Chuck Lever [Sat, 28 Jul 2007 21:50:40 +0000 (17:50 -0400)]
libnfs.a: move clnt_ping() to utils/mount
Continue clean up of mount functionality in libnfs.a by moving clnt_ping()
to utils/mount/network.c. Note that socklen_t is an unsigned int... the
i386 gcc compiler threw a signedness warning about the 3rd argument of
getsockname().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Sat, 28 Jul 2007 21:50:30 +0000 (17:50 -0400)]
libnfs.a: move mnt_{open, close}clnt calls to utils/mount/network.c
It turns out that get_socket() accesses a global variable, "verbose," that
is only available in the mount command; yet it's in libnfs.a. This creates
an undocumented API dependency that will bite someone someday. This
mount-specific functionality doesn't really belong in libnfs.a anyway.
The simplest way to resolve this is to move all of the functions in
support/nfs/conn.c into utils/mount. network.c seems like the logical
place to put these. An added benefit is we eventually get to make
get_socket() static.
Let's start with the mnt_{open,close}clnt functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Sat, 28 Jul 2007 21:50:19 +0000 (17:50 -0400)]
mount.nfs: fix hang when getport() uses TCP against unavailable servers
If get_socket() can't get us an open TCP socket, we know the server is
down, so make getport() exit early instead of hanging. This logic is
copied from clnt_ping().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Sat, 28 Jul 2007 21:50:04 +0000 (17:50 -0400)]
umount.nfs: Make do_nfs_mount use conventional EX_ style return codes
do_nfs_mount() should return EX_ style return codes and not 1 or 0 in order
to distinguish between usage errors and other problems (such as EX_FILEIO
or RPC errors).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Sat, 28 Jul 2007 21:49:43 +0000 (17:49 -0400)]
umount.nfs: move nfs_call_umount to network.c
nfs_call_umount() is shared by nfsmount.c and nfsumount.c, and manages a
network function (building the RPC umount call to the server's MNT daemon).
So move it to network.c with other network-related functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Sat, 28 Jul 2007 21:49:28 +0000 (17:49 -0400)]
umount.nfs: some umount.nfs error return codes are confusing
umount.nfs should return the standard EX_ mount return codes. At some
point in the past, it was returning 0 for failure and 1 for success, and
some of these have been changed and some haven't. See if we can rectify
this.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
J. Bruce Fields [Thu, 26 Jul 2007 20:30:46 +0000 (16:30 -0400)]
Use __fpurge to ensure single-line writes to cache files
On a recent Debian/Sid machine, I saw libc retrying stdio writes that
returned write errors. The result is that if an export downcall returns
an error (which it can in normal operation, since it currently
(incorrectly) returns -ENOENT on any negative downcall), then subsequent
downcalls will write multiple lines (including the original line that
received the error).
The result is that the server fails to respond to any rpc call that
refers to an unexported mount point (such as a readdir of a directory
containing such a mountpoint), so client commands hang.
I don't know whether this libc behavior is correct or expected, but it
seems safest to add the __fpurge() (suggested by Neil) to ensure data is
thrown away.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 16 Jul 2007 20:29:22 +0000 (16:29 -0400)]
mount.nfs: Error handling clean-up
o Use nfs_error( _() ) instead of fprintf(stderr,
o Use the mount return code macros instead of bare integers
o Free mount_point after it has been canonicalized
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 16 Jul 2007 20:29:06 +0000 (16:29 -0400)]
mount.nfs: Change *flags to flags
It's not necessary to treat the *flags parameter to nfsmount and nfs4mount
as an output parameter. Nothing is passed back. Replace it with a normal
call-by-value.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 16 Jul 2007 20:29:01 +0000 (16:29 -0400)]
mount.nfs: No need to return nfs_mount_data structs
Refactor mount processing slightly to remove an output parameter and an
unnecessary type cast. The mount syscall is now made from inside
nfs_mount or nfs4mount, rather than in common code after those are called.
Code review suggests that EX_BG was never returned by mount.nfs because the
logic I just replaced was always returning EX_FAIL. The new logic should
properly return EX_BG when appropriate.
However, it is unclear whether /bin/mount handles backgrounding the mount
request, or whether mount.nfs should.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 16 Jul 2007 20:28:56 +0000 (16:28 -0400)]
mount.nfs: Move MS_DUMMY and friends to header file
We move the definitions of MS_USER and friends to our local copy of
mount_constants.h. These will need to be available in nfsmount.c and
nfs4mount.c when we move the mount system call out of mount.c.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Clean-up: remove logic to handle --bind and other such command-line
options from mount.nfs[4].
These options are already handled in /bin/mount, and the logic for handling
them in the NFS helper is currently disabled. Other helpers such as
mount.ocfs2 appear not to support --bind (ie. they rely on /bin/mount to
do it).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
mount.c seems to assume that nfsumount() uses standard C true/false
return values, and inverts them for the exit status (where 0 is
traditionally considered success). However, nfsumount() consistently
seems to use 0 for success, and thus a success gets returned as exit
status 1 and a failure as exit status 0. This confuses at least
the GNOME drive manager applet, and probably others as well.
Signed-off-by: Steinar H. Gunderson <sesse@debian.org> Signed-off-by: Neil Brown <neilb@suse.de>
J. Bruce Fields [Thu, 5 Jul 2007 17:45:54 +0000 (13:45 -0400)]
document the sec= option
Document the sec= option in the exports man page.
Not done: it would be nice to have an example or two here (and not just
in the final "EXAMPLE" section, though that would be nice too). I was
just too lazy to figure out the formatting.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
J. Bruce Fields [Thu, 5 Jul 2007 17:45:53 +0000 (13:45 -0400)]
Support sec= option to specify export security
This adds support for reading sec= option and sending security data
through cache via "... secinfo n flavor1 flag1 ... flavorN flagN".
If sec= is missing, no secinfo option will be passed down.
Signed-off-by: Fred Isaman <iisaman@citi.umich.edu> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
mount.nfs: Fix retry= to handle lack of reserved port situation
In the case of several (>500) mounts running at the same time
with -o tcp, the number of attempts that succeed is about 300-500
because it run out of priviledged port (they are busy in TIME_WAIT
state).
Signed-off-by: Flavio Leitner <flavio.leitner@gmail.com> Signed-off-by: Neil Brown <neilb@suse.de>
Prior to David Howell's mount changes in 2.6.18, users who mounted
different directories which happened to be from the same filesystem on the
server would get different super blocks, and hence could choose different
mount options. As long as there were no hard linked files that crossed from
one subtree to another, this was quite safe.
Post the changes, if the two directories are on the same filesystem (have
the same 'fsid'), they will share the same super block, and hence the same
mount options.
Add a flag to allow users to elect not to share the NFS super block with
another mount point, even if the fsids are the same. This will allow
users to set different mount options for the two different super blocks, as
was previously possible. It is still up to the user to ensure that there
are no cache coherency issues when doing this, however the default
behaviour will be to share super blocks whenever two paths result in
the same fsid.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Neil Brown <neilb@suse.de>
Steve Dickson [Thu, 17 May 2007 00:04:19 +0000 (10:04 +1000)]
mount.nfs - NFSv4 mounts give wrong error message when server denies the mount
When nfs4 mount fail because the exported directory does
not exist, the mount command claims the local mount point
does not exist which is wrong. This patch fixes that problem
as well as makes the v4 mount failures look like v3/v2 failures.
Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
In client_compose(), free() the hostent structure returned before
exiting. Normally, gethostbyaddr() returns a pointer to a static
struct, but this hostent comes from either get_reliable_hostbyaddr() or
get_hostent(), both which return a pointer they privately xmalloc()ed,
which thus can and should be free()d.
Signed-Off-By: Steinar H. Gunderson <sesse@debian.org>
Jeff Layton [Wed, 9 May 2007 14:19:33 +0000 (10:19 -0400)]
nfs-utils: have mountd hold open etab file to force inode number to change
This patch changes mountd to hold the etab file open so that when it's
changed by exportfs, the inode number should change. We then change
auth_reload to reload the file based on whether st_ino is different
from the last time it was checked. It also changes auth_reload to
maintain a static counter value and return it instead of a timestamp
and fixes up get_exportlist accordingly. Finally, it adds some
comments to xtab_write to warn people about editing the etab in place.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: NeilBrown <neilb@suse.de>
Neil Brown [Tue, 8 May 2007 04:43:28 +0000 (14:43 +1000)]
Remove rquotad
rquotad isn't really used by anyone - as you can tell by the fact that
it only works for ext2 and ext3 (if those).
The 'quota' package contains a working and maintained rquota and all
distros appear to use that one. So remove rquotad from this package
to avoid confusion.
Jeff Layton [Mon, 7 May 2007 11:53:32 +0000 (07:53 -0400)]
update manpages for showmount and mountd
This patch updates the manpages for showmount and mountd. It adds a
description of the new mountd -r option, and a caveat about the unreliability
of showmount -a.
Neil Brown [Thu, 3 May 2007 00:46:02 +0000 (10:46 +1000)]
Detect version of libblkid and act accordingly.
libblkid earlier than 1.40 has a memory leak bug that make it unsuitable
for use in mountd.
So detect the version and default to not using it if too old. Give appropriate
warnings in various cases.
Kevin Coffman [Thu, 19 Apr 2007 21:39:27 +0000 (17:39 -0400)]
Update libgssapi requirements
Update the required version of libgssapi from 0.9 to 0.11.
(Working with Heimdal requires 0.11. Symbol versioning was
introduced in 0.10 and should be used everywhere, although
not absolutely required.)
Neil Brown [Mon, 16 Apr 2007 01:15:40 +0000 (11:15 +1000)]
Be more cautious about use for privilege ports (<1024).
Ports < 1024 are a scarce resource and should not be used
carelessly. Technically they should be not used at all without
registration with IANA, but sometimes we need them despite that.
So: for the socket that RPC services listen on, don't use a <1024 port
by default. There is no need.
For sockets that we send messages on, that are long-lived, and that might
need to appear 'privileged', avoid using a number that is registered in
/etc/services if possible.
Neil Brown [Mon, 2 Apr 2007 03:26:05 +0000 (13:26 +1000)]
exportfs - test exportability of filesystems when exportfs is run.
When exporting a filesystem test to see if the kernel is likely
to accept the export and print suitable warning message if not.
Don't actually fail the 'exportfs' as by the time a MOUNT request
arrives, the filesystem might be exportable.
Neil Brown [Mon, 2 Apr 2007 03:26:01 +0000 (13:26 +1000)]
mountd - improve checks and error messages for export failure.
If an attempt is made to export a non-(dir|file), just ignore it.
This should get caught by exportfs.
If an attempt is made to export a non-exportable filesystem, report
an error. Hopefully exportfs can trap some these as well, but
catching them in mountd as well is good.
Neil Brown [Mon, 2 Apr 2007 03:25:40 +0000 (13:25 +1000)]
Tell NFS/lockd client what that local state number is.
Both SM_STAT and SM_MON can return the state of an NSM, but it is
unclear which NSM they return the state of, so the value cannot be
used, and lockd doesn't use it.
Document this confusion, and give the current state to the kernel
via a sysctl if that sysctl is available (since about 2.6.19).
This should make is possible for the NFS server to detect a small
class of bad SM_NOTIFY packets and not flush locks in that case.
Kevin Coffman [Fri, 30 Mar 2007 22:32:14 +0000 (18:32 -0400)]
Use newly added keytab functions
Use the new functions added in the previous patch.
Obtain machine credentials in a pre-determined order
Look for appropriate machine credentials in the following order:
root/<fqdn>@REALM
nfs/<fqdn>@REALM
host/<fqdn>@REALM
root/<any-name>@REALM
nfs/<any-name>@REALM
host/<any-name>@REALM
The first matching credential will be used.
Also, the machine credentials to be used are now determined
"on-demand" rather than at gssd startup. This allows keytab
additions to be noticed and used without requiring a restart of gssd.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 30 Mar 2007 22:32:10 +0000 (18:32 -0400)]
Hide differences between MIT and Heimdal in macros
Clean up a lot of #ifdef'd code using macros, masking
the differences between MIT and Heimdal implementations.
The currently unused macros will be used in later patches.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Thu, 29 Mar 2007 03:20:20 +0000 (13:20 +1000)]
Change default to use system rpcgen.
If system-installed rpcgen if such exists.
If none is found, build our own.
Override with
./configure --with-rpcgen=internal
for internal rpcgen or
./configure --with-rpcgen=/local/rpcgen
for a non-standard location.
Neil Brown [Thu, 29 Mar 2007 03:08:08 +0000 (13:08 +1000)]
statd - use dnsname to ensure correct matching of NOTIFY requests.
When lockd asks to monitor a host, we find the FQDN from the DNS
and remember that, both internally and in the /var/lib/nfs/sm/*
file.
When we receive an SM_NOTIFY request, we compare both the
mon_name and the source IP address against that DNS name to find
a match.
If a DNS name is not available, we fall back to the name provided by
lockd, which at least is known to map to an IP address via
gethostbyname.
Neil Brown [Thu, 29 Mar 2007 03:08:07 +0000 (13:08 +1000)]
statd - check for 'priv' when looking for duplicate registrations.
From the point of view of the client (lockd), the 'priv' blob is probably
the most important key, so make sure to not throw away requests with
new 'priv' information.
Neil Brown [Thu, 29 Mar 2007 03:08:01 +0000 (13:08 +1000)]
mountd - better response to failed attempts to export filesystems
If the kernel rejects an attempt to export a filesystem - e.g. because
it is not exportable, we shouldn't just ignore the error, but rather
should tell the kernel that the relevant filehandle or path cannot be supported.
We should really print out some error messages too.
Neil Brown [Fri, 23 Mar 2007 01:36:36 +0000 (12:36 +1100)]
statd - fix bug so statd can talk to kernel again.
We need to call statd_get_socket before dropping privileges so that we
have a privileged port. We use to do that when initialising
notification as the same socket was used for reboot notication as for
callbacks to the kernel. Now it is a different socket..