Jeff Layton [Fri, 11 Dec 2009 18:05:06 +0000 (13:05 -0500)]
gssd: have gssd deal with scopeid field in upcall
Recent kernels (2.6.32) have started displaying the scopeid for some
addresses in the upcall. gssd doesn't know how to deal with them. Change
gssd to use getaddrinfo instead of inet_pton since that can deal with
scopeid's in addresses. That also allows us to elminate the port
conversion in read_service_info.
If getaddrinfo returns an address with a non-zero sin6_scope_id however,
reject it. getnameinfo ignores that field and just uses the sin6_addr
part when resolving. But, two addresses that differ only in
sin6_scope_id could refer to completely different hosts.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 11 Dec 2009 15:53:13 +0000 (10:53 -0500)]
NFS man page: update nfs(5) with details about IPv6 support
Add details to nfs(5) about how to specify raw IPv6 addresses when
mounting an
NFS server. Mounting via an IPv6 NFS server via hostname should work as
it
does with IPv4.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 11 Dec 2009 15:48:24 +0000 (10:48 -0500)]
mount.nfs: proto=netid forces address family when resolving server names
Using the netid settings, determine the correct address family to use
for NFS and MNT server name resolution. Use this family when
resolving the server name for the addr= and mountaddr= options.
This patch assumes the kernel can recognize a netid, instead of a
protocol name, as the value of the proto= options.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Replacing sockaddr_storage makes this code less likely to break when
optimized by gcc. It also saves a significant amount of stack space
by replacing a 130 byte structure with a union that is less than 32
bytes.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 11 Dec 2009 15:38:50 +0000 (10:38 -0500)]
mount.nfs: support netids in v2/v3 version/transport negotiation
When rewriting mount options during v2/v3 negotiation, restore the
correct netids, rather than protocol names, in the rewritten protocol
options. If TI-RPC is not available, the traditional behavior is
preserved.
This patch assumes the kernel can recognize a netid, instead of a
protocol name, as the value of the proto= options.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 11 Dec 2009 15:37:02 +0000 (10:37 -0500)]
mount.nfs: support netids in nfs_options2pmap()
When parsing mount options in nfs_options2pmap(), treat the value of
proto= (and mountproto=) as a netid by looking it up in local
netconfig and protocol databases to convert it to a protocol number.
If TI-RPC is not available, the traditional behavior is preserved.
The meaning of the "udp" and "tcp" mount options is not affected by
this change.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Neil Brown [Mon, 7 Dec 2009 22:23:48 +0000 (17:23 -0500)]
mount.nfs: Retry v4 mounts with v3 on ENOENT errors
Retry v4 mounts with a v3 mount when the version
is not explicitly specified and the mount fails
with ENOENT. The will help deal with Linux servers
that do not automatically export a pseudo root
he nfsmount() function checks if !bg before running
switch(rpc_createerr.cf_stat). On the other hand, the nfs4mount()
function does not, and results in exiting the loop on the first
iteration even with the bg mount option.
NOTE: This and the previous patch ("nfs-utils: mount options can be lost
when using bg option") are relevant to non text-based mount options.
See https://bugzilla.redhat.com/show_bug.cgi?id=529370 for details.
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
When mounting an NFS export *without* the "bg" option, try_mount() is
called only once. Before calling it, the variables mount_opts and
extra_opts are set up. Then try_mount() calls nfsmount(), the latter
assumes that the aforementioned variables can be modified. Most
significantly, it allows the variable extra_opts to be modified.
When the "bg" mount option is used *and* the first try_mount() attempt
fails, it daemonizes the process and calls try_mount() again,
unfortunately, we've lost the required mount options in the variable
extra_opts.
See https://bugzilla.redhat.com/show_bug.cgi?id=529370 for details.
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Robert Gordon [Mon, 16 Nov 2009 18:25:02 +0000 (13:25 -0500)]
relax insecure option on mountd
In nfs-utils 1.2.0, I noticed that the insecure option validates that
the client port is a
subset of IPPORT_RESERVED as opposed to just validating it is a valid
reserved port. The following proposed patch would correct that issue.
Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Robert Gordon <rbg@openrbg.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Add processing of the "service=" attribute in the new gssd upcall.
If "service" is specified, then the kernel is indicating that
we must use machine credentials for this request. (Regardless
of the uid value or the setting of root_uses_machine_creds.)
If the service value is "*", then any service name can be used.
Otherwise, it specifies the service name that should be used.
(For now, the values of service will only be "*" or "nfs".)
Restricting gssd to use "nfs" service name is needed for when
the NFS server is doing a callback to the NFS client. In this
case, the NFS server has to authenticate itself as "nfs" --
even if there are other service keys such as "host" or "root"
in the keytab.
Another case when the kernel may specify the service attribute
is when gssd is being asked to create the context for a
SETCLIENT_ID operation. In this case, machine credentials
must be used for the authentication. However, the service name
used for this case is not important.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Add processing of the "target=" attribute in the new gssd upcall.
Information in this field is used to construct the gss service name
of the server for which gssd will create a context .
This, along with the next patch handling "service=", is needed
for callback security.
For Kerberos, the NFS client will use a service principal present
in its keytab during authentication of the SETCLIENT_ID operation.
When establishing the context for the callback, the gssd on the
NFS server will attempt to authenticate the callback against the
principal name used by the client.
Note: An NFS client machine must have a keytab for the callback
authentication to succeed.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Add support for handling the new client-side upcall. The kernel,
beginning with 2.6.29, will attempt to use a new pipe, "gssd",
which can be used for upcalls for all gss mechanisms.
The new upcall is text-based with an <attribute>=<value> format.
Attribute/value pairs are separated by a space, and terminated
with a new-line character.
The intial version has two required attributes,
mech=<gss_mechanism_name> and uid=<user's_UID_number>, and two
optional attributes, target=<gss_target_name> and service=<value>.
Future kernels may add new attribute/value pairs.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
For convenience, add the full name of the upcall pipe being processed.
(Distinquishes between "normal" upcall, and a callback upcall.)
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: add upcall support for callback authentication
Change the processing so that all subdirectories within the rpc_pipefs
directory are treated equally. Any "clnt" directories that show up
within any of them are processed. (As suggested by Bruce Fields.)
Note that the callback authentication will create a new "nfs4d_cb"
subdirectory. Only new kernels (2.6.29) will create this new directory.
(The need for this directory will go away with NFSv4.1 where the
callback can be done on the same connection as the fore-channel.)
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Split out the processing for a pipe to a separate routine. The next
patch adds a new pipe to be processed.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
This patch adds the krb5 hostbased principal, name which the
nfs client used to authenticate, to the svcgssd downcall
information. This information is needed for the callback
authentication.
When estabishing the callback, nfsd will pass the principal
name in the upcall to the gssd. gssd will acquire a service
ticket for the specified principal name.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 12 Nov 2009 19:16:12 +0000 (14:16 -0500)]
Remove the AI_ADDRCONFIG hint flag to getaddrinfo() when it's
call by nfsd to set up the file descriptors that are
sent to the kernel. The flag causes the getaddrinfo()
to fail, with EAI_NONAME, when there is not a non-loopback
network interface configured.
Steve Dickson [Tue, 3 Nov 2009 14:49:03 +0000 (09:49 -0500)]
Retry v4 mounts with a v3 mount when the version
is not explicitly specified and the mount fails
with ENOENT. The will help deal with Linux servers
that do not automatically export a pseudo root
Steve Dickson [Sat, 17 Oct 2009 13:16:18 +0000 (09:16 -0400)]
Introducing the parsing of both 'defaultvers' and 'defaultproto'
config variables which will be used to set the the default
version and network protocol.
A global variable will be set for each option with the
corresponding value. The value will be used as the
initial value in the server negation.
Steve Dickson [Fri, 9 Oct 2009 13:19:39 +0000 (09:19 -0400)]
There are a number of different mount options that can be
used to set the protocol version on the command line. The
config file code needs to know about each option so the
command line value will override the config file value.
Chuck Lever [Tue, 29 Sep 2009 14:38:52 +0000 (10:38 -0400)]
mount: Support negotiation between v4, v3, and v2
When negotiating between v3 and v2, mount.nfs first tries v3, then v2.
Take the same approach for v4: try v4 first, then v3, then v2, in
order to get the highest NFS version both the client and server
support.
No MNT request is needed for v4. Since we want to avoid an rpcbind
query for the v4 attempt, just go straight for mount(2) without a MNT
request or rpcbind negotiation first. If the server reports that v4
is not supported, try lower versions.
The decisions made by the fg/bg retry loop have nothing to do with
version negotation. To avoid a layering violation, mount.nfs's
multi-version negotiation strategy is wholly encapsulated within
nfs_try_mount(). Thus, code duplication between nfsmount_fg(),
nfsmount_parent(), and nfsmount_child() is avoided.
For now, negotiating version 4 is supported only on kernels that can
handle the vers=4 option on type "nfs" file systems. At some point
we could also allow mount.nfs to switch to an "nfs4" file system in
this case.
Since mi->version == 0 can now mean v2, v3, or v4, limit the versions
tried for RDMA mounts. Today, only version 3 supports RDMA.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 29 Sep 2009 14:38:05 +0000 (10:38 -0400)]
The user's mount options and the set of versions to try should not
change over the course of mount retries.
With this patch, each version-specific mount attempt is compartment-
alized, and starts from the user's original mount options each time.
Thus these attempts can now be safely performed in any order,
depending on what the user has requested, what the server advertises,
and what is up and running at any given point.
Don't regress the fix in commit 23c1a452. For v2/v3 negotation, only
the user's mount options are written to /etc/mtab, and not any options
that were negotiated by mount.nfs. There's no way to guarantee that
the server configuration will be the same at umount time as it was at
mount time.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: nfs-iostat.py autofs cleanup and option to sort by ops/s
Adds --sort option to display mount point stats sorted by ops/s
Adds --list=<n> option to only display stats for first <n> mount points
E.g. the use of "--sort --list=1" should be useful in seeing stats for
only the mountpoint with the highest ops/s.
Signed-off-by: Lans Carstensen <Lans.Carstensen@dreamworks.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: nfs-iostat.py autofs cleanup and option to sort by ops/s
Introduce optparse for managing command usage/help and the statistics
options. This change helps more cleanly add new options such as --sort
while preserving the iostat-like interval, count, and mount point
positional arguments.
Signed-off-by: Lans Carstensen <Lans.Carstensen@dreamworks.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: nfs-iostat.py autofs cleanup and option to sort by ops/s
Update list of mount points at each interval and check for differences
when producing comparative stats. This ensures proper stats collection
for autofs mountpoints.
Signed-off-by: Lans Carstensen <Lans.Carstensen@dreamworks.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: nfs-iostat.py autofs cleanup and option to sort by ops/s
Conforms Python path to the LSB 3.2+ standard of /usr/bin/python
http://refspecs.freestandards.org/LSB_3.2.0/LSB-Languages/LSB-Languages/pylocation.html
Per SteveD this is also required for proper rpm dep resolution during
builds
Signed-off-by: Lans Carstensen <Lans.Carstensen@dreamworks.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Mon, 14 Sep 2009 18:06:53 +0000 (14:06 -0400)]
idmapd: rearm event handler after error in nfsdcb()
A couple of years ago, Bruce committed a patch to make knfsd send
unsigned uid's and gid's to idmapd, rather than signed values. Part
of that earlier discussion is here:
While this fixed the immediate problem, it doesn't appear that anything
was ever done to make idmapd continue working when it gets a bogus
upcall.
idmapd uses libevent for its main event handling loop. When idmapd gets
an upcall from knfsd it will service the request and then rearm the
event by calling event_add on the event structure again.
When it hits an error though, it returns in most cases w/o rearming the
event. That prevents idmapd from servicing any further requests from
knfsd.
I've made another change too. If an error is encountered while reading
the channel file, this patch has it close and reopen the file prior to
rearming the event.
I've not been able to test this patch directly, but I have tested a
backport of it to earlier idmapd code and verified that it did prevent
idmapd from hanging when it got a badly formatted upcall from knfsd.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Mon, 14 Sep 2009 17:24:00 +0000 (13:24 -0400)]
IPv6 support for nfsd was finished before some of the other daemons
(mountd and statd in particular). That could be a problem in the future
if someone were to boot a kernel that supports IPv6 serving with an
older nfs-utils. For now, hardcode the IPv6 switch into the off position
until the other daemons are functional.
Lukas Hejtmanek [Thu, 27 Aug 2009 15:42:24 +0000 (11:42 -0400)]
Gssd blindly caches machine credentials
We have a problem with rpc.gssd which blindly caches machine credentials.
E.g., if someone deletes /tmp/krb5cc_machine_REALM, rpc.gss does not create
new one until the old one expires. Also, it has problems with clock skew, if
time goes back and gssd thinks that machine credentials are not expired yet.
The following patch tries to use cache but in case of failure, it tries it
again without cache. Any comments?
Signed-off-by: Lukas Hejtmanek <xhejtman@ics.muni.cz> Acked-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
J. Bruce Fields [Mon, 24 Aug 2009 12:20:10 +0000 (08:20 -0400)]
Don't give client an empty flavor list
In the absence of an explicit sec= option on an export, rpc.mountd
is returning a zero-length flavor list to clients in the MOUNT results.
The linux client doesn't seem to mind, but the Solaris client
(reasonably enough) is giving up; the symptom is a "security mode
does not match" error on mount.
We could modify the export-parsing code to ensure the secinfo array
is nonzero. But I think it's slightly simpler to handle this default
case in the implementation of the MOUNT call. This is more-or-less the
same thing the kernel does when mountd passes it an export without any
security flavors specified.
Thanks to Tom Haynes for bug report and diagnosis.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Aug 2009 18:34:42 +0000 (14:34 -0400)]
Now that only the Section names are case-insensitive
the mount code has to make sure the the mount options
given to the kernel are in the correct case.
Steve Dickson [Wed, 5 Aug 2009 20:10:01 +0000 (16:10 -0400)]
Adds '--enable-mountconfig' configuration flag that will
enabled mount to read from a configuration file.
The default value is disabled (or no)
Adds '--with-mountfile' configuration flag that is used when
mountconf is enabled to define the configuration file name.
The default is /etc/nfsmount.conf.
Steve Dickson [Wed, 5 Aug 2009 20:02:33 +0000 (16:02 -0400)]
Added an conditional argument to the Section names
with the format being:
[ Section <"argument"> ]
This will help group similar functioning Section
together. The argument is conditional but must be
surrounded by the '"' characters.
The new conf_get_section() interface can used
to locate a Section by its Section name and/or
argument.
Subexports automatically created by "crossmnt" get the NFSEXP_FSID flag
cleared. That flag should also be cleared in the
security-flavor-specific flag fields. Otherwise the kernel detects the
inconsistent flags and rejects the export.
The symptoms are clients hanging the first time they export a filesystem
mounted under a filesystem that was exported with something like:
/exports *(crossmnt,fsid=0,sec=krb5)
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Fri, 14 Aug 2009 17:42:22 +0000 (13:42 -0400)]
Add some clarification about the purpose of the program, info about the
--debug and --syslog options, and a note about how it behaves when
TI-RPC support is built in.
Jeff Layton [Fri, 14 Aug 2009 17:37:12 +0000 (13:37 -0400)]
nfs-utils: add IPv6 support to nfsd
Add support for handing off IPv6 sockets to the kernel for nfsd. One of
the main goals here is to not change the behavior of options and not to
add any new ones, so this patch attempts to do that.
We also don't want to break anything in the event that someone has an
rpc.nfsd program built with IPv6 capability, but the knfsd doesn't
support IPv6. Ditto for the cases where IPv6 is either not compiled in
or is compiled in and blacklisted.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Fri, 14 Aug 2009 17:30:04 +0000 (13:30 -0400)]
nfs-utils: convert nfssvc_setfds to use getaddrinfo
Convert nfssvc_setfds to use getaddrinfo. Change the args that it takes
and fix up nfssvc function to pass in the proper args. The things that
nfssvc has to do to call the new nfssvc_setfds is a little cumbersome
for now, but that will eventually be cleaned up in a later patch.
nfs-utils: break up the nfssvc interface
Currently, the only public interface to the routines in nfssvc.c is
nfssvc(). This means that we do an awful lot of work after closing
stderr that could be done while it's still available.
Add prototypes to the header so that more functions in nfssvc.c can be
called individually, and change the nfsd program to call those routines
individually.
Jeff Layton [Sat, 1 Aug 2009 11:21:26 +0000 (07:21 -0400)]
nfs-utils: declare a static common buffer for nfssvc.c routines
Several of the routines in nfssvc.c declare a buffer for strings. Use a
shared static buffer instead to keep it off of the stack. Also, the
buffer allocated in some places is *really* large. BUFSIZ is generally
8k. These routines don't need nearly that much.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Sat, 1 Aug 2009 10:27:40 +0000 (06:27 -0400)]
nfs-utils: convert rpc.nfsd to use xlog()
...and add --debug and --syslog options.
With the switch to xlog(), it becomes trivial to add debug messages, so
add an option to turn them on when requested.
Also, rpc.nfsd isn't a proper daemon per-se, so it makes more sense to
log errors to stderr where possible. Usually init scripts take care of
redirecting stderr output to syslog anyway.
For those that don't, add a --syslog option that forces all output to go
to syslog instead. Note that even with this option, errors encountered
during option processing will still go to stderr.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 15 Jul 2009 11:58:22 +0000 (07:58 -0400)]
errno not be set on RPC errors
Changed both nfs_advise_umount() and nfs_gp_ping() to
set the errno by calling CLNT_GETERR() after a CLNT_CALL()
error. Also added code to rpc_strerror() that will log
the errno value, when set, via strerror().
These changes added essential information to the error message
making it much easier to detect errorsuch as "Connection refused"
Steve Dickson [Wed, 15 Jul 2009 10:21:54 +0000 (06:21 -0400)]
Don't use initialized garbage for address lengths
Make sure address lengths are initialized before
call calling nfs_extract_server_addresses() from
nfs_rewrite_pmap_mount_options(). Otherwise the
length check in nfs_string_to_sockaddr() can fail
since its will be using garbage from the stack.
Chuck Lever [Tue, 14 Jul 2009 21:00:47 +0000 (17:00 -0400)]
mount.nfs: Squelch compiler warnings in nfs_strerror()
Address compiler warnings:
error.c: In function nfs_strerror:
error.c:341: warning: comparison between signed and unsigned
error.c:342: warning: comparison between signed and unsigned
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:48:50 +0000 (16:48 -0400)]
mount.nfs: Use correct data type in discover_nfs_mount_data_version()
Address compiler warning:
mount.c: In function discover_nfs_mount_data_version¿:
mount.c:162: warning: comparison between signed and unsigned
mount.c:164: warning: comparison between signed and unsigned
mount.c:166: warning: comparison between signed and unsigned
mount.c:168: warning: comparison between signed and unsigned
mount.c:170: warning: comparison between signed and unsigned
mount.c:178: warning: comparison between signed and unsigned
linux_version_code() and MAKE_VERSION() both return an unsigned int.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:47:09 +0000 (16:47 -0400)]
support: Introduce sockaddr helpers to get and set IP port numbers
Introduce address family-agnostic functions that get and set IP port
numbers in socket addresses. We can already replace a few similar
functions in the mount command, and a few more will come up with
statd and sm-notify.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:45:07 +0000 (16:45 -0400)]
mount.nfs: Don't update extra_opts after text-based negotiation
The umount.nfs command will negotiate the mount options again, so all
that is needed in /etc/mnttab is the original set of options used for
the mount, plus the additional mandatory options like addr=''.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:39:17 +0000 (16:39 -0400)]
mount.nfs: Clean up after restructuring version/protocol negotiation
Fix up comments and function names to reflect the new version/protocol
negotiation scheme. We can now remove a bunch of mount processing
that is specific to v2/v3, removing about 100 lines of logic from
stropts.c.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:37:02 +0000 (16:37 -0400)]
mount.nfs: Clean up nfs_is_permanent_error()
Clean up: Move nfs_is_permanent_error() closer to the functions that
call it, and update a documenting comment to reflect recent
restructuring in this area.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:35:26 +0000 (16:35 -0400)]
mount.nfs: rearchitect mount version/protocol negotiation logic
Text-based mounts try a mount operation first with default settings,
then negotiate via rpcbind queries and retry the mount, if the default
settings don't work. This method introduces long delays in certain
common scenarios, and makes it difficult to tell when it is
appropriate to fail immediately or negotiate and retry.
To address these behavioral regressions, make text-based mounts
operate the same way that legacy mounts work. Perform rpcbind queries
with short timeouts first, then use the results to determine
transport, version, and port number settings for the mount.
This allows the mount.nfs command to detect server settings, or
whether negotiation is even possible, quickly. It also makes it
simple to determine when to fail vs. when to retry.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:34:20 +0000 (16:34 -0400)]
mount.nfs: make nfs_options2pmap return errors
Up until now, nfs_options2pmap() has been passed mount options that
have already gone through the kernel's parser successfully. So, it
never had to check for invalid mount option values.
However, we are about to pass it options that come right from the
user. So nfs_options2pmap() will now need to report an error and
fail if it encounters a bogus value for any of the options it cares
about.
=====
Note that nfs_options2pmap() will allow a bogus value for an option
if the same option is specified farther to the right with a useable
value.
For example, if a user specifies "proto=foo,...,tcp" then
nfs_options2pmap() uses "tcp" and ignores "proto=foo".
However, if the options are specified in the other order:
"tcp,...,proto=foo" then nfs_options2pmap() will fail. This is a simple
and unambiguous extension of the "rightmost wins" rule.
Since mount.nfs strips out these options out and replaces them with
the rpcbind-negotiated options before invoking mount(2), the kernel
should never receive bogus values for these options from mount.nfs in
such cases.
This is probably slightly more flexible behavior than the legacy
mount implementation, but should be harmless. All mount options
unrelated to pmap are ignored by nfs_options2pmap().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:31:15 +0000 (16:31 -0400)]
mount.nfs: force rpcbind queries if options aren't specified
nfs_options2pmap() fills in default values if the passed-in mount
options don't specify values. This short-circuits the version, port,
and transport negotiation logic in nfs_probe_bothports().
Instead, nfs_options2pmap() should plant zeros in these pmap fields
to force nfs_probe_bothports() and nfs_advise_mount() to discover, via
rpcbind queries, what the server supports.
This fixes some scenarios where umount.nfs fails to connect to servers
that don't have all rpcbind ports open, in addition to fixing other
corner cases during mount.nfs version/protocol negotiation.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:29:11 +0000 (16:29 -0400)]
mount.nfs: If port= specifies an unregistered port, retry, then fail
Suppose a port= option is specified on the mount command line, but not
enough other mount options are specified to avoid an rpcbind query to
discover the NFS service.
If the NFS service isn't registered on [100003, 3, "tcp", port] (even
if the server is listening on the specified port), the legacy mount.nfs
command fails immediately with:
mount.nfs: mount to NFS server 'server' failed: RPC Error: Success
What's more, this mount request should succeeded if an NFS service is
registered on the specified port for another version and/or protocol.
So instead, let's retry the rpcbind query with the other versions and
transport protocols to be absolutely sure that port won't work with
either version or transport. Then, if all fails, report:
mount.nfs: mount to NFS server 'server' failed:
RPC Error: Program not registered
This change also affects text-based mounts that require negotiation
by the mount.nfs command.
Note that if the mount options specify all four pmap parameters for
NFS, the rpcbind query for the NFS service is skipped entirely. The
mount command then hangs and times out later if NFS service is not
listening on the requested tuple. This is unchanged from previous
behavior.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 14 Jul 2009 20:27:54 +0000 (16:27 -0400)]
getport: Convert TCP connection refused to RPC_CANTRECV
In a similar vein to the timeout logic we just restored, a refused
TCP connection should be mapped to an equivalent UDP error code:
RPC_CANTRECV.
This is new behavior for TCP connections; the legacy mount command
appears to have simply failed immediately if a TCP connection was
refused during an rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>