Chuck Lever [Tue, 14 Jul 2009 20:31:15 +0000 (16:31 -0400)]
mount.nfs: force rpcbind queries if options aren't specified
nfs_options2pmap() fills in default values if the passed-in mount
options don't specify values. This short-circuits the version, port,
and transport negotiation logic in nfs_probe_bothports().
Instead, nfs_options2pmap() should plant zeros in these pmap fields
to force nfs_probe_bothports() and nfs_advise_mount() to discover, via
rpcbind queries, what the server supports.
This fixes some scenarios where umount.nfs fails to connect to servers
that don't have all rpcbind ports open, in addition to fixing other
corner cases during mount.nfs version/protocol negotiation.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:29:11 +0000 (16:29 -0400)]
mount.nfs: If port= specifies an unregistered port, retry, then fail
Suppose a port= option is specified on the mount command line, but not
enough other mount options are specified to avoid an rpcbind query to
discover the NFS service.
If the NFS service isn't registered on [100003, 3, "tcp", port] (even
if the server is listening on the specified port), the legacy mount.nfs
command fails immediately with:
mount.nfs: mount to NFS server 'server' failed: RPC Error: Success
What's more, this mount request should succeeded if an NFS service is
registered on the specified port for another version and/or protocol.
So instead, let's retry the rpcbind query with the other versions and
transport protocols to be absolutely sure that port won't work with
either version or transport. Then, if all fails, report:
mount.nfs: mount to NFS server 'server' failed:
RPC Error: Program not registered
This change also affects text-based mounts that require negotiation
by the mount.nfs command.
Note that if the mount options specify all four pmap parameters for
NFS, the rpcbind query for the NFS service is skipped entirely. The
mount command then hangs and times out later if NFS service is not
listening on the requested tuple. This is unchanged from previous
behavior.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:27:54 +0000 (16:27 -0400)]
getport: Convert TCP connection refused to RPC_CANTRECV
In a similar vein to the timeout logic we just restored, a refused
TCP connection should be mapped to an equivalent UDP error code:
RPC_CANTRECV.
This is new behavior for TCP connections; the legacy mount command
appears to have simply failed immediately if a TCP connection was
refused during an rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
The latest versions of mount.nfs appear not to fall back to
UDP if TCP isn't available on the server.
Our new nfs_getport() implementation is missing a bit of logic
from the original mount getport() implementation. Without it,
nfs_probe_port() sees a TCP connect timeout as a permanent error,
so it fails immediately instead of attempting to try again with
UDP.
Similar changes for our new ping API (see the old clnt_ping()
function, which is still in utils/mount/network.c).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:25:43 +0000 (16:25 -0400)]
mount.nfs: Add more debugging output around nfs_getport()
So we can see how rpcbind queries are failing during mount processing,
add some debugging messages (enabled with "mount.nfs -v") around the
nfs_getport() calls.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:24:11 +0000 (16:24 -0400)]
getport: Clear shared error fields before trying rpcbind queries
Some RPC errors set fields in rpc_createerr.cf_error in addition
to cf_stat. Be sure to clear _all_ error fields in rpc_createerr
each time through the rpcbind API.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:21:01 +0000 (16:21 -0400)]
getport: RPC_PROGNOTREGISTERED is a permanent error
rpcbind returns RPC_PROGNOTREGISTERED if it knows for certain that an
RPC program is not supported for a given transport. This is a
permanent and authoritative error, so the library's rpcbind query API
should never retry the query -- it will only get the same answer.
A similar change was submitted for libtirpc. Unlike rpcb_getaddr(3t),
mount.nfs's rpcbind client only retries once (with RPCB3PROC_GETADDR),
but an extra TCP socket in this case would leave another port in
TIME_WAIT. It's infrequent enough, but might as well get rid of it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:18:37 +0000 (16:18 -0400)]
support: Set proper retransmit timeout for datagram transports
Instead of setting the total timeout and the retransmit timeout to the
same value for datagram transports, use a 1 second retransmit timeout,
so we actually get a retransmit or two before failing.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:17:28 +0000 (16:17 -0400)]
support: Don't return RPC_UNKNOWNHOST from rpc_socket.c
RPC_UNKNOWNHOST means a hostname isn't known -- basically it's
EAI_NONAME from getaddrinfo(3). Since the functions in rpc_socket.c
don't take a hostname argument, RPC_UNKNOWNHOST is not an appropriate
return code from these functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:12:23 +0000 (16:12 -0400)]
getport: replace getnameinfo(NI_NUMERICHOST) with inet_ntop(3)
getnameinfo(3) with the NI_NUMERICHOST flag is used in
support/nfs/getport.c to convert socket addresses to universal address
strings.
Older versions of glibc do not have getnameinfo(3), however. In order
for nfs-utils to build on older systems we switch in legacy code via
HAVE_GETNAMEINFO and use inet_ntoa(3).
A problem with this is that we have to double our test matrix to be
sure that both versions of these routines build and operate correctly.
Another minor problem is that inet_ntoa(3) is officially deprecated.
So let's always use a single implementation based on inet_ntop(3).
Universal address strings do not support link-local / scope IDs, so we
don't lose any functionality by using inet_ntop(3) here.
This means we open code a bit of logic that is available in most
modern versions of glibc, but in return we can use exactly the same
code for all builds (on systems with getnameinfo(3) and without).
An additional benefit is we can avoid using NI_MAXHOST for character
buffers that live on the stack: it's 1025 bytes. Instead,
INET6_ADDRSTRLEN is used, which is just 46 bytes, plus an additional
eight bytes for the port information. We add beefier buffer overflow
detection logic as well.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:11:08 +0000 (16:11 -0400)]
getport: Remove AI_ADDRCONFIG from nfs_gp_loopback_address()
AI_ADDRCONFIG was used ostensibly to figure out if the local system
had IPv6 available when generating a loopback address.
A legacy version of nfs_gp_loopback_address() was created to handle
ANYADDR address generation for old versions of glibc where
AI_ADDRCONFIG doesn't exist. This means we have to be careful to
test both the normal and legacy versions when committing changes in
this area.
But it turns out that even contemporary versions of glibc ignore
AI_ADDRCONFIG when the hostname string is NULL. getaddrinfo(3)
always returns an AF_INET and an AF_INET6 loopback address in this
case, no matter how the system is configured.
Change nfs_gp_loopback_address() to have one version that simply looks
up "localhost" instead of doing anything fancy. If "localhost" is an
IPv6 address, we'll use that. Otherwise, it should nearly always be
an AF_INET loopback address.
This eliminates the need for AI_ADDRCONFIG, and removes the duplicate
version of nfs_gp_loopback_address(). Note that callers never used
the port number in the returned socket address, so get rid of the
"sunrpc" service string too.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 29 Jun 2009 14:44:20 +0000 (10:44 -0400)]
mydaemon: remove closeall() calls from mydaemon()
idmapd and svcgssd have a mydaemon() routine that uses closeall() to
close file descriptors. Unfortunately, they aren't using it correctly
and it ends up closing the pipe that the child process uses to talk to
its parent.
Fix this by not using closeall() in this routine and instead, just close
the file descriptors that we know need to be closed. If /dev/null can't
be opened for some reason, then just have the child exit with a non-zero
error.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 22 Jun 2009 14:05:44 +0000 (10:05 -0400)]
The closeall function is broken in such a way that it almost never
closes any file descriptors. It's calling strtol on the text
representation of the file descriptor, and then checking to see if the
value of *endptr is not '\0' before trying to close the file. This check
is wrong.
When strtol returns an endptr that points to a NULL byte, that indicates
that the conversion was completely successful. I believe this check
should instead be requiring that endptr is pointing to '\0' before
closing the fd.
Also, fix up the function to check for conversion errors from strtol. If
one occurs, just skip the close on that entry.
Finally, as Trond pointed out, it's unlikely that readdir will return a
blank string in d_name but that situation wouldn't be detected by the
current code. This patch adds such a check and skips the close if it
occurs.
Reported-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 22 Jun 2009 13:49:17 +0000 (09:49 -0400)]
Make --enable-tirpc the default. If --enable-tirpc wasn't explicitly
specified, but TIRPC libs or headers aren't present then just throw a
warning and disable it. If it was explicitly specified, then throw an
error and exit if they aren't present.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Wed, 3 Jun 2009 19:48:08 +0000 (15:48 -0400)]
Retry export if getfh fails.
mountd tries to avoid telling the kernel to export something
when the kernel already knows to do that.
However sometimes (exportfs -r) the kernel can be told
to forget something without mountd realising.
So if mountd finds that it cannot get a valid filehandle,
make sure it really has been exported to the kernel.
This only applies if the nfsd filesystem is not mounted.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 17:29:38 +0000 (13:29 -0400)]
umount.nfs: Harden umount.nfs error reporting
Add additional error reporting to nfs_advise_umount().
These messages can be displayed if the "-v" option
is specified with umount.nfs. Normally these
messages do not appear.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:17:49 +0000 (11:17 -0400)]
mount: remove legacy version of nfs_name_to_address()
Currently we have two separate copies of nfs_name_to_address() since
some older glibc's don't define AI_ADDRCONFIG. This means extra
work to build- and run-test both functions when code is changed in
this area.
It is also the case that gethostbyname(3) is deprecated, and should
not be used in new code.
Remove the legacy code in favor of always using getaddrinfo(3).
We can also get rid of nfs_name_to_address()'s @family argument as
well.
Note also this addresses a bug in nfsumount.c -- it was calling
nfs_name_to_address() with AF_UNSPEC unconditionally, even if the
legacy version of nfs_name_to_address(), which doesn't support
AF_UNSPEC, was in use.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:08:53 +0000 (11:08 -0400)]
sm-notify: Failed DNS lookups should be retried
Currently, if getaddrinfo(3) fails when trying to resolve a hostname,
sm-notify gives up immediately on that host. If sm-notify is started
before network service is available on a system, that means it quits
without notifying anyone. Or, if DNS service isn't available due to
a network partition or because the DNS server crashed, sm-notify will
simply remove all of its callback files and exit.
Really, sm-notify should try harder. We know that the hostnames
passed in to notify_host() have already been vetted by statd, which
won't monitor a hostname that it can't resolve. So it's likely that
any DNS failure we meet here is a temporary condition. If it isn't,
then sm-notify will stop trying to notify that host in 15 minutes
anyway.
[ The host's file is left in /var/lib/nfs/sm.bak in this case, but
sm.bak is not read again until the next time sm-notify runs. ]
sm-notify already has retry logic for handling RPC timeouts. We can
co-opt that to drive DNS resolution retries.
We also add AI_ADDRCONFIG because on systems whose network startup is
handled by NetworkManager, there appears to be a bug that causes
processes that started calling getaddinfo(3) before the network came
up to continue getting EAI_AGAIN even after the network is fully
operating.
As I understand it, legacy glibc (before AI_ADDRCONFIG was exposed in
headers) sets AI_ADDRCONFIG by default, although I haven't checked
this. In any event, pre-glibc-2.2 systems probably won't run
NetworkManager anyway, so this may not be much of a problem for them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:03:54 +0000 (11:03 -0400)]
sm-notify: Don't orphan addrinfo structs
sm-notify orphans an addrinfo struct in its address list rotation
logic if only a single result was returned from getaddrinfo(3).
For each host, the first time through notify_host(), we want to
send a PMAP_GETPORT request. ->ai is NULL, and retries is set to 100,
forcing a DNS lookup and an address rotation. If only a single
addrinfo struct is returned, the rotation logic causes a NULL to be
planted in ->ai, copied from the ai_next field of the returned result.
This means that the second time through notify_host() (to perform the
actual SM_NOTIFY call) we do a second DNS lookup, since ->ai is NULL.
The result of the first lookup has been orphaned, and extra network
traffic is generated.
This scenario is actually fairly common. Since we pass
.ai_protocol = IPPROTO_UDP,
to getaddrinfo(3), for most hosts, which have a single forward and
reverse pointer in the DNS database, we get back a single addrinfo
struct as a result.
To address this problem, only perform the address list rotation if
there is more than one element on the list returned by getaddrinfo(3).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Benny Halevy [Mon, 4 May 2009 15:44:49 +0000 (11:44 -0400)]
utils/nfsd: add support for minorvers4
minorvers4 can be used to either enable or disable nfsv4.x.
If minorvers4 is a positive integer n, in the allowed range (only
minorversion 1 is supported for now), the string "+4.n" is appended
to the versions string written onto /proc/fs/nfsd/versions.
Correspondingly, if minorver4 is a negative integer -n, the string
"-4.n" is written.
With the default value, minorvers4==0, the minor version
setting is not changed.
Note that unlike the protocol versions 2, 3, or 4. The minor version
setting controls the *maximum* minor version nfsd supports. Particular
minor version cannot be controlled on their own. With only minor
version 1 supported at the moment the difference doesn't matter,
but for future minor versions greater than 1, enabling minor
version X will enable support for all minor versions 1 through X.
Disabling minor version X will disable support for minor
versions X and up, enabling 1 through X-1.
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 18 Apr 2009 13:43:58 +0000 (09:43 -0400)]
support: Provide an API for creating a privileged RPC client
We needed to guarantee that some RPC programs, such as PMAP, got an
unprivileged port, to prevent exhausting the local privileged port
space sending RPC requests that don't need such privileges.
nfs_get_rpcclient() provides that feature.
However, some RPC programs, such as MNT and UMNT, require a privileged
port. So, let's provide an additional API for this that also supports
IPv6 and setting a destination port.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
as currently printed c is the version number, not a string char,
therefore is should be printed as %d not %c. That said, just print
optarg as %s since it might be non-numeric.
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 15 Apr 2009 16:38:40 +0000 (12:38 -0400)]
nfs-utils: reverse order of librpcsecgss and libgssglue checks
The check that validates the version of librpcsecgss also needs to
have libgssglue installed. Without libgssglue, ./configure complains
that it can't find rpcsecgss, even though it's installed.
It also turns out that the error message generated by pkg-config is
more complete than the one we have in aclocal/rpcsec_vers.m4, so just
let those PKG_CHECK_MODULES m4 macros use the default error message.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 16:04:06 +0000 (12:04 -0400)]
nfs-utils: add IPv6 code to gssd
All of the pieces to handle IPv6 are now in place. Add IPv6-specific
code wrapped in the proper #ifdef's so that IPv6 support works when
it's enabled at build-time.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 16:01:46 +0000 (12:01 -0400)]
nfs-utils: switch gssd to use standard function for getting an RPC client
We already have a common function for setting up an RPC client. That
function uses the tirpc API when tirpc is enabled and is also already
IPv6 enabled. Switch gssd to use it.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 15:36:07 +0000 (11:36 -0400)]
nfs-utils: query for remote port using rpcbind instead of getaddrinfo
We already have the server's address from the upcall, so we don't really
need to look it up again, and querying the local services DB for the
port that the remote server is listening on is just plain wrong.
Use rpcbind to set the port for the program and version that we were
given in the upcall. The exception here is NFSv4. Since NFSv4 mounts
are supposed to use a well-defined port then skip the rpcbind query
for that and just set the port to the standard one (2049).
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 15:34:51 +0000 (11:34 -0400)]
nfs-utils: store the address given in the upcall for later use
The current upcall could be more efficient. We first convert the address
to a hostname, and then later when we set up the RPC client, we do a
hostname lookup to convert it back to an address.
Begin to change this by keeping the address in the clnt_info that we get
out of the upcall. Since a sockaddr has a port field, we can also
eliminate the port from the clnt_info.
Finally, switch to getnameinfo() instead of gethostbyaddr(). We'll need
to use that call anyway when we add support for IPv6.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 14:29:04 +0000 (10:29 -0400)]
nfs-utils: make getnameinfo() required for --enable-gss
Systems that are so old that they don't have getnameinfo() in glibc are
probably also running kernels that are so old that they don't support
gssapi upcalls anyway.
Make --enable-gss dependent on the presence of the getnameinfo()
function. This allows us to reduce some conditional compilation.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 8 Apr 2009 14:26:26 +0000 (10:26 -0400)]
The --list option does not work on server stats.
The print_stats_list() routine was using the client's
stats to decide whether to display any stats. This did
not work when there was only server stats.
This patch breaks up print_stats_list into two different
routines allowing both server and clients stats to be
listed.
Steve Dickson [Wed, 8 Apr 2009 13:28:22 +0000 (09:28 -0400)]
Eliminate the displaying zero stats when the explicit protocol
is specified (-2, -3, -4) the -Z and or --list options.
When a particular protocol is specified and either
the -Z or --list options are used, zeros or blank lines
are echoed to the screen when there is not any NFS traffic.
This cause any useful data to be scroll off the screen.
With this patch only non-zero stats will be shown, which
makes the output of these options more condensed and
in turn more useful.
nfsstat.c: Adds the --list flag to print information in a list format
instead of the standard multi-column format
nfsstat.man: Updates the manpage to include the --list flag.
Signed-off-by: Kevin Constantine <kevin.constantine@disneyanimation.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Kevin Coffman [Fri, 3 Apr 2009 19:18:16 +0000 (15:18 -0400)]
svcgssd: check the return code from qword_eol() and log failures
If qword_eol() fails while writing the context information, log
an indication of the failure.
This addresses at least one cause of the intermittent, and
previously undiagnosed, problem of the server returning
GSS_S_NO_CONTEXT when a context was seemingly successfully
created and sent down to the kernel. In my case there was a
mis-match between kernel and user-land configuration resulting in
the proper kernel module not being loaded. Therefore the write
of the context failed, but was not logged by svcgssd. When the
kernel goes to find the resulting context, it was really not
there and correctly returned GSS_S_NO_CONTEXT to the client.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Ben Myers [Fri, 3 Apr 2009 19:13:10 +0000 (15:13 -0400)]
Mountd should use separate lockfiles
Mountd keeps file descriptors used for locks separate from
those used for io and seems to assume that the lock will
only be released on close of the file descriptor that was used
with fcntl. Actually the lock is released when any file
descriptor for that file is closed. When setexportent() is called
after xflock() he closes and reopens the io file descriptor and defeats the
lock.
This patch fixes that by using a separate file for locking, cleaning
them up when finished.
Signed-off-by: Ben Myers <bpm@sgi.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 3 Apr 2009 19:03:15 +0000 (15:03 -0400)]
nfs-utils: fix AC_CHECK_FUNC calls in configure.ac
AC_CHECK_FUNC and AC_CHECK_FUNCS take 3 args. Any ones beyond that are
ignored. In several places, we're passing the "action-if-not-found" in
as the 4th arg so it's being ignored.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 23 Mar 2009 21:13:01 +0000 (17:13 -0400)]
In recent Fedora builds, the '-D _FORTIFY_SOURCE=2' compile
flag has been set. This cause warnings to be generated when
return values from reads/writes (and other calls) are not
checked. The patch address those warnings.
Jeff Layton [Mon, 23 Mar 2009 12:12:37 +0000 (08:12 -0400)]
gssd: free buffer allocated by gssd_k5_err_msg
There's no way for the caller of gssd_k5_err_msg to know whether to free
the string it returns. It can call krb5_get_error_message which returns
a string that must be freed via krb5_free_error_string. The other ways
that it can return a string require that the memory not be freed.
Deal with this by copying the string to a new buffer in all cases. Then
we can properly free the string allocated by krb5_get_error_message.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Mon, 23 Mar 2009 12:12:14 +0000 (08:12 -0400)]
gssd: NULL-terminate buffer after read in read_service_info (try #2)
Valgrind complains that we're passing an unintialized buffer to sscanf
here. The main problem seems to be that we're not ensuring that the
buffer is NULL terminated before we pass it off.
This is the second version of this patch, the first one did not increase
the buffer allocation by 1 which could have led to clobbering the next
byte on the stack if nbytes == INFOBUFLEN.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Mon, 23 Mar 2009 12:11:41 +0000 (08:11 -0400)]
gssd: initialize fakeseed in prepare_krb5_rfc1964_buffer
This causes a compiler warning and also means that we're stuffing
the buffer with uninitialized junk from the stack. Other places in
this code initialize "fakeseed" to 0. Do the same here.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 16 Mar 2009 17:42:44 +0000 (13:42 -0400)]
nfs-utils: clean up handling of libgssglue in gssd Makefile
From: Jeff Layton <jlayton@redhat.com>
Make the pkgconfig check for libgssglue conditional on tirpc being
enabled. When it's disabled, the pkgconfig check for librpcsecgss will
pull in the gssglue lib and include dir automatically.
Also, make sure we include GSSGLUE_CFLAGS and the GSSGLUE_LIBS to the
appropriate places in utils/gssd/Makefile.am so that we pick up
the gssglue libs when tirpc is enabled.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 16 Mar 2009 17:40:47 +0000 (13:40 -0400)]
nfs-utils: Include legacy or TI-RPC headers, not both
Data type incompatibilities between the legacy RPC headers and the
TI-RPC headers mean we can't use libtirpc with code that was compiled
against the legacy RPC headers. The definition of rpcprog_t for
example is "unsigned long" in the legacy library, but it's "uint32_t"
for TI-RPC. On 32-bit systems, these types happen to have the same
width, but on 64-bit systems they don't, making more complex data
structures that use these types in fields ABI incompatible.
Adopt a new strategy to deal with this issue. When --enable-tirpc is
set, append "-I/usr/include/tirpc" to the compilation steps. This
should cause the compiler to grab the tirpc/ headers instead of the
legacy headers. Now, for TI-RPC builds, the TI-RPC legacy functions
and the TI-RPC headers will be used. On legacy systems, the legacy
headers and legacy glibc RPC implementation will be used.
A new ./configure option is introduced to allow system integrators to
use TI-RPC headers in some other location than /usr/include/tirpc.
/usr/include/tirpc remains the default setting for this new option.
The gssd implementation presents a few challenges, but it turns out
the gssglue library is similar to the auth_gss pieces of TI-RPC. To
avoid similar header incompatibility issues, gssd now uses libtirpc
instead of libgssglue if --enable-tirpc is specified. There may be
other issues to tackle with gssd, but for now, we just make sure it
builds with --enable-tirpc.
Note also: svc_getcaller() is a macro in both cases that points to
a sockaddr field in the svc_req structure. The legacy version points
to a sockaddr_in type field, but the TI-RPC version points to a
sockaddr_in6 type field.
rpc.mountd unconditionally casts the result of svc_getcaller() to a
sockaddr_in *. This should be OK for TI-RPC as well, since rpc.mountd
still uses legacy RPC calls (provided by glibc, or emulated by TI-RPC)
to set up its listeners, and therefore rpc.mountd callers will always
be from AF_INET addresses for now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 16 Mar 2009 17:30:26 +0000 (13:30 -0400)]
configure: pull common nfsidmap and event checks into aclocal/
Clean up: Create an aclocal script for the nfsidmap library and
headers checks used for both --enable-gss and --enable-nfsv4.
Move libevent checks out too.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 16 Mar 2009 17:29:18 +0000 (13:29 -0400)]
nfs-utils: replace function-specific switches with HAVE_LIBTIRPC
Instead of switching in TI-RPC-specific logic with a function-specific
switch like HAVE_CLNT_VG_CREATE, let's use the more generic
HAVE_LIBTIRPC macro everywhere.
This simplifies ./configure (always a good thing), and makes it more
clear in the source code exactly what the extra conditionally compiled
code is for.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 16 Mar 2009 17:28:42 +0000 (13:28 -0400)]
configure: move TI-RPC checks into aclocal
Define an aclocal test for TI-RPC headers and library, and move the
TI-RPC checks earlier in our configure script so other feature checks
can use the availability of TI-RPC to decide what to do.
Since bindresvport_sa is required just for IPv6 support, move that
check to the IPv6 feature tests.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Sun, 8 Mar 2009 14:10:25 +0000 (10:10 -0400)]
Added back the some logging variables which are no
longer used but, unfortunately, they are extern-ed by
public headers files which are not under the control
of this package.
Spotted-by: Juergen Daubert <jue@jue.li> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Mar 2009 11:23:25 +0000 (06:23 -0500)]
gssd: include gssapi/gssapi.h before write_bytes.h
In gssd/context_lucid.c, ensure that gss_buffer_desc and gss_OID_desc
are defined before write_bytes.h, which uses these definitions, is
included. With TI-RPC, these definitions are not provided by
rpc/rpc.h.
It appears that <gssapi/gssapi_krb5.h> already includes krb5.h and
gssapi.h (on my system, anyway) so let's drop those includes.
Ideally write_bytes.h itself should include the needed headers, but
some source files that use Heimdal include a different, Heimdal-
compatible, header to get these definitions.
Pointed-out-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Mar 2009 11:21:34 +0000 (06:21 -0500)]
mount.nfs: squelch compiler warning for TI-RPC builds
The printf format string in nfs_pp_debug() assumes the @program and
@version arguments are unsigned long, because the legacy RPC headers
define both rpcprog_t and rpcvers_t as unsigned long types.
However, the TI-RPC headers define both types as uint32_t, which
requires a different printf format type. If we replace the legacy
headers with TI-RPC headers, this type mismatch generates compiler
warnings that are nothing but noise.
We are about to provide a switch at ./configure time to allow the use
of either the legacy RPC headers or the TI-RPC headers, so we need
a printf format that works in both cases.
To squelch the compiler warnings that occur when using the TI-RPC
headers, cast both arguments in the fprintf statement to the widest of
the two types ("unsigned long" or "uint32_t").
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Mar 2009 11:20:40 +0000 (06:20 -0500)]
nfs-utils: Provide type-checked version of svc_getcaller()
TI-RPC's version of the svc_getcaller() macro points to a sockaddr_in6,
not a sockaddr_in, though for AF_INET callers, an AF_INET address
resides there. To squelch compiler warnings when the TI-RPC version of
the svc_req structure is used, add inline helpers with appropriate
type casting.
Note that tcp_wrappers support only AF_INET addresses for now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Mar 2009 11:16:04 +0000 (06:16 -0500)]
configure: Remove CPPFLAGS substitution
At least on my systems, the AM_CPPFLAGS substitution at the end of
configure.ac is not needed. It adds an extra copy of
"-I../../support/includes" to each compile step.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 4 Mar 2009 20:54:39 +0000 (15:54 -0500)]
configure: fix AC_CACHE_VAL warnings on Fedora 10
Autoconf 2.63 (and maybe earlier releases) complains about the cache
variable name used in aclocal/libblkid.m4:
configure.ac:217: warning: AC_CACHE_VAL(libblkid_is_recent, ...):
suspicious cache-id, must contain _cv_ to be cached
../../lib/autoconf/general.m4:1974: AC_CACHE_VAL is expanded from...
aclocal/libblkid.m4:2: AC_BLKID_VERS is expanded from...
configure.ac:217: the top level
This addresses
https://bugzilla.redhat.com/attachment.cgi?bugid=481386 .
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 4 Mar 2009 20:36:27 +0000 (15:36 -0500)]
General clean up. Removed unused routines. Reworked syslog
message to (hopefully) make it more sensible. Move
"#ifdef HAVE_LIBWRAP" around so nothing will be defined
when tcp wrapper is not configured.
Steve Dickson [Wed, 4 Mar 2009 20:24:58 +0000 (15:24 -0500)]
Converted good_client() to correctly use the tcp wrapper
interface and added a note to the mountd man page saying
hostnames will be ignored when they can not be looked up.
Tomas Richter [Wed, 18 Feb 2009 18:33:27 +0000 (13:33 -0500)]
Exportfs and rpc.mountd optimalization
There were some problems with exportfs and rpc.mountd for long export
lists - see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76643
I do optimalization as my bachelors thesis (Facuulty of informatics,
Masaryk's university Brno, Czech Republic), under lead of Yenya
Kasprzak.
Both exportfs and rpc.mount build linked list of exports (shared
functions in export.c). Every time they are inserting new export into
list, they search for same export in list.
I replaced linked list by hash table and functions export_add and
export_lookup by functions hash_export_add and hash_export_lookup
(export.c).
Because some other functions required exportlist as linked list, hash
table has some implementation modification im comparison with ordinary
hash table. It also keeps exports in linked list and has pointer to
head of the list. So there's no need of implementation function
<for_all_in_hash_table>.
Signed-off-by: Tomas Richter <krik3t@gmail.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 17 Feb 2009 21:26:31 +0000 (16:26 -0500)]
umount.nfs command: Support AF_INET6 server addresses
Replace existing mount option parser in nfsumount.c with the new pmap
stuffer
function nfs_options2pmap(). Mount option parsing for umount.nfs now
works
the same as it does for mount option rewriting in the text-based
mount.nfs
command.
This adds a number of new features:
1. The new logic supports resolving AF_INET6 server addresses
2. Support is added for the recently introduced "mountaddr" option.
3. Parsing numeric option values is much more careful
4. Option parsing no longer uses xmalloc/xstrdup, so it won't fail
silently if memory can't be allocated
5. Mount program number set in /etc/rpc is respected
6. Mount doesn't exit with EX_USAGE if the hostname lookup fails
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 17 Feb 2009 21:25:27 +0000 (16:25 -0500)]
umount.nfs command: Add an AF_INET6-capable version of nfs_call_unmount()
We need an AF_INET6-capable version of nfs_call_unmount() to allow the
umount.nfs command to support unmounting NFS servers over IPv6. The
legacy
mount.nfs command still likes to use nfs_call_umount(), so we leave it
in
place and introduce a new API that can take a "struct sockaddr *".
The umount.nfs command will invoke this new API, but we'll leave the
legacy
mount.nfs command and the umount.nfs4 command alone. The umount.nfs4
command does not need this support because NFSv4 unmount operations are
entirely local.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 17 Feb 2009 20:33:58 +0000 (15:33 -0500)]
The mount sockaddr len (mnt_salen) is not be set in
nfs_extract_server_addresses() which causes the mount.nfs
command to segmentation fault when a NFS server only
supports UDP mounts.
Chuck Lever [Tue, 17 Feb 2009 20:19:58 +0000 (15:19 -0500)]
text-based mount command: fix return value from po_rightmost()
Recently commit 0dcb83a8 changed the po_rightmost() function to
distinguish among several possible mount options by taking a table
containing the alternatives, and returning the table index of the
entry which is rightmost in the mount option string.
If it didn't find any mount option that matches an entry from the
passed-in table, it returned zero. This was the same behavior it had
before, when it only checked for two options at a time. It returned
PO_NEITHER_FOUND, which was zero.
Since this is C, however, zero also happens to be a valid index into
the passed-in array of options.
Modify the po_rightmost() function to return -1 if the entry wasn't
found, and fix up the callers to look for a C-style array index that
starts at zero.
Thanks to Steve Dickson for troubleshooting the problem. His solution
was merely to bump the return value, as callers already expected an
ordinal index instead of a C-style index.
I prefer this equivalent but slightly more extensive change because it
makes the behavior of po_rightmost() more closely match how humans
understand C arrays to work. Let's address some of the confusion that
caused this bug, as well as fixing the run-time behavior.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 27 Jan 2009 22:48:17 +0000 (17:48 -0500)]
text-based mount command: support AF_INET6 in rewrite_mount_options()
Now that we have an AF_INET6-capable probe_bothports(), we can support
AF_INET6 when rewriting text-based NFS mount options. This should be
adequate to support NFS transport protocol and version negotiation with
AF_INET6 NFS servers.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 27 Jan 2009 22:45:48 +0000 (17:45 -0500)]
text-based mount options: Use new pmap stuffer when rewriting mount options
all nfs_options2pmap() in nfs_rewrite_mount_options() instead of
open-coding the logic to convert mount options to a pmap struct.
The new nfs_options2pmap() function is more careful about avoiding
invalid mount option values, and handles multiply-specified transport
protocol options correctly.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 27 Jan 2009 22:43:29 +0000 (17:43 -0500)]
text-based mount command: Function to stuff "struct pmap" from mount options
Both the text-based mount.nfs command and the umount.nfs command need
to fill in a pmap structure based on string mount options. Introduce
a shared function that can do this.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>