs itself, the m4 files are found properly
- make sure we include bsdsignals.m4 in the final tarball
- add some cross-compiling fallback logic to bsdsignals.m4 so that
when cross-compiling nfs-utils, the configure is a bit more nice
than simply:
checking for BSD signal semantics... configure: error: cannot run test program while cross compiling Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Mon, 5 Feb 2007 04:37:55 +0000 (15:37 +1100)]
Make UDP sockets not blocking
This is needs if mountd is running multithreaded else multiple threads
will be blocked on a UDP port with nothing to read and so won't
be able to serve up-calls from the kernel.
Thanks to "Murali Krishna V" <vm.krishna@gmail.com> for highlighting
the problem.