bc Wong [Tue, 18 Mar 2008 13:30:44 +0000 (09:30 -0400)]
There were 2 things wrong with auth flavour ordering:
- Mountd used to advertise AUTH_NULL as the first flavour on
the list, which means that it prefers AUTH_NULL to anything
else (as per RFC 2623 section 2.7).
- Mount.nfs used to scan the returned list in reverse order,
and stopping at the first AUTH_NULL or AUTH_SYS encountered.
If a server advertises (AUTH_SYS, AUTH_NULL), it will by
default choose AUTH_NULL and have degraded access.
I've fixed mount.nfs to scan from the beginning. For mountd,
it does not advertise AUTH_NULL anymore. This is necessary
to avoid backward compatibility issue. If AUTH_NULL appears
in the list, either the new or the old client will choose
that over AUTH_SYS.
Tested the server/client combination against the previous
versions, as well as Solaris and FreeBSD.
Signed-off-by: bc Wong <bcwong@cisco.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 11 Mar 2008 17:11:50 +0000 (13:11 -0400)]
Recently #include directives for autoconf's config.h file were added in
utils/mount/error.c and utils/mount/mount.c, but appropriate HAVE_CONFIG_H
checks were not added at the same time.
In addition, several other .c files under utils/mount reference
autoconf-generated HAVE_ macros, but don't appear to include config.h
Also, Heinz-Ado Arnolds <arnolds@MPA-Garching.MPG.DE> reports that this
patch is needed to ensure START_STATD is properly defined in
utils/mount/network.c. Otherwise start_statd() is always a no-op, even if
the configure script defines an appropriate statd start-up script.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: Heinz-Ado Arnolds <arnolds@MPA-Garching.MPG.DE> Signed-off-by: Steve Dickson <steved@dickson.boston.devel.redhat.com>
The mount(5) man page states that the noquota, quota, usrquota and
grpquota options are ignored. (They are, however, used by the quota
tools, so having them in fstab can be useful.) Make mount.nfs ignore
them properly, matching the man page. There are a few aliases (like
usrjquota) that are parsed by quota, but as these are not documented
nor seem to be widely used, they are not included.
Signed-off-by: Steinar H. Gunderson <sgunderson@bigfoot.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 5 Mar 2008 15:07:11 +0000 (10:07 -0500)]
As part of migrating from nfs@lists.sf.net to linux-nfs@vger.kernel.org,
update the mailing list address used to report bugs in nfs-utils.
Removed the BUGS section in the mount.nfs and umount.nfs man pages since
they weren't consistent with the contents of the BUGS sections in others
in nfs-utils.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 26 Feb 2008 18:57:39 +0000 (13:57 -0500)]
If validateascii is passed a string containing only non-zero 7bit
values, then the loop with exit with i == len, and the following
test will access beyond the end of the array.
So add an extra test to fix this.
Found by Marcus Meissner <meissner@novell.com>.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
In mountd, if get_exportlist() (utils/mountd/mountd.c) returns NULL it
should not be considered a failure. It just means that there are no
exports on the system.
The practical problem with the current code is that a showmount -e
results in a syslog message from mountd that looks like:
rpc.mountd: export request from 10.250.100.2 failed.
Steve Dickson [Sat, 19 Jan 2008 12:59:26 +0000 (07:59 -0500)]
Fix bug when both crossmnt and fsid are set.
When exported a filesystems with option inherited (by the crossmnt
option) from a higherlevel filesystem, ignore filesystem specific
options like FSID and explicit UUID.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 17 Jan 2008 16:25:37 +0000 (11:25 -0500)]
Stop segfaults on amd64 during warnings messages by creating
a second va_list in xlog_backend() and then use that va_list
to print messages on stderr.
Signed-off-by: Steinar H. Gunderson <sesse@debian.org> Signed-off-by: Steve Langasek <vorlon@debian.org> Signed-off-by: Steve Dickson <steved@dickson.boston.devel.redhat.com>
Steve Dickson [Wed, 16 Jan 2008 16:53:41 +0000 (11:53 -0500)]
Address an inconsistency: the mount.nfs command uses the glibc routines
to manipulate /etc/mtab (setmntent) but, everything else in nfs-utils
uses a local private version (nfs_setmntent). The local version does
some extra mangling of the mtab entries.
We should check what util-linux does these days to be sure, but for now,
let's make the mount.nfs command use the nfs_ variants of setmntent().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Sat, 3 Nov 2007 14:40:36 +0000 (10:40 -0400)]
When mountd gets a request to export a mountpoint which is not
explicitly exported, but is below an export point that is flagged as
"crossmnt", it passes the wrong path name to the kernel for the
"filehandle -> directory"
mapping.
This can badly confuse the NFS client, and is certainly wrong.
So use the correct path names.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Sat, 3 Nov 2007 14:36:36 +0000 (10:36 -0400)]
When following a list of mount versions to probe -
e.g. probe_mnt1_first or probe_mnt3_first - probe_both will first
probe the appropriate NFS version and then, if that succeeds, probe
the actual mount version. However instead of probing the target mount
version, it probes the "most appropriate" mount version for the given NFS version.
This results in it probing:
NFSv2, MOUNTv1
twice rather than
NFSv2, MOUNTv1
NFSv2, MOUNTv2
as would be more correct.
This patch removes the "choose most correct" step and just use the
current mouint version for the probe_vers array.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Sat, 3 Nov 2007 13:35:05 +0000 (09:35 -0400)]
This means that if mountd is run with "--no-nfs-version 3",
It will first probe for NFS version 3, which will succeed (assuming the
kernel supported NFSv3), then it will check the matching mountd version (3)
and probe_port on discovering that isn't supported will try other versions,
find "1" is supported will succeed.
This leaves up using mount version 1 for an NFSv3 mount, which doesn't work
and leads to a SIGSEGV
There is no case where trying other versions is needed the request one is
not supported, so simply remove that code.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Kevin Coffman [Fri, 12 Oct 2007 20:35:25 +0000 (16:35 -0400)]
Remove unnecessary code from idmapd.
This patch removes unnecessary code from idmapd. setproctitle is not used
anywhere and it can be removed. In addition the kernel section of the
nfs_idmap.h header is not used and is out of date and thus is removed.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 12 Oct 2007 20:35:20 +0000 (16:35 -0400)]
Remove old logging implementation for idmapd and rework gssd and idmapd to use the new xlog logging infrastructure.
This patch removes all of the old idmap_* logging functions and replaced them
with the corresponding xlog functions. In addition that that it also reworks
the gssd logging wrappers to use the new xlog_backend. Finally it makes
necessary changes to the build files to get the project compiling again.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 12 Oct 2007 20:35:15 +0000 (16:35 -0400)]
Cleanup xlog logging code to be safe and usable for all
This patch reworks the xlog logging code to avoid rebuilding the message into a
fixed size buffer. It also adds two new logging functions xlog_warn and
xlog_err which are replacements for idmap_warn and idmap_err. There use to be
two different variates of these functions with the only difference being that
one flavor tacked on the error string to the end of the message. This
responsibility has been pushed to the called of the function since it
needlessly complicated the function and required us to rebuild the message
strings.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 12 Oct 2007 20:35:05 +0000 (16:35 -0400)]
Use nfslib versions of cacheio functions
Now that the nfslib library has all the necessary functions and they
all operate as needed, use them instead of the private versions in
utils/gssd/cacheio.c.
The obsolete private versions are removed in the next patch.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 12 Oct 2007 20:35:00 +0000 (16:35 -0400)]
Copy new cacheio functions used by svcgssd to nfslib
Copy private qword_ functions from the svcgssd version into
the general nfslib library. Add prototypes as needed.
Also, update readline to use a bigger buffer allocation as is
needed in the svcgssd version.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 12 Oct 2007 20:34:49 +0000 (16:34 -0400)]
Make print_hexl function write to stdout rather than using printerr
print_hexl() currently uses printerr, but is really only necessary
for local debugging and should simply write to stdout.
Also change it to print the description internally.
Wrap it and its use in #ifdef DEBUG.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
It would be cleaner to use a single enum for po_rightmost()'s return value.
We take the next logical step and create specific types for the return
values in order to ensure we don't mix the enum values, and to document
explicitly what return values callers can expect.
This could have been a simpler patch, but I think the end result is a
cleaner overall parser API.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Thu, 11 Oct 2007 23:03:06 +0000 (09:03 +1000)]
Fix version fallback for unmount.
Previously, if the mtab record didn't mention a version, unmount
would assume a v3 umount and send an UNMOUNT request accordingly.
This is wrong.
So remove the 'v3' assumption, and allow probe_port to continue when
it gets a version number mis-match.
Also there was some overloading of the meaning of pm_vers==0 relating
to v4 mounts. As do_nfs_umount is never called for v4, rename it to
do_nfs_umount23, and remove v4 handling from there and from
nfs_call_umount.
Chuck Lever [Wed, 10 Oct 2007 19:06:43 +0000 (15:06 -0400)]
text-based mount.nfs: Add functions to handle background mounting
Add helper functions that handle background mounts; one each for
foreground processing (to try the request, and determine when to fork);
and one for background processing (retry the request multiple times as
a forked background daemon).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Wed, 10 Oct 2007 19:06:41 +0000 (15:06 -0400)]
text-based mount.nfs: add function to do foreground retries
Make the differences between the foreground and background mount logic
explicit by creating separate functions to handle each -- think of them as
separate scripts for doing a foreground or a background mount.
NFS foreground mounts are supposed to retry for a little while before
giving up. Add a function to handle this.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Wed, 10 Oct 2007 19:06:39 +0000 (15:06 -0400)]
text-based mount.nfs: sort between permanent and temporary errors
The text-based mount.nfs program must distinguish between different types
of errors returned from the kernel. Permanent errors, like bad mount
options, should cause an immediate failure. Temporary errors, such as a
connection timeout, should result in a retry of some type.
Add a function that sorts between the two types of errors. The list of
permanent errors can be adjusted later if needed.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Wed, 10 Oct 2007 19:06:35 +0000 (15:06 -0400)]
text-based mount.nfs: Implement falling back to NFSv2 and UDP
If the initial user-specified options fail (with EOPNOTSUPP or
EPROTONOSUPPORT) then the server has rejected the requested NFS version
or transport protocol.
In that case, probe the server, then construct a fresh set of mount
options that ask for the specific mountd and NFS version and transport
protocol that the server supports. Rewrite the mount options based on
the results of the probe, then try the request again.
An additional kernel patch is required to cause the kernel to return
EOPNOTSUPP when an rpcbind fails during a NULL request.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 8 Oct 2007 15:54:02 +0000 (11:54 -0400)]
text-based mount.nfs: Create helpers for invoking mount(2) system call
Add simple helper functions that invoke the mount(2) system call for
text-based mounts. These look the same right now, but the NFSv2/v3 helper
will become more complex over the following patches as we implement version
and transport protocol fallback.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 8 Oct 2007 15:53:51 +0000 (11:53 -0400)]
text-based mount.nfs: combine nfsmount_s() and nfs4mount_s() paths
The top-level logic that handles text-based mount options is mostly the
same for NFS and NFSv4 mounts. To improve maintainability, let's combine
the nfsmount_s() and nfs4mount_s() functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Fri, 28 Sep 2007 20:37:06 +0000 (16:37 -0400)]
text-based mount.nfs: Fix mounthost= processing
The 'mounthost=' option names a host where the mountd service is running.
The option is used to direct clients to use a different host for the mountd
procotol than the host where the NFS service is running.
The nfs(5) man page shows that the 'mounthost=' option takes a name, not
an address. The kernel's text-based mount option parsing logic expects an
IPv4 address. This is necessary because the kernel cannot itself resolve
hostnames to addresses.
Resolve the hostname and pass in a new mount option that contains the
resolved address, 'mountaddr=', to the kernel.
This requires a patch to the kernel to recognize the new 'mountaddr='
option, and to change the 'mounthost=' parsing logic to treat the value of
this option as a simple string.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Fri, 28 Sep 2007 20:36:35 +0000 (16:36 -0400)]
text-based mount.nfs: parse option strings into lists
Adapt a parsing trick used by Python.
Parse mount option strings into an abstract data type so we don't have to
copy and/or tokenize the whole option string multiple times while trying
to manipulate the mount options. Then, just before calling the mount(2)
system call, convert the object back into a C string.
One major advantage of this approach is that we can copy the final version
of the mount options into /etc/mtab when we're done, instead of copying in
the original mount options that the user specified. Any fallback from NFS
v3 to NFS v2 or TCP to UDP that was done by mount.nfs will be reflected in
/etc/mtab.
This patch adds methods for creating and manipulating mount option data
objects.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Fri, 28 Sep 2007 20:36:30 +0000 (16:36 -0400)]
mount.nfs: add new string tokenizer facility
To quote the strtok(3) man page: "Avoid using these functions."
OK. We've created our own. The main reason for this is that strtok(3)
doesn't handle quoted delimiters at all. We need to handle this:
context="foo,bar"
where 'context' is a single mount option that sets a token string that
possibly uses the same delimiter that the mount command uses to separate
options (that is, a comma).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Jeff Layton [Thu, 27 Sep 2007 10:54:04 +0000 (06:54 -0400)]
rpc.mountd: add new mode for handling netgroup-heavy configurations
If a host is a member of a large number of netgroups, it becomes easily
possible for client_compose to generate a m_hostname string that
overflows the maximum string length allowed by the kernel caches.
This patch adds a new mode for mountd where it will map IP address to IP
address in the auth.unix.ip cache. When this enabled, mountd doesn't
bother using client_compose to build the m_hostname string. It just
populates it with the dotted-quad ip address. When mountd handles a
mount request, it then has an IP address and a path. It then calls
client_check to check the host against export entries where the path has
already matched.
Since we don't bother looking up netgroups which have no relation to the
mount, this can be a big performance gain in netgroup-heavy
configurations. The downside is that every host has a corresponding
entry in the nfsd.export and nfsd.fh caches as well as the auth.unix.ip
cache.
The new behavior is automatically enabled if the length of all of the
concatenated netgroup names in the export table is longer than half
NFSCLNT_IDMAX. The rationale for this logic is that this should allow
for a host to be a member of a long list of netgroups while still
allowing for other matches.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Jeff Layton [Thu, 27 Sep 2007 10:53:58 +0000 (06:53 -0400)]
rpc.mountd: create client_resolve and change client_compose to take a hostent arg
This moves the resolution of IP address to hostent into a helper function
and has other functions call it. Having client_compose take a hostent arg
allows us to avoid an extra hostname lookup in the auth_authenticate
codepath as well. Instead of redoing this lookup in client_compose, we can
simply reuse the hostent that was already generated in auth_authenticate.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Jeff Layton [Thu, 27 Sep 2007 10:53:53 +0000 (06:53 -0400)]
rpc.mountd: make exportent->e_hostname a dynamically-allocated string
This makes the e_hostname field of the exportent into a pointer to a
dynamically allocated string. This is necessary since this is field is
often filled out from the m_hostname. This too adds a few
micro-optimizations as we can avoid copying the string in some places
and simply pass a pointer to the original string instead.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Jeff Layton [Thu, 27 Sep 2007 10:53:48 +0000 (06:53 -0400)]
rpc.mountd: Change nfs_client->m_hostname to be a dynamically-allocated string
Change nfs_client->m_hostname to be dynamically allocated rather than a
fixed length array of size NFSCLNT_IDMAX. This also adds a bit of
micro-optimization in a few places since it reduces the amount of string
copying that needs to be done.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Jeff Layton [Thu, 27 Sep 2007 10:53:43 +0000 (06:53 -0400)]
rpc.mountd: fix memory leak and error handling in nfsd_fh
nfsd_fh() uses strdup for creating found_path and doesn't check the
return value. It also doesn't free this memory when the function
returns. Check the return value of strdup and return immediately
if it's NULL. Also, free found_path on exit.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 24 Sep 2007 15:29:31 +0000 (11:29 -0400)]
umount.nfs: umount doesn't recognize a busy file system
umount.nfs shouldn't remove a busy file system from /etc/mtab, and should
report and return an error. I also added an extra "goto" to make the flow
of control more clear, and to reduce the chance that a future change in
this logic will break it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 24 Sep 2007 15:29:15 +0000 (11:29 -0400)]
mount.nfs: Add error messages for errors reported by text-based mount(2)
The text-based mount(2) system call API can return some additional errors
that we would like to report correctly to our users. These should be safe
to use with the legacy mount(2) ABI as well.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 24 Sep 2007 15:29:10 +0000 (11:29 -0400)]
text-based mount.nfs: Add text-based error reporting function
The mount_errors() function prints an error based on what just happened in
the user-space RPC library. This is meaningless for text-based mounts,
since they don't use the RPC library for most things.
Add a new error printing function that the text-based logic can use to
report an error.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 24 Sep 2007 15:29:05 +0000 (11:29 -0400)]
mount.nfs: rename mount_errors()
The function mount_errors() actually reports RPC errors generated by the
user-land RPC library. We're about to add a similar function for reporting
system call errors via errno, so rename mount_errors() to be more specific
about what it does.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Chuck Lever [Mon, 24 Sep 2007 15:28:33 +0000 (11:28 -0400)]
mount.nfs: add EX_SUCCESS exit code
We've had some recent trouble, especially in the umount code, that appears
to be due to functions returning a 1 or a 0 return code when they should be
returning a mount exit code (such as EX_FAIL) or a 0.
To help clearly distinguish these two classes of functions, define an
EX_SUCCESS exit code, which is equal to zero.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>
Use the renamed library libgssglue rather than libgssapi.
Also bump the required version for librpcsecgss (to the one that
also requires libgssglue rather than libgssapi).
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Revert an earlier change to make specifying the clientaddr= option illegal.
Jeff Layton pointed out that admins may want to specify the clientaddr=
option to advertise a different callback address when accessing an NFSv4
server through a NAT router.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de>