]> git.decadent.org.uk Git - nfs-utils.git/log
nfs-utils.git
13 years agoexportfs: matchhostname() doesn't handle localhost properly
Chuck Lever [Mon, 29 Aug 2011 17:20:22 +0000 (13:20 -0400)]
exportfs: matchhostname() doesn't handle localhost properly

Same change as statd_matchhostname() is necessary for the logic in
exportfs.

Recall that these are "separate but nearly equal" because the exportfs
version requires extra expensive string checking that would be onerous
for statd.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agostatd: statd_matchhostname() doesn't handle localhost properly
Chuck Lever [Mon, 29 Aug 2011 17:18:25 +0000 (13:18 -0400)]
statd: statd_matchhostname() doesn't handle localhost properly

The job of statd_matchhostname() is to work hard at matching two
hostnames or presentation IP addresses that may refer to the same
host.

statd_matchhostname() turns the hostname of the local system into a
list of addresses containing only the loopback address.  The actual
DNS registered address of the system does not appear in that list.

Presentation IP addresses, on the other hand, are soundly ignored by
the AI_CANONNAME option of getaddrinfo(3).  The ai_canonname string
that is returned is just the same presentation IP address.  And the
resulting list of addresses contains just that IP address.

So if the DNS registered IP address of the local host is passed in as
one argument, and the local hostname is passed as the other argument,
statd_matchhostname() whiffs and believes there is no match.  To fix
this, the logic needs to be smarter about deriving a hostname from an
IP address.

This appears to cause no end of trouble: monitor records pile up in
/var/lib/nfs/sm and sm.bak, notifications are missed, and so on.  This
has likely been around since commit cbd3a131 "statd: Introduce statd
version of matchhostname()" (Jan 14, 2010).

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agosm-notify: Disable syslog messages when debugging is enabled
Chuck Lever [Mon, 29 Aug 2011 17:13:15 +0000 (13:13 -0400)]
sm-notify: Disable syslog messages when debugging is enabled

statd's "-F" flag disables syslog output, and specifies sm-notify's
"-d" option when it runs it.  sm-notify's "-d" option should therefore
also disable syslog output.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agostatd: Report count of loaded hosts correctly
Chuck Lever [Mon, 29 Aug 2011 17:11:58 +0000 (13:11 -0400)]
statd: Report count of loaded hosts correctly

Fix a debugging message to report correctly the count of hosts loaded
when statd starts up.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agopdate addres for Free Software Foundation
NeilBrown [Mon, 29 Aug 2011 16:56:17 +0000 (12:56 -0400)]
pdate addres for Free Software Foundation

License texts contain multiple address for FSF, some wrong.
So update them and  replace COPYING file with
http://www.gnu.org/licenses/gpl-2.0.txt
which has a few changes to preamble and commentary.

Also remove extra COPYING file from utils/statd/

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoumount.nfs: fix nfs4 check
Ian Kent [Mon, 29 Aug 2011 16:29:36 +0000 (12:29 -0400)]
umount.nfs: fix nfs4 check

From: Ian Kent <ikent@redhat.com>

nfs_umount_is_vers4() doesn't take acount of the escaping of characters
seen in /proc/mounts and /etc/mtab as the functions in fstab.c do. This
leads to an inability to umount a mount containing any of these escaped
characters (like spaces).

This patch changes nfs_umount_is_vers4() to use functions in fstab.c and
adds a function to fstab.c to read /proc/mounts specifically, as it was
used  for the check in nfs_umount_is_vers4() previously.

Signed-off-by: Ian Kent <ikent@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agostart-statd: Use bash as -p is no POSIX
Luk Claes [Mon, 29 Aug 2011 16:04:25 +0000 (12:04 -0400)]
start-statd: Use bash as -p is no POSIX

sh -p is not guaranteed to be provided by POSIX shells. dash for
instance does not provide this, so use bash explicitly.

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs.man: Fix macro use for fstab examples
Luk Claes [Mon, 29 Aug 2011 15:51:46 +0000 (11:51 -0400)]
nfs.man: Fix macro use for fstab examples

The groff macros for filling (word-wrapping) and tabulation control are
lower-case, but are written in upper-case here and so have been ignored.

Change the .NF and .FI lines to lower-case.

Change the .TA lines to lower-case and fix the tab stops to work both
on a terminal and in Postscript output.

Delete the .SP line where .sp would be redundant.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexports.man: Fix comment syntax
Luk Claes [Mon, 29 Aug 2011 15:46:17 +0000 (11:46 -0400)]
exports.man: Fix comment syntax

Using three single-quotes for a comment sort of works because it
results in invoking a nonexistent macro, but it results in a huge
number of warnings when trying to validate the man page.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsiostat.man: Fix missing I in ".I <interval>"
Luk Claes [Mon, 29 Aug 2011 15:44:14 +0000 (11:44 -0400)]
nfsiostat.man: Fix missing I in ".I <interval>"

Fix syntax for missing I in .I according to a patch from Simon Paillard
<spaillard@debian.org> in Debian bug #624261.

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agostatd.man: man complains about lines starting with '
Luk Claes [Mon, 29 Aug 2011 15:41:36 +0000 (11:41 -0400)]
statd.man: man complains about lines starting with '

Fix syntax for line starting with 'visible' according to a patch from
Simon Paillard <spaillard@debian.org> in Debian bug #624261.

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs.man: man complains when line starts with quote
Luk Claes [Mon, 29 Aug 2011 15:40:12 +0000 (11:40 -0400)]
nfs.man: man complains when line starts with quote

Fix "macro `local_lock=flock'.' not defined" by avoiding to put a quote
at the beginning of the line.

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexports.man: "\* d lets man complain
Luk Claes [Mon, 29 Aug 2011 15:36:37 +0000 (11:36 -0400)]
exports.man: "\* d lets man complain

man complains with "macro `d' not defined", so remove these seemingly
unneeded characters

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount.nfs: submarvellous messages from mount.nfs
Max Matveev [Tue, 16 Aug 2011 11:57:43 +0000 (07:57 -0400)]
mount.nfs: submarvellous messages from mount.nfs

Consider a setup where mountd on the server is controlled via
tcp_wrappers (usual RHEL setup) and will not process calls from a
particular client because of something in /etc/hosts.deny.

When such client attempts to do v3 mount, the error message printed
by mount.nfs is misleading.

This patch changes that error message from:
    mount.nfs: Argument list too long
to
    mount.nfs: access denied by server while mounting server:/export

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: fix for libmount from util-linux >= 2.20
Karel Zak [Wed, 3 Aug 2011 19:12:53 +0000 (15:12 -0400)]
mount: fix for libmount from util-linux >= 2.20

The function mnt_fs_set_fs_options() has been removed from the final
version of the libmount API.

Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agorpc.statd: Bind downcall socket to loopback address
Chuck Lever [Wed, 3 Aug 2011 17:22:52 +0000 (13:22 -0400)]
rpc.statd: Bind downcall socket to loopback address

In the past, rpc.statd posted SM_NOTIFY requests using the same socket
it used for sending downcalls to the kernel.  To receive replies from
remote hosts, the socket was bound to INADDR_ANY.

With commit f113db52 "Remove notify functionality from statd in
favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer
used for sending requests to remote hosts.  However, the downcall
socket is still bound to INADDR_ANY.

Thus a remote host can inject data on this socket since it is an
unconnected UDP socket listening for RPC replies.  Thanks to f113db52,
the port number of this socket is no longer controlled by a command
line option, making it difficult to firewall.

We have demonstrated that data injection on this socket can result in
a DoS by causing rpc.statd to consume CPU and log bandwidth, but so
far we have not found a breach.

To prevent unwanted data injection, bind this socket to the loopback
address.

BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: Fixed strcmp usage in in insert groups.
Matthew Treinish [Wed, 3 Aug 2011 17:10:14 +0000 (13:10 -0400)]
mountd: Fixed strcmp usage in in insert groups.

Fixed the usage of strcmp in the duplicate check in insert groups.
Fixes an issue with showmount and other commands that required
the group information.

Signed-off-by: Matthew Treinish <treinish@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoA problem with the --enable-libmount-mount configure option
Paul Bender [Wed, 3 Aug 2011 17:06:56 +0000 (13:06 -0400)]
A problem with the --enable-libmount-mount configure option

nfs-utils' configure script assumes that when either
--enable-libmount-mount or --disable-libmount-mount
is specified, that libmount should be used.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoA problem with running configure with the dash shell
Paul Bender [Wed, 3 Aug 2011 17:03:18 +0000 (13:03 -0400)]
A problem with running configure with the dash shell

nfs-utils' configure script fails to run when /bin/sh is
the dash shell.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agorpc.mountd: let mountd consult /etc/services for port
Mi Jinlong [Wed, 3 Aug 2011 16:52:48 +0000 (12:52 -0400)]
rpc.mountd: let mountd consult /etc/services for port

At RHEL, if user set port for mountd at /etc/services as
"mount   12345/tcp", mountd should be bind to 12345, but the
latest nfs-utils, mountd get a rand port, not 12345.

This patch make sure mountd be bind to the port which was set
at /etc/service.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsidmap: Configuration regression nfs-utils-1-2-5-rc1
Steve Dickson [Thu, 21 Jul 2011 18:47:39 +0000 (14:47 -0400)]
nfsidmap: Configuration regression

Commit f3d38a7c introduce a configuration regression
that cause the nfsidmap code to never get enabled.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoStatd should always 'chdir' to its state directory.
NeilBrown [Thu, 21 Jul 2011 18:23:00 +0000 (14:23 -0400)]
Statd should always 'chdir' to its state directory.

s statd can be started by 'mount' which can sometimes be run by a
normal user, the current-working-directory could be anything.  In
partcular it could be in a mounted filesystem.  As 'statd' continues
running as a daemon it could keep prevent that filesystem from being
unmounted.

statd does currently 'chdir' to the state directory, but only if the
state directory is not owned by root.  This is wrong - it should check
for root after the chdir, not before.

So swap the two if statements around.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agogssd: Fix typo in debug string
Benjamin Coddington [Thu, 21 Jul 2011 18:19:52 +0000 (14:19 -0400)]
gssd: Fix typo in debug string

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agosvcgssd: use correct defaults in call to gss_set_allowable_enctypes
Kevin Coffman [Thu, 21 Jul 2011 18:16:59 +0000 (14:16 -0400)]
svcgssd: use correct defaults in call to gss_set_allowable_enctypes

For the window of kernels between 2.6.35 (when the support
for newer encryption was added) and 2.6.39 (when the ability
to read the supported enctypes from the kernel was added),
use a default of all enctypes when the kernel supported
enctypes file cannot be read.

For kernels before 2.6.35, continue to use a default of
only DES enctypes.

Note that the version of Kerberos must also support the use of
gss_set_allowable_enctypes for service-side negotiations.

See also: http://bugzilla.redhat.com/show_bug.cgi?id=719776

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsidmap: Manpage corrections
Michael Guntsche [Wed, 13 Jul 2011 17:26:57 +0000 (13:26 -0400)]
nfsidmap: Manpage corrections

I recently upgraded to 1.2.4 to use the new nfsidmap feature. While
following the manpage and the kernel documentation I noticed a
difference. Kernel docs mention key TYPE id_resolver while the manpage
states nfs_idmap. The following patch changes the manpage to the proper
type.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoMake sure CONFIG_NFSIDMAP is always defined.
Steve Dickson [Tue, 12 Jul 2011 21:21:09 +0000 (17:21 -0400)]
Make sure CONFIG_NFSIDMAP is always defined.

CONFIG_NFSIDMAP always need to be define either
negatively or positive whether nfsv4 is or is not
defined.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount.nfs: Do not segfault because of kernel version
Luk Claes [Tue, 12 Jul 2011 14:38:03 +0000 (10:38 -0400)]
mount.nfs: Do not segfault because of kernel version

mount.nfs segfaults if kernel version number does not contain
at least 3 components delimited with a dot.

Avoid this by matching up to three unsigned integers inialised
to zero, separated by dots.

A version that does not start with an integer is probably a future
version where the versioning evolved to another scheme.
Return UINT_MAX which is guaranteed to be higher than existing
versions. This would also make it possible to easily identify
versions that do not start with an integer.

Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexportfs: closing fd associated with /proc/fs/nfsd/export_features
Masatake YAMATO [Tue, 12 Jul 2011 14:00:01 +0000 (10:00 -0400)]
exportfs: closing fd associated with /proc/fs/nfsd/export_features

The fd associated with /proc/fs/nfsd/export_features opened in
get_export_features is not closed.

Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoAdd requirement for newer libgssglue for svcgssd -n option
Kevin Coffman [Thu, 30 Jun 2011 15:13:38 +0000 (11:13 -0400)]
Add requirement for newer libgssglue for svcgssd -n option

SNAFU.  This came to my attention minutes after 1.2.4 was
released...

Changes in commit d6c1b35c require that gss_acquire_cred()
is now called when the "-n" option is used.  This requires an
updated libgssglue which properly handles name GSS_C_NO_NAME
as input to gss_import_name()/gss_acquire_cred().

Add a requirement for the newer version.

Without the newer libgssglue, when svcgssd is started with "-n"
you will see the error message, "ERROR: GSS-API: error in
gss_acquire_cred(): GSS_S_BAD_NAME (An invalid name was supplied)
- Unknown error"

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRe-Release of 1.2.4 nfs-utils-1-2-4
Steve Dickson [Thu, 30 Jun 2011 13:00:42 +0000 (09:00 -0400)]
Re-Release of 1.2.4

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount.nfs: Fix for the bug in v1.2.4 that breaks mount.nfs
Prem Karat [Thu, 30 Jun 2011 11:29:20 +0000 (07:29 -0400)]
mount.nfs: Fix for the bug in v1.2.4 that breaks mount.nfs

commit 30ebf047 failed to include these changes that breaks mount.nfs.
mount.nfs will continue to work fine with these changes

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRevert "Release 1.2.4"
Steve Dickson [Thu, 30 Jun 2011 12:58:58 +0000 (08:58 -0400)]
Revert "Release 1.2.4"

This reverts commit 5b1ffc69dc68b355cdc7d02153068f6efef1c9b7.

13 years agoRelease 1.2.4
Steve Dickson [Wed, 29 Jun 2011 14:24:17 +0000 (10:24 -0400)]
Release 1.2.4

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoUpdated ChangeLog with all the commits of the current release.
Steve Dickson [Wed, 29 Jun 2011 14:22:47 +0000 (10:22 -0400)]
Updated ChangeLog with all the commits of the current release.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoDo not compile unnecessary files when the libmount code is enable
NeilBrown [Tue, 28 Jun 2011 17:24:33 +0000 (13:24 -0400)]
Do not compile unnecessary files when the libmount code is enable

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount.nfs: Don't hard code source and destination
Prem Karat [Tue, 28 Jun 2011 15:53:40 +0000 (11:53 -0400)]
mount.nfs: Don't hard code source and destination

Currently souce and destination parameters should be passed as first and
second paramter while using mount.nfs. This patch allows them to be passed
anywhere while mounting.

Current functionality is
mount.nfs source destn -o <options>
This patch will allow to do this
mount.nfs -o <options> source destn
or
mount.nfs -o <options> source -o <options> destn

Signed-off-by: Prem Karat <prem.karat@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: improve signal management when locking mtab
NeilBrown [Tue, 28 Jun 2011 15:36:31 +0000 (11:36 -0400)]
mount: improve signal management when locking mtab

As mount.nfs can run setuid it must be careful about how the user can
interact with in.  In particular it needs to ensure it does not
respond badly to any signals that the user might be able to generate.

This is particularly an issue while updating /etc/mtab (when that is
not linked to /proc/mounts).  If the user can generate a signal which
kills mount.nfs while /etc/mtab is locked, then it will leave the file
locked, and could possibly corrupt mtab (particularly if 'ulimit 1'
was previously issued).

Currently lock_mtab does set some handlers for signals, but not
enough.  It arranges for every signal up to (but not including)
SIGCHLD to cause mount.nfs to unlock mdadm promptly exit ... even if
the default behaviour would be to ignore the signal.  SIGALRM is
handled specially, and signals after SIGCHLD are left with their
default behaviour.  This includes for example SIGXFSZ which can be
generated by the user running "ulimit 1".

So: change this so that some signals are left unchanged, SIGALRM is
handled as required, and all signals that the user can generate are
explicitly ignored.

The remainder still cause mount.nfs to print a message, unlock mtab, and
exit.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: move fsidtype-specific code to helpers
J. Bruce Fields [Mon, 27 Jun 2011 16:31:07 +0000 (12:31 -0400)]
mountd: move fsidtype-specific code to helpers

Now we can move these big switch statements into helper functions.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: gather fsid information into one struct
J. Bruce Fields [Mon, 27 Jun 2011 16:30:36 +0000 (12:30 -0400)]
mountd: gather fsid information into one struct

A large part of nfsd_fh() is concerned with extracting
fsid-type-specific information from the fsid, then matching that
information with information from the export list and the filesystem.

Moving all that information into one struct will allow some further
simplifications.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: prefer explicit subexports over crossmnt parents
J. Bruce Fields [Mon, 27 Jun 2011 16:29:51 +0000 (12:29 -0400)]
mountd: prefer explicit subexports over crossmnt parents

If a parent is exported with crossmnt, and if a child is also explicitly
exported, then both exports could potentially produce matches in this
loop; that isn't a bug.

Instead of warning and ignoring the second match we find, we should
instead prefer whichever export is deeper in the tree, so that
children's options can override those of their parents.

Reported-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomanpage: add section on character class matches to exports(5) nfs-utils-1-2-4-rc9
Jeff Layton [Wed, 22 Jun 2011 19:52:55 +0000 (15:52 -0400)]
manpage: add section on character class matches to exports(5)

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs-utils: remove possibly false statement from exports.man
James Pearson [Wed, 22 Jun 2011 19:51:47 +0000 (15:51 -0400)]
nfs-utils: remove possibly false statement from exports.man

A very minor change suggested by J. Bruce Fields <bfields@fieldses.org>
to remove the statement that exporting to a single host or IP address is
the "most common format" - as it probably isn't.

Signed-off-by: James Pearson <james-p@moving-picture.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomanpage: add info about IPv6 configuration to exports(5)
Jeff Layton [Wed, 22 Jun 2011 19:51:02 +0000 (15:51 -0400)]
manpage: add info about IPv6 configuration to exports(5)

The parts of the exports(5) manpage that discuss IP addressing neglect
IPv6 configuration. Update to include info on how to export to IPv6
subnets and addresses, and add a line demonstrating that to the EXAMPLE
section.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsstat: reorder nfs4 stats for 2.6.39
Benny Halevy [Wed, 22 Jun 2011 19:44:17 +0000 (15:44 -0400)]
nfsstat: reorder nfs4 stats for 2.6.39

Signed-off-by: Benny Halevy <benny@tonian.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agolibexport.a: fix using bad index for loop at cltsetup()
Mi Jinlong [Wed, 22 Jun 2011 19:41:27 +0000 (15:41 -0400)]
libexport.a: fix using bad index for loop at cltsetup()

In cltsetup(), when checking the address, use clp's naddr for index,
instead of  cltarg's naddr, which it's always zero there.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs: fix host_reliable_addrinfo
Jeff Layton [Wed, 22 Jun 2011 18:51:38 +0000 (14:51 -0400)]
nfs: fix host_reliable_addrinfo

According to Neil Brown:

    The point of the word 'reliable' is to check that the name we get
    really does belong to the host in question - ie that both the
    forward and reverse maps agree.

    But the new code doesn't do that check at all.  Rather it simply
    maps the address to a name, then discards the address and maps the
    name back to a list of addresses and uses that list of addresses as
    "where the request came from" for permission checking.

This bug is exploitable via the following scenario and could allow an
attacker access to data that they shouldn't be able to access.

    Suppose you export a filesystem to some subnet or FQDN and also to a
    wildcard or netgroup, and I know the details of this (maybe
    showmount -e tells me) Suppose further that I can get IP packets to
    your server..

    Then I create a reverse mapping for my ipaddress to a domain that I
    own, say "black.hat.org", and a forward mapping from that domain to
    my IP address, and one of your IP addresses.

    Then I try to mount your filesystem.  The IP address gets correctly
    mapped to "black.hat.org" and then mapped to both my IP address and
    your IP address.

    Then you search through all of your exports and find that one of the
    addresses: yours - is allowed to access the filesystem.

    So you create an export based on the addrinfo you have which allows
    my IP address the same access as your IP address.

Fix this by instead using the forward lookup of the hostname just to
verify that the original address is in the list. Then do a numeric
lookup using the address and stick the hostname in the ai_canonname.

Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexports: Clearly Defining Exports Priorities
James Pearson [Tue, 7 Jun 2011 20:25:13 +0000 (16:25 -0400)]
exports: Clearly Defining Exports Priorities

Added some verbiage to the exports(5) man page
that clearly explains the precedence around
how exports will work with regard to netgroups.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoDocument "-n" for svcgssd
Neil Brown [Tue, 7 Jun 2011 17:18:55 +0000 (13:18 -0400)]
Document "-n" for svcgssd

The svcgssd man page doesn't mention the "-n" flag.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: Fix missing varialble assignment in auth_unix_gid
Pavel Shilovsky [Tue, 7 Jun 2011 17:18:13 +0000 (13:18 -0400)]
mountd: Fix missing varialble assignment in auth_unix_gid

When we get into auth_unix_gid at the second time, groups_len
is not 0 and ngroups variable leave as 0. Then we use ngroups
in getgrouplist that fails in this case. This patch fixes it.

Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsstat: reorder nfs4 stats for 2.6.38 and up
Benny Halevy [Mon, 23 May 2011 12:37:17 +0000 (08:37 -0400)]
nfsstat: reorder nfs4 stats for 2.6.38 and up

match order in 2.6.38, 2.6.39 (-rc3) and development tree
while at it, get rid of obsolete ds_write and ds_commit

Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agosupress socket error when address family is not supported
NeilBrown [Mon, 23 May 2011 12:23:51 +0000 (08:23 -0400)]
supress socket error when address family is not supported

From: Suresh Jayaraman <sjayaraman@suse.de>

It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
when starting NFS server, the following error occurs:
"rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
family not supported by protocol)"

This is obviously a true message, but does not represent an "error" when ipv6
is not enabled.  Rather, it is an expected condition.  As such, it can be
confusing / misleading / distracting to display it in this scenario.

This patch instead of throwing error when a socket call fails with
EAFNOSUPPORT, makes it as a NOTICE.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRemove risk of nfs_addmntent corrupting mtab
NeilBrown [Mon, 23 May 2011 12:19:57 +0000 (08:19 -0400)]
Remove risk of nfs_addmntent corrupting mtab

nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.

See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexportfs: getexportent interprets -test-client- as default options
Ben Myers [Mon, 23 May 2011 12:07:00 +0000 (08:07 -0400)]
exportfs: getexportent interprets -test-client- as default options

With commit 1374c3861abdc66f3a1410e26cc85f86760b51dd Neil added a
-test-client- export to test the exportability of filesystems when exportfs
is run.  When using the old cache controls (i.e. /proc/fs/nfsd is not
mounted) exportfs will read /proc/fs/nfs/exports to process existing
exports and find these test client entries.  The dash at the beginning of
-test-client- will be cause getexportent to look for default options in the
rest of the string, which test-client- will not match:

exportfs: /proc/fs/nfs/exports:1: unknown keyword "test-client-(rw"

This patch resolves that problem (as Steve suggested) by not processing any
default options if we are reading the list of existing exports from the
kernel.  Default options are converted to individual exports by exportfs so
the kernel won't have any regardless.

Signed-off-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRemoved compilation warnings from mountd/cache.c
Jim Rees [Wed, 18 May 2011 16:42:02 +0000 (12:42 -0400)]
Removed compilation warnings from mountd/cache.c

Commit 5604b35a6 introduced a number of missing initializer
warnings that were missed. This patch removes those warnings.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfsstat: Output headings mislabled
Steve Dickson [Tue, 26 Apr 2011 17:32:35 +0000 (13:32 -0400)]
nfsstat: Output headings mislabled

The badclnt and badauth headers were reversed
when the server side rpc stats (-s -o rpc) were
displayed.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agorpc.svcgssd: Segmentation fault on error nfs-utils-1-2-4-rc8
Steve Dickson [Tue, 19 Apr 2011 16:31:30 +0000 (12:31 -0400)]
rpc.svcgssd: Segmentation fault on error

Commit 544ed73d introduced a regression that caused
rpc.svcgssd to seg fault on "Wrong principal in request"
errors in gss_accept_sec_context()

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs-utils: Increase the stdio file buffer size for procfs files
Sean Finney [Tue, 19 Apr 2011 15:04:35 +0000 (11:04 -0400)]
nfs-utils: Increase the stdio file buffer size for procfs files

Previously, when writing to /proc/net/rpc/*/channel, if a cache line
were larger than the default buffer size (likely 1024 bytes), mountd
and svcgssd would split writes into a number of buffer-sized writes.
Each of these writes would get an EINVAL error back from the kernel
procfs handle (it expects line-oriented input and does not account for
multiple/split writes), and no cache update would occur.

When such behavior occurs, NFS clients depending on mountd to finish
the cache operation would block/hang, or receive EPERM, depending on
the context of the operation.  This is likely to happen if a user is a
member of a large (~100-200) number of groups.

Instead, every fopen() on the procfs files in question is followed by
a call to setvbuf(), using a per-file dedicated buffer of
RPC_CHAN_BUF_SIZE length.

Really, mountd should not be using stdio-style buffered file operations
on files in /proc to begin with.  A better solution would be to use
internally managed buffers and calls to write() instead of these stdio
calls, but that would be a more extensive change; so this is proposed
as a quick and not-so-dirty fix in the meantime.

Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomountd: Use a dynamic buffer for storing lists of gid's
Sean Finney [Tue, 19 Apr 2011 15:05:47 +0000 (11:05 -0400)]
mountd: Use a dynamic buffer for storing lists of gid's

Previously, in auth_unix_gid, group lists were stored in an array of
hard-coded length 100, and in the situation that the group lists for a
particular call were too large, the array was swapped with a dynamically
allocated/freed buffer.  For environments where users are commonly in
a large number of groups, this isn't an ideal approach.

Instead, use malloc/realloc to grow the list on an as-needed basis.

Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: add --enable-libmount-mount nfs-utils-1-2-4-rc7
Karel Zak [Wed, 6 Apr 2011 16:39:21 +0000 (12:39 -0400)]
mount: add --enable-libmount-mount

This patch allows to link mount.nfs with libmount from util-linux >=
v2.19. The new libmount based code is enabled by CONFIG_LIBMOUNT and
is stored in mount_libmount.c. The old code is not affected by this
change.

The libmount does not have officially stable API yet, so the
--enable-libmount-mount is marked as experimental in the configure
help output.

The ./configure option is the same as we use in util-linux to enable
support for libmount in mount(8).

The addr= (and some other options necessary for remount/umount) are
stored to /etc/mtab or to /dev/.mount/utab. The utab file is *private*
libmount file. It's possible that some mount options (for example
user=) will be moved to kernel, so the utab will not be necessary.

About libmount:

  * supports systems without and with regular /etc/mtab
  * does not store VFS and FS mount options in userspace
  * manages user= option and evaluate permissions
  * parses VFS mount options and generate MS_* flags
  * parses /etc/{fstab,mtab}, /proc/mounts or /proc/self/mountinfo
  * long-term goal is to use the same code in all mount.<type> helpers

Note, use

   LIBMOUNT_DEBUG=0xffff mount.nfs foo:/path /path

to debug the library.

On systems with util-linux v2.19 the findmnt(8) command uses libmount
to list all/selected mount points:

   $ findmnt /path
   $ findmnt --mtab /path

the --mtab appends userspace mount options (e.g. user=) to the output.

CC: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: move generic functions to utils.c and network.c
Karel Zak [Wed, 6 Apr 2011 15:36:40 +0000 (11:36 -0400)]
mount: move generic functions to utils.c and network.c

Move generic code that could be shared between standard mount.nfs and
libmount version to utils.c and network.c.

CC: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agonfs-utils: Add support to svcgssd to limit the negotiated enctypes
Kevin Coffman [Wed, 6 Apr 2011 15:25:03 +0000 (11:25 -0400)]
nfs-utils: Add support to svcgssd to limit the negotiated enctypes

Recent versions of Kerberos libraries negotiate and use
an "acceptor subkey".  This negotiation does not consider
that a service may have limited the encryption keys in its
keytab.  A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603)
has been added to the MIT Kerberos code to allow an application
to indicate that it wants to limit the encryption types negotiated.
(This functionality has been available on the client/initiator
side for a while.  The new patch adds this support to the
server/acceptor side.)

This patch adds support to read a recently added nfsd
proc file to determine the encryption types supported by
the kernel and calls the function to limit encryption
types negotiated for the acceptor subkey.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoexports: add a configurable time-to-live for the kernel cache entries
Chuck Lever [Wed, 6 Apr 2011 14:53:57 +0000 (10:53 -0400)]
exports: add a configurable time-to-live for the kernel cache entries

From: Trond Myklebust <Trond.Myklebust@netapp.com>

The fedfs ldap server will specify a ttl for its entries.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This is a refactoring change only.  There should be no change in
behavior.

Original patch had updates to utils/mountd/junctions.c, which no
longer exists.  These are not included here.

Create a macro for the default cache TTL, which is used in several
places besides the export cache.

Make e_ttl unsigned.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agostatd: Remove vestigial "-w" option from man page synopsis
Chuck Lever [Wed, 6 Apr 2011 14:49:52 +0000 (10:49 -0400)]
statd: Remove vestigial "-w" option from man page synopsis

The synopsis of rpc.statd in its man page lists "-w" as a valid
option.  There is currently no support in the source code for a "-w"
option.

BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=199
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount.nfs: Don't leak socket in nfs_ca_sockname()
Chuck Lever [Wed, 6 Apr 2011 14:48:38 +0000 (10:48 -0400)]
mount.nfs: Don't leak socket in nfs_ca_sockname()

Ensure the test socket is always closed before nfs_ca_sockname()
returns.  Otherwise it's orphaned.

BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=197
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRemoved a warning from v4root.c
Steve Dickson [Wed, 6 Apr 2011 14:46:06 +0000 (10:46 -0400)]
Removed a warning from v4root.c

v4root.c:176:9: warning: variable 'ret' set but not used

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRemoved a warning from exportfs.c
Steve Dickson [Wed, 6 Apr 2011 14:39:10 +0000 (10:39 -0400)]
Removed a warning from exportfs.c

exportfs.c:280:29: warning: 'exp' may be used uninitialized in this function

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRemoved a warning from conffile.c
Steve Dickson [Wed, 6 Apr 2011 14:36:30 +0000 (10:36 -0400)]
Removed a warning from conffile.c

conffile.c:258:19: warning: 'j' may be used uninitialized in this function

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoUpdate man pages for /etc/exports.d nfs-utils-1-2-4-rc6
Masatake YAMATO [Mon, 7 Mar 2011 13:36:19 +0000 (08:36 -0500)]
Update man pages for /etc/exports.d

Man page updates for /etc/exports.d.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoRead /etc/exports.d/*.export as extra export files
Masatake YAMATO [Mon, 7 Mar 2011 13:18:51 +0000 (08:18 -0500)]
Read /etc/exports.d/*.export as extra export files

This patch adding a capability to read /etc/exports.d/*.exports as
extra export files to exportfs.

If one wants to add or remove an export entry in a script, currently
one may have to use sed or something tool for adding or removing the
line for the entry in /etc/exports file.

With the patch, adding and removing an entry from a script is much
easier.
cat<<EOF... or mv can be used for adding. rm can be used for removing.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoCleaned up a warning in rpcdispatch.c
Steve Dickson [Sat, 5 Mar 2011 21:17:01 +0000 (16:17 -0500)]
Cleaned up a warning in rpcdispatch.c

rpcdispatch.c:40:20: warning: comparison between signed and unsigned
integer expressions

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: Remove MOUNT_CONFIG warnings
Steve Dickson [Sat, 5 Mar 2011 21:13:01 +0000 (16:13 -0500)]
mount: Remove MOUNT_CONFIG warnings

The following changes are needed to remove compile warnings when
MOUNT_CONFIG is not defined

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agomount: Recognize zero as a valid value for the port= option
Chuck Lever [Thu, 3 Mar 2011 22:26:33 +0000 (17:26 -0500)]
mount: Recognize zero as a valid value for the port= option

While zero is not a valid IP port number, zero does represent a valid
value for "port=".  It means "query rpcbind to discover the actual
non-zero port number to use".  So the parsing functions that handle
"port=" should not flag zero as an invalid value.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoGssd: modify wrong err message at handle_gssd_upcall
Mi Jinlong [Wed, 9 Feb 2011 16:29:42 +0000 (11:29 -0500)]
Gssd: modify wrong err message at handle_gssd_upcall

Modify wrong err message at handle_gssd_upcall when
sscanf encryption types fail.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoSupport AD style kerberos automatically in rpc.gss
Jason Gunthorpe [Wed, 9 Feb 2011 16:27:19 +0000 (11:27 -0500)]
Support AD style kerberos automatically in rpc.gss

An Active Directory KDC will only grant a TGT for UPNs, getting
a TGT for SPNs is not possible:

$ kinit -k host/ib5@ADS.ORCORP.CA
kinit: Client not found in Kerberos database while getting initial
credentials

The correct thing to do for machine credentials is to get a TGT
for the computer UPN <HOSTNAME>$@REALM:
$ kinit -k IB5\$
$ klist
12/22/10 11:43:47  12/22/10 21:43:47  krbtgt/ADS.ORCORP.CA@ADS.ORCORP.CA

Samba automatically creates /etc/krb5.keytab entry for the computer UPN,
this patch makes gssd_refresh_krb5_machine_credential prefer it above
the SPNs if it is present.

The net result is that nfs client works automatically out of the box
if samba has been used to setup kerberos via 'net ads join' 'net ads
keytab create'

Tested using Windows Server 2003 R2 as the AD server.

Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoFixed segfault in rpc.mountd
Steve Dickson [Wed, 26 Jan 2011 12:49:19 +0000 (07:49 -0500)]
Fixed segfault in rpc.mountd

A unallocated piece of memory, instead of a NULL point, was being
used to initialize a ->next point in the mount link list which
caused a segfault after a few remote accesses via the showmount
command.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agoImprove debugging in svcgssd nfs-utils-1-2-4-rc5
Steve Dickson [Fri, 14 Jan 2011 15:12:28 +0000 (10:12 -0500)]
Improve debugging in svcgssd

Added in gss_display_error() which translates the GSS error into the
actual GSS macro name. Currently only the translation of these errors
are logged. Since those translations are buried deep in the kerberos
library code, having the actual GSS macro name makes it easier to
follow the code.

Moved the nfs4_init_name_mapping() call into main() so if debug is
enabled the DNS name and realms will be logged during start up.

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agolibnsm.a: modify return value to false from 0 at nsm_drop_privileges()
Mi Jinlong [Tue, 4 Jan 2011 16:16:45 +0000 (11:16 -0500)]
libnsm.a: modify return value to false from 0 at nsm_drop_privileges()

At nsm_drop_privileges(), for improving readability, unify
the return value.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agolibnsm.a: sm-notify sometimes ignores monitored hosts nfs-utils-1-2-4-rc4
Chuck Lever [Mon, 13 Dec 2010 19:50:45 +0000 (14:50 -0500)]
libnsm.a: sm-notify sometimes ignores monitored hosts

Monitored host information is stored in files under /var/lib/nfs.
When visiting entries in the monitored hosts directory, libnsm.a
examines the value of dirent.d_type to determine if an entry is a
regular file.

According to readdir(3), the d_type field is not supported by all
file system types.  My root file system happens to be one where d_type
isn't supported.  Typical installations that use an ext-derived root
file system are not exposed to this issue, but those who use xfs, for
instance, are.

On such file systems, not only are remote peers not notified of
reboots, but the NSM state number is never incremented.  A statd warm
restart would not re-monitor any hosts that were monitored before
the restart.

When writing support/nsm/file.c, I copied the use of d_type from the
original statd code, so this has likely been an issue for some time.

Replace the use of d_type in support/nsm/file.c with a call to
lstat(2).  It's extra code, but is guaranteed to work on all file
system types.

Note there is a usage of d_type in gssd.  I'll let gssd and rpcpipefs
experts decide whether that's worth changing.

Fix for:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=193

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agolibnsm.a: Replace __attribute_noinline__
Chuck Lever [Mon, 13 Dec 2010 19:47:42 +0000 (14:47 -0500)]
libnsm.a: Replace __attribute_noinline__

Replace the __attribute_noinline__ form with

  __attribute__((__noinline__)).

Even though the compiler didn't complain about __attribute_malloc__,
also replace those in order to maintain consistent style throughout the
source file.

Fix for:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=194

Reported-by: "Gabor Z. Papp" <gzp@papp.hu>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agosm-notify: Make use of AI_NUMERICSERV conditional
Chuck Lever [Mon, 13 Dec 2010 19:36:15 +0000 (14:36 -0500)]
sm-notify: Make use of AI_NUMERICSERV conditional

Gabor Papp reports nfs-utils-1.2.3 doesn't build on his system that
uses glibc-2.2.5:

make[3]: Entering directory
`/home/gzp/src/nfs-utils-1.2.3/utils/statd'
gcc -DHAVE_CONFIG_H -I. -I../../support/include   -D_GNU_SOURCE -Wall
-Wextra -Wstrict-prototypes  -pipe -g -O2 -MT sm-notify.o -MD
-MP -MF .deps/sm-notify.Tpo -c -o sm-notify.o sm-notify.c
sm-notify.c: In function 'smn_bind_address':
sm-notify.c:247: error: 'AI_NUMERICSERV' undeclared (first use in this
function)
sm-notify.c:247: error: (Each undeclared identifier is reported only
once
sm-notify.c:247: error: for each function it appears in.)
make[3]: *** [sm-notify.o] Error 1

According to the getaddrinfo(3) man page, AI_NUMERICSERV is available
only since glibc 2.3.4.  getaddrinfo(3) seems to convert strings
containing a number to the right port value without the use of
AI_NUMERICSERV, so I think we can survive on older glibc's without it.
It will allow admins to specify service names as well as port numbers
on those versions.

There are uses of AI_NUMERICSERV in gssd and in nfs_svc_create().  The
one in nfs_svc_create() is behind HAVE_LIBTIRPC, and the other is a
issue only for those who want to deploy Kerberos -- likely in both
cases, a more modern glibc will be present.  I'm going to leave those
two.

Fix for:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=195

Reported-by: "Gabor Z. Papp" <gzp@papp.hu>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agorpc.mountd: Checking RPC Procedure ID before process it
Sid Moore [Fri, 3 Dec 2010 14:19:06 +0000 (09:19 -0500)]
rpc.mountd: Checking RPC Procedure ID before process it

Signed-off-by: Steve Dickson <steved@redhat.com>
13 years agolibnfs.a: fix a bug when parse section's arg nfs-utils-1-2-4-rc3
Mi Jinlong [Mon, 29 Nov 2010 15:59:10 +0000 (10:59 -0500)]
libnfs.a: fix a bug when parse section's arg

When parsing section's arg at configure file, the pointer
should stop when fetch ']', and give the warning message.

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agonfs-utils: nfsstat: has_stats() does not function correctly for NFSv4 client stats
Harshula Jayasuriya [Mon, 22 Nov 2010 16:22:31 +0000 (11:22 -0500)]
nfs-utils: nfsstat: has_stats() does not function correctly for NFSv4 client stats

The NFSv4 client procs/ops in "struct rpc_procinfo nfs4_procedures" is
used to generate the NFS client stats interface:
------------------------------------------------------------
net 0 0 0 0
rpc 15 0 0
proc2 18 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
proc3 22 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 1 0
proc4 42 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0
0 0 0
0 0 0 0 0 0 0
------------------------------------------------------------
Note, for proc4, the number 42. That is the number of stats that follow
on the same line. Currently nfsstat's has_stats() relies on this number
to be equal to CLTPROC4_SZ. Unfortunately this is not the case. I have
changed has_stats() not to rely on these two values being equal. This
should also allow nfsstat to work with different kernel versions that
expose a different number of NFS client ops.

* Fix has_stats()
* Stop print_clnt_list() printing server stats!
* Describe the option -3 and -4 completely in the nfsstat manpage.

Signed-off-by: Harshula Jayasuriya <harshula@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoEnable nfsidmap to compile
Steve Dickson [Sat, 20 Nov 2010 20:01:21 +0000 (15:01 -0500)]
Enable nfsidmap to compile

Only enable the compilation of nfsidmap when libnfsidmap support it.

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoAdd the new nfsidmap program
Bryan Schumaker [Fri, 19 Nov 2010 17:01:10 +0000 (12:01 -0500)]
Add the new nfsidmap program

This patch adds the nfsidmap program to nfs-utils.  This program is
called by the nfs idmapper through request-keys to map between
uid / user name and gid / group name.

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoRemoved a couple warnings from utils/mount/stropts.c
Steve Dickson [Mon, 22 Nov 2010 16:33:37 +0000 (11:33 -0500)]
Removed a couple warnings from utils/mount/stropts.c

stropts.c:740:6: warning: 'ret' may be used uninitialized in this function
stropts.c:653:6: warning: 'ret' may be used uninitialized in this function

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agonfs(5): Document remount behavior nfs-utils-1-2-4-rc2
Chuck Lever [Fri, 29 Oct 2010 16:56:21 +0000 (12:56 -0400)]
nfs(5): Document remount behavior

It appears that, for a long while, NFS "remount" mounts have
completely wiped the existing mount options in /etc/mtab for a given
mount point.  This is a problem for umount.nfs, since it reads its
options out of /etc/mtab to find out how to do the unmount.

The mount(8) command provides the NFS mount subcommand with the mount
options to perform the remount.  There are four cases to consider:

  1. Both the device and mount directory are specified on the
     command line, and the target mount point is in /etc/fstab

  2. Only one of the device and mount directory is specified on
     the command line, and the target mount point is in
     /etc/fstab

  3. Both the device and mount directory are specified on the
     command line, and the target mount point is not in /etc/fstab

  4. Only one of the device and mount directory is specified on
     the command line, and the target mount point is not in
     /etc/fstab

Currently only case 4 works correctly.  In that case, mount(8)
provides the correct set of mount options to the mount.nfs
subcommand and it can update /etc/mtab correctly.

Cases 1 and 3 replace all mount options in /etc/mtab with the options
provided on the command line during a remount.  Case 2 replaces the
mount options in /etc/mtab with a mix of options from /etc/fstab and
/etc/mtab.

Cases 1 and 3 are historical behavior.  Basically this is a formal
interface to allow administrators to replace the mount options in
/etc/mtab completely, instead of merging in new ones.  The present
patch documents that behavior in nfs(5), and provides best practice
for remounting NFS mount points.

There are near-term plans to address case 2 by fixing mount(8)
(provided by utils-linux-ng in most distributions).

This is a partial fix for:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=188

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agonfs(5): Grammar and style fixes
Chuck Lever [Thu, 28 Oct 2010 17:15:22 +0000 (13:15 -0400)]
nfs(5): Grammar and style fixes

Clean up grammar and style issues introduced by recent updates.  Also,
I'm not certain inappropriate options are always ignored.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agomount.nfs: mnt_freq and mnt_pass are always zero
Chuck Lever [Thu, 28 Oct 2010 17:13:19 +0000 (13:13 -0400)]
mount.nfs: mnt_freq and mnt_pass are always zero

Clean up.

No need to pass constant zeros to add_mtab() from its only call site.
Ensure that initialization of a struct mntent is consistent in both
places that it is done.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agomount.nfs: Fix memory leak in nfs_sys_mount()
Chuck Lever [Thu, 28 Oct 2010 17:10:48 +0000 (13:10 -0400)]
mount.nfs: Fix memory leak in nfs_sys_mount()

This appears to have been left behind by last year's adjustments to
how the extra_opts string is constructed.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agomount: Fix compiler warning in nfs_parse_retry_option()
Chuck Lever [Thu, 28 Oct 2010 17:09:38 +0000 (13:09 -0400)]
mount: Fix compiler warning in nfs_parse_retry_option()

stropts.c: In function nfs_parse_retry_option:
stropts.c:131: warning: conversion to unsigned int from long int may
alter its value

Make it more clear what the second argument is for, and flag the
switch fallthrough case.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agonfs-utils: Remove all uses of AI_ADDRCONFIG
Chuck Lever [Thu, 28 Oct 2010 16:12:12 +0000 (12:12 -0400)]
nfs-utils: Remove all uses of AI_ADDRCONFIG

It was reported that, if only "lo" is up,

  mount.nfs 127.0.0.1:/export /mount

fails with "Name or service not known".

"man 3 getaddrinfo" says this:

  If hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4
  addresses are returned in the list pointed to by res only if the
  local system has at least one IPv4 address configured, and IPv6
  addresses are only returned if the local system has at least
  one IPv6 address configured.

The man page oversimplifies here.  A review of glibc shows that
getaddrinfo(3) explicitly ignores loopback addresses when deciding
whether an IPv4 or IPv6 address is configured.

This behavior around loopback is a problem not just for mount.nfs,
but also for RPC daemons that have to start up before a system's
networking is fully configured and started.  Given the history of
other problems with AI_ADDRCONFIG and the unpredictable behavior it
introduces, let's just remove it everywhere in nfs-utils.

This fix addresses:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=191

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agonfs-utils: fix default value for --enable-tirpc
Jeff Layton [Thu, 28 Oct 2010 13:18:33 +0000 (09:18 -0400)]
nfs-utils: fix default value for --enable-tirpc

We need $enable_tirpc to be a tristate. 'yes' means that someone
explicitly requested building with tirpc. 'no' means that it was
explicitly disabled. Anything else means that no one specified a value.

Fix it by setting the value to a blank string so that the default is
properly undefined.

Reported-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoUpdated rpc.mountd man page
Steve Dickson [Tue, 19 Oct 2010 19:54:35 +0000 (15:54 -0400)]
Updated rpc.mountd man page

Updated the rpc.mountd man page to no longer reference
v3 as the "newer" version and also mentioned v4 as
a supported version.

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoCleared up the sync option in exportfs man page
Steve Dickson [Tue, 19 Oct 2010 19:54:04 +0000 (15:54 -0400)]
Cleared up the sync option in exportfs man page

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoRemoved duplicate entries in export man page
Steve Dickson [Fri, 15 Oct 2010 21:20:28 +0000 (17:20 -0400)]
Removed duplicate entries in export man page

The man page's paragraphs about "refer=" and "replicas="
each appear twice.

Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agomountd: Clear mountd registrations at start up nfs-utils-1-2-4-rc1
Chuck Lever [Thu, 14 Oct 2010 14:33:25 +0000 (10:33 -0400)]
mountd: Clear mountd registrations at start up

Clear stale MNT registrations before mountd tries to create fresh
listeners, to ensure that mountd starts.  This is also what statd does.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agobehavior as file systems that use the monolithic /sbin/mount command.
Chuck Lever [Wed, 13 Oct 2010 17:57:52 +0000 (13:57 -0400)]
behavior as file systems that use the monolithic /sbin/mount command.
See the MS_NOMTAB macro in utils-linux-ng/mount/mount.c.

Note that mount(8) has MS_USERS and MS_USER in the "nomtab" category
as well, but mount.nfs needs to record those values so that unmounting
a user-mounted NFS file system can work.

While we're here, fix some white space damage in fix_opts_string().

This is a partial fix for:

  https://bugzilla.linux-nfs.org/show_bug.cgi?id=188

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agoumount.nfs: Distinguish between nfs4 and nfs mounts
Chuck Lever [Wed, 13 Oct 2010 17:55:10 +0000 (13:55 -0400)]
umount.nfs: Distinguish between nfs4 and nfs mounts

Neil Brown reports that umount.nfs is still confused by "-t nfs -o
vers=4" mounts.

/etc/mtab can be confused.  /proc/mounts is authoritative on the
fstype of a mount.  Have umount.nfs consult it to determine which
mechanism to use for unmounting.  The code to read /proc/mounts was
lifted from the nfsstat command.

The code introduced by this patch may look like belt-n-suspenders, but
we have two use cases to consider:

  1.  Old kernels don't support the "vers=4" mount option, so
      umount.nfs must look for the "nfs4" fstype
  2.  Upcoming kernels may eliminate support the "nfs4" fstype, so
      umount.nfs must look for the "vers=4" mount option

Thus this logic checks for "nfs4" first then looks for the NFS version
setting.

Note that we could handle unmounting entirely in the kernel, but that
won't help older kernels that have this issue.

See:
  https://bugzilla.linux-nfs.org/show_bug.cgi?id=189

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
14 years agomount.nfs: mountproto does not support RDMA
Chuck Lever [Wed, 13 Oct 2010 17:01:51 +0000 (13:01 -0400)]
mount.nfs: mountproto does not support RDMA

Clean up.  Our client does not support the MNT protocol on RDMA.

nfs_mount_protocol() isn't invoked for RDMA mounts (they are shunted
off before nfs_options2pmap() is invoked).  But in case it ever is,
it should return the expected response.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>