Kevin Coffman [Thu, 19 Apr 2007 21:39:27 +0000 (17:39 -0400)]
Update libgssapi requirements
Update the required version of libgssapi from 0.9 to 0.11.
(Working with Heimdal requires 0.11. Symbol versioning was
introduced in 0.10 and should be used everywhere, although
not absolutely required.)
Neil Brown [Mon, 16 Apr 2007 01:15:40 +0000 (11:15 +1000)]
Be more cautious about use for privilege ports (<1024).
Ports < 1024 are a scarce resource and should not be used
carelessly. Technically they should be not used at all without
registration with IANA, but sometimes we need them despite that.
So: for the socket that RPC services listen on, don't use a <1024 port
by default. There is no need.
For sockets that we send messages on, that are long-lived, and that might
need to appear 'privileged', avoid using a number that is registered in
/etc/services if possible.
Neil Brown [Mon, 2 Apr 2007 03:26:05 +0000 (13:26 +1000)]
exportfs - test exportability of filesystems when exportfs is run.
When exporting a filesystem test to see if the kernel is likely
to accept the export and print suitable warning message if not.
Don't actually fail the 'exportfs' as by the time a MOUNT request
arrives, the filesystem might be exportable.
Neil Brown [Mon, 2 Apr 2007 03:26:01 +0000 (13:26 +1000)]
mountd - improve checks and error messages for export failure.
If an attempt is made to export a non-(dir|file), just ignore it.
This should get caught by exportfs.
If an attempt is made to export a non-exportable filesystem, report
an error. Hopefully exportfs can trap some these as well, but
catching them in mountd as well is good.
Neil Brown [Mon, 2 Apr 2007 03:25:40 +0000 (13:25 +1000)]
Tell NFS/lockd client what that local state number is.
Both SM_STAT and SM_MON can return the state of an NSM, but it is
unclear which NSM they return the state of, so the value cannot be
used, and lockd doesn't use it.
Document this confusion, and give the current state to the kernel
via a sysctl if that sysctl is available (since about 2.6.19).
This should make is possible for the NFS server to detect a small
class of bad SM_NOTIFY packets and not flush locks in that case.
Kevin Coffman [Fri, 30 Mar 2007 22:32:14 +0000 (18:32 -0400)]
Use newly added keytab functions
Use the new functions added in the previous patch.
Obtain machine credentials in a pre-determined order
Look for appropriate machine credentials in the following order:
root/<fqdn>@REALM
nfs/<fqdn>@REALM
host/<fqdn>@REALM
root/<any-name>@REALM
nfs/<any-name>@REALM
host/<any-name>@REALM
The first matching credential will be used.
Also, the machine credentials to be used are now determined
"on-demand" rather than at gssd startup. This allows keytab
additions to be noticed and used without requiring a restart of gssd.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 30 Mar 2007 22:32:10 +0000 (18:32 -0400)]
Hide differences between MIT and Heimdal in macros
Clean up a lot of #ifdef'd code using macros, masking
the differences between MIT and Heimdal implementations.
The currently unused macros will be used in later patches.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Thu, 29 Mar 2007 03:20:20 +0000 (13:20 +1000)]
Change default to use system rpcgen.
If system-installed rpcgen if such exists.
If none is found, build our own.
Override with
./configure --with-rpcgen=internal
for internal rpcgen or
./configure --with-rpcgen=/local/rpcgen
for a non-standard location.
Neil Brown [Thu, 29 Mar 2007 03:08:08 +0000 (13:08 +1000)]
statd - use dnsname to ensure correct matching of NOTIFY requests.
When lockd asks to monitor a host, we find the FQDN from the DNS
and remember that, both internally and in the /var/lib/nfs/sm/*
file.
When we receive an SM_NOTIFY request, we compare both the
mon_name and the source IP address against that DNS name to find
a match.
If a DNS name is not available, we fall back to the name provided by
lockd, which at least is known to map to an IP address via
gethostbyname.
Neil Brown [Thu, 29 Mar 2007 03:08:07 +0000 (13:08 +1000)]
statd - check for 'priv' when looking for duplicate registrations.
From the point of view of the client (lockd), the 'priv' blob is probably
the most important key, so make sure to not throw away requests with
new 'priv' information.
Neil Brown [Thu, 29 Mar 2007 03:08:01 +0000 (13:08 +1000)]
mountd - better response to failed attempts to export filesystems
If the kernel rejects an attempt to export a filesystem - e.g. because
it is not exportable, we shouldn't just ignore the error, but rather
should tell the kernel that the relevant filehandle or path cannot be supported.
We should really print out some error messages too.
Neil Brown [Fri, 23 Mar 2007 01:36:36 +0000 (12:36 +1100)]
statd - fix bug so statd can talk to kernel again.
We need to call statd_get_socket before dropping privileges so that we
have a privileged port. We use to do that when initialising
notification as the same socket was used for reboot notication as for
callbacks to the kernel. Now it is a different socket..
Neil Brown [Thu, 22 Mar 2007 05:56:20 +0000 (16:56 +1100)]
mount.nfs: Fix issue with -o user,exec
It would seem to make sense for mount.nfs to impose the
"-o user" => "-o noexec,nodev,nosuid"
rule. However if you give "user,exec" to /sbin/mount,
it will pass down
nodev,nosuid,user
with the 'exec' flag :-(
So we have to leave that handling of that particular rule to
/sbin/mount.
Neil Brown [Thu, 22 Mar 2007 05:06:22 +0000 (16:06 +1100)]
Never set SO_REUSEADDR on a UDP socket.
The effect is quite different from TCP sockets.
For TCP, it allows you to listen for new connections even if there
are outstanding old connections with the same local address.
For UDP, it allows other people to steal your packets by
binding to the same address.
Kevin Coffman [Tue, 20 Mar 2007 22:52:17 +0000 (18:52 -0400)]
Fix a couple of problems that crept into mount
Commit 6facb22402a0bd8cd49be2ed1a0856b24fef42f4 changed the allocation
of len to no longer get 20 extra bytes. It needs to get at least one
extra byte for a null character, otherwise a single extra option such
as "sec=krb5" is never copied in parse_opt() and is dropped.
Neil Brown [Tue, 20 Mar 2007 05:17:27 +0000 (16:17 +1100)]
statd - remove try_to_resolve
try_to_resolve is used to resolve a hostname when sending a notification.
But we now only send notifications to localhost, so name resolution is not
needed.
Neil Brown [Tue, 20 Mar 2007 00:47:28 +0000 (11:47 +1100)]
Allow disabling of libblkid usage.
Some versions of libblkid have a terrible memory leak which makes
mounted grow toooo big. So support
--disable-uuid
to remove the uuid functionality and liblkid with it.
Neil Brown [Tue, 20 Mar 2007 00:15:29 +0000 (11:15 +1100)]
Add --with-rpcgen= for configure so that the system rpcgen can be used.
Ultimately it makes sense to remove remove rpcgen from the nfs-utils
release as it is already in the glibc release. With this patch
you can use the system rpcgen to make sure it works.
It is not default yet, but it might be in a future release.
Neil Brown [Tue, 20 Mar 2007 00:13:42 +0000 (11:13 +1100)]
Handle -o remount better
On -o remount, we need to update the entry in mtab rather than
add a new one. update_mtab does this so use that.
However it might free some strings that shouldn't be freed, so
stop it from calling free - the program will exit soon anyway
so no exit is needed.
Neil Brown [Mon, 19 Mar 2007 22:50:33 +0000 (09:50 +1100)]
Prevent sm-notify from being run multiple times per reboot.
As "mount.nfs" can start statd, and as statd can start sm-notify,
the risk of sm-notify being run multiple times increases.
As this is not normally appropriate, sm-notify now creates a
file in /var/run which will stop future instances from being
run (though ofcourse this behaviour can be controlled by a
new command line option).
Karel Zak [Mon, 19 Mar 2007 19:33:17 +0000 (20:33 +0100)]
Correctly handle -f (fake) mount option.
The fake option has to write to mtab like a normal mount. Read mount(8) man
page for more details. It's very important for system init scripts that use
"-f" as a way how write info about mount points to /etc/mtab.
Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Mon, 19 Mar 2007 00:52:30 +0000 (11:52 +1100)]
Handle 'crossmnt' when kernel asked for export options for a directory.
If the kernel finds a mountpoint below a 'crossmnt' export, it will ask
mounted what export options to use. With this patch it will return
the same export options as for the top 'crossmnt' export unless
more specific options have been given.
Neil Brown [Mon, 19 Mar 2007 00:41:21 +0000 (11:41 +1100)]
Allow exporting of a subfilesystem when 'crossmnt' is set.
If we are asked to export a filesystem which is not explicitly
exported, but an ancestor is exported as 'crossmnt', export the
filesystems with the same options as the ancestor.
This is the first step to making 'crossmnt' effectively export
a tree of filesystems.
Kevin Coffman [Fri, 16 Mar 2007 14:27:48 +0000 (10:27 -0400)]
Create two separate paths for pipefs_dir and pipefs_nfsdir.
Future work needs access to the base pipefs directory rather than
the nfs subdirectory. Create two separate paths called
pipefs_dir and pipefs_nfsdir with the name of each.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 16 Mar 2007 14:27:46 +0000 (10:27 -0400)]
Allow any credential to be used for machine credentials
Don't restrict machine credentials to be "nfs/<machine.name>".
Use any usable credentials contained in the keytab file.
[We actually attempt to use the first entry found for each
realm, not every entry, in the keytab.]
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Kevin Coffman [Fri, 16 Mar 2007 14:27:44 +0000 (10:27 -0400)]
Add option to allow root to use credentials other than machine credentials
Add a new option ("-n") to rpc.gssd to indicate that accesses as root
(uid 0) should not use machine credentials, but should instead use
"normal" Kerberos credentials obtained by root.
This change was prompted by a suggestion and patch from Daniel
Muntz <Dan.Muntz@netapp.com>. That patch suggested trying "normal"
credentials first and falling back to using machine creds for
uid 0 if normal creds failed.
This opens up the case where root may have credentials as "foo@REALM"
and begins accessing files. Then the context using those credentials
expires and must be renewed. If the credentials are now expired, then
root's new context would fall back and be created with the machine
credentials.
Instead, this patch insists that the administrator choose to use either
machine credentials for accesses by uid 0 (the default behavior, as
it was before) or "normal" credentials. In the latter case, arrangements
must be made to obtain credentials before attempting a mount. There
should be no doubts which credentials are used for uid 0.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Neil Brown [Fri, 16 Mar 2007 07:07:41 +0000 (18:07 +1100)]
Correctly handle "user" and "users" mount options.
If "user" or "users" is given, then allow mount.nfs to be run
by a non-root user providing that the mountpoint, filesystem, and options
exactly match what is found in fstab.
For "user", record the user name in mtab so they can unmount the
filesystem later.
Also alwasys ignore auto, owner, group and their negations as well
as "_netdev", "comment" and "loop".
Neil Brown [Fri, 16 Mar 2007 05:50:11 +0000 (16:50 +1100)]
On "umount --lazy", don't tell the server we have unmounted.
Because, ofcourse, we haven't.
When we do finally let-go of the mount, the server won't get told,
but the same would happen on a crash, and the server just has to cope.
Neil Brown [Fri, 16 Mar 2007 02:56:25 +0000 (13:56 +1100)]
Further tidyup of nfs_umount.
- remove non-used arguments from del_mtab.
- Don't try to pass a "host:/path" string to umount.
It used to be possible to umount("/dev/whatever"). It has never
been possible to umount("host:/path").
- Don't try to read /proc/mounts first. Some mount options (mount_vers)
are only stored in /etc/mtab, not in /proc/mounts. So we have to
prefer /etc/mtab as getmntXbackwards do.
- Only every call one of getmnt{dir,dev}backwards, depending on whether
'spec' looks like a path name or a host:/path.
- Don't call _nfsumount unless we have a host:/path, or del_mtab unless we
have a path name.
Wei Yongjun [Wed, 14 Mar 2007 07:56:58 +0000 (15:56 +0800)]
Use correct UMNT protocol to do umount
This patch do following things:
1. When unmounting, we should try /proc/mounts first. Only then in
/etc/mtab if it wasn't found.
2. Reject name passed to us which is not starts with a '/' or not
contains a ':'
3. Fix the method to get UMNT protocol
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>
Wei Yongjun [Wed, 14 Mar 2007 08:07:09 +0000 (16:07 +0800)]
Fix nfs4 umount to not used umount procedure
This fix umount.nfs4's BUG, patch cleanup some useless code.
1. Combine nfs3_umount() and nfs2_umount() to nfs_umount()
2. If it is a nfs4 remote file system or unkown mount version, do not
probe remote mount port and not send UMNT request wich is not necessary
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>
Wei Yongjun [Wed, 14 Mar 2007 07:51:38 +0000 (15:51 +0800)]
Use correct UMNT version to do umount
This patch lets umount to use correct UMNT version to do umount.
In latest kernel, the version format is "vers=3" etc., and in old kernel
the version format is "v3","v4" etc.
Signed-off-by: Wei Yongjun <yjwei@nanjing-fnst.com> Signed-off-by: Neil Brown <neilb@suse.de>