]> git.decadent.org.uk Git - nfs-utils.git/log
nfs-utils.git
17 years agoIf -o sec= is not specified for mount, allow either AUTH_SYS or AUTH_NONE.
Neil Brown [Wed, 14 Mar 2007 22:46:33 +0000 (09:46 +1100)]
If -o sec= is not specified for mount, allow either AUTH_SYS or AUTH_NONE.

Solaris servers, when asked to share a filesystem with an anon-uid, will
report the only available authentication style as AUTH_NONE in the
reply from mountd (even though they actually accept AUTH_SYS and simply
ignore the credentiuals).
So if no sec= is specified we should really accept anything that can easily
be handled.  ie. AUTH_SYS or AUTH_NONE.

17 years agoUse very long timeout for information in the filehandle->path cache.
Simon Peter [Tue, 13 Mar 2007 04:19:24 +0000 (15:19 +1100)]
Use very long timeout for information in the filehandle->path cache.

/* The fsid -> path lookup can be quite expensive as it
 * potentially stats and reads lots of devices, and some of those
 * might have spun-down.  The Answer is not likely to
 * change underneath us, and an 'exportfs -f' can always
 * remove this from the kernel, so use a really log
 * timeout.  Maybe this should be configurable on the command
 * line.
 */

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agonfs-utils patch for mount-reserved-port
Talpey, Thomas [Mon, 12 Mar 2007 15:55:17 +0000 (11:55 -0400)]
nfs-utils patch for mount-reserved-port

Only create a mount-time reserved port socket for kernels
which require it (pre-2.1.32/nfs_mount_version 1).

Signed-off-by: Tom Talpey <tmt@netapp.com>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoRestore use of un-connected socket for UDP mount requests.
Neil Brown [Tue, 13 Mar 2007 03:39:49 +0000 (14:39 +1100)]
Restore use of un-connected socket for UDP mount requests.

When connecting to an NFSv4 server we need to find out IP address
as it would be seen by the server, to register an address for
callbacks.
This is most easily done by connecting the socket to the
servers address and then getting the address of our endpoint.

However with a connected UDP socket, replies that come from a
different IP address - as can happen with non-Linux multi-homed
servers - will be rejected.

So if we connected our UDP socket, we need to be sure to
disconnect it before using it.

This patch adds an option to get_socket to say if we want it
connected or not and, in the case where we do, we disconnect
a UDP socket after the connection information has been used.

Also clean up the error handling in clnt_ping which was getting
clumsy.

17 years agoAdd support for "mount -o sec=none"
Neil Brown [Tue, 13 Mar 2007 01:47:40 +0000 (12:47 +1100)]
Add support for "mount -o sec=none"

For completeness... and who knows, someone might want it.

17 years agoRemove unused variable from add_mtab
Neil Brown [Tue, 13 Mar 2007 01:44:22 +0000 (12:44 +1100)]
Remove unused variable from add_mtab

17 years agoMerge branch 'branch-1-0'
Neil Brown [Tue, 27 Feb 2007 05:35:01 +0000 (16:35 +1100)]
Merge branch 'branch-1-0'

17 years agoFix silly bug with tcp-wrappers check nfs-utils-1-0-12
Neil Brown [Tue, 27 Feb 2007 04:55:40 +0000 (15:55 +1100)]
Fix silly bug with tcp-wrappers check

A stray '$'.

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoFix silly bug with gid lookup
Neil Brown [Tue, 27 Feb 2007 04:54:55 +0000 (15:54 +1100)]
Fix silly bug with gid lookup

Wrong pointer test meant mountd would alway do gid lookups
instead of only if asked to with '-g'.

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoExtend the exportfs/mountd interface to pass fslocations info into the kernel
Fred Isaman [Tue, 27 Feb 2007 04:31:04 +0000 (15:31 +1100)]
Extend the exportfs/mountd interface to pass fslocations info into the kernel

Fix up a few issues with the fsloc code.

Signed-off-by: Fred Isaman <iisaman@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoFix reference error when writing fsloc data to cache
Kevin Coffman [Tue, 27 Feb 2007 04:26:44 +0000 (15:26 +1100)]
Fix reference error when writing fsloc data to cache

Use the correct pointer when writing fslocations data to the cache.
Also write the fsloc stuff before the uuid stuff so userland code
will work with or without the uuid kernel patches.

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoAdd missing fsloc.[ch] files - oops. nfs-utils-1-0-11a
Neil Brown [Sun, 25 Feb 2007 19:42:02 +0000 (06:42 +1100)]
Add missing fsloc.[ch] files - oops.

17 years agoRemove rpc.lockd
Neil Brown [Thu, 22 Feb 2007 05:41:24 +0000 (16:41 +1100)]
Remove rpc.lockd

This was only needed for kernels 2.2.14 through 2.2.17.

These have long since been superceded, so remove some dead weight.

17 years agoChange default from subtree_check to no_subtree_check
Neil Brown [Thu, 22 Feb 2007 05:21:22 +0000 (16:21 +1100)]
Change default from subtree_check to no_subtree_check

subtree_check causes more problems than it is worth,
and it isn't worth much in the first place..

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoUpdate version to 1.0.11 nfs-utils-1-0-11
Neil Brown [Thu, 22 Feb 2007 04:50:03 +0000 (15:50 +1100)]
Update version to 1.0.11

17 years agoExtend the exportfs interface to pass fslocations info into the kernel.
Fred Isaman [Thu, 22 Feb 2007 04:48:53 +0000 (15:48 +1100)]
Extend the exportfs interface to pass fslocations info into the kernel.

Extend exportfs interface to pass fslocations info into the kernel,
using syntax modelled after AIX.  Adds "refer=" and "replicas="
options to /etc/exports to enable use of the kernel fslocation code.

Signed-off-by: Fred Isaman <iisaman@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoFix showmount bugs.
Neil Brown [Thu, 22 Feb 2007 04:34:45 +0000 (15:34 +1100)]
Fix showmount bugs.

When doing a nonblocked connect, we need to select for 'write', not 'read'.

Also, when a tcp socket has been connected, we should use clnttcp_create
to make a tcp client, not clntudp_bufcreate !!

17 years agoSupport group-id looks for kernels that ask for them.
Neil Brown [Mon, 12 Feb 2007 05:30:23 +0000 (16:30 +1100)]
Support group-id looks for kernels that ask for them.

With "-g" mountd will listen for uid -> gidlist requests
from the kernel and provide the required mapping.
This is specific to AUTH_USER (aka AUTH_SYS) and is designed
to overcome the 16-gid limit in the AUTH_UNIX protocol.

17 years agoUse UUIDs to identify filesystems if kernel supports it.
Neil Brown [Mon, 12 Feb 2007 01:25:03 +0000 (12:25 +1100)]
Use UUIDs to identify filesystems if kernel supports it.

This introduces a new dependancy on libblkid.
If a filesystem being exported has a UUID that libblkid
can extract, then that is passed to the kernel for use
in identifying the filesystem in filehandles.
This means that 'fsid=' is no longer needed to work around the
problem of device numbers changing.
fsid= is still needed for fielsystems that have no device,
and can now be given  16byute uuid instead of just a 32bit one.

17 years agoCorrect spelling error
Neil Brown [Mon, 12 Feb 2007 00:07:50 +0000 (11:07 +1100)]
Correct spelling error

 writting -> writing

17 years agoAdd option to svcgssd to enable libnfsidmap debugging.
Kevin Coffman [Thu, 8 Feb 2007 22:27:51 +0000 (17:27 -0500)]
Add option to svcgssd to enable libnfsidmap debugging.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Glenn Machin <GMachin@sandia.gov>.  Allow svcgssd
to turn on libnfsidmap debugging.  This uses a new command-line
parameter so that it can be enabled independently from other
debugging.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoRemove duplicated code.
Kevin Coffman [Thu, 8 Feb 2007 22:27:45 +0000 (17:27 -0500)]
Remove duplicated code.

Signed-off-by: Fred Isaman <iisaman@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Remove duplicated code.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoShare handling of lucid_sec_context for Heimdal and MIT
Kevin Coffman [Thu, 8 Feb 2007 22:27:40 +0000 (17:27 -0500)]
Share handling of lucid_sec_context for Heimdal and MIT

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The 0.8 release of Heimdal has (will have) support for the lucid context.
The handling of lucid_sec_context can be shared between builds with MIT
or Heimdal Kerberos.

Split out the lucid_sec_context code from context_mit.c
and make a new common file, context_lucid.c.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoUse owner rather than filename format in choosing cred cache files
Kevin Coffman [Thu, 8 Feb 2007 22:27:35 +0000 (17:27 -0500)]
Use owner rather than filename format in choosing cred cache files

Signed-off-by: Glenn Machin <gmachin@sandia.gov>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Some installations use different name formats for their credentials
caches.  Instead of checking that the uid is part of the name, just
make sure that uid is the owner of the file.
This is a modification of the original patch from Glenn.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoVarious minor manpage fixes.
Kevin Coffman [Thu, 8 Feb 2007 22:27:30 +0000 (17:27 -0500)]
Various minor manpage fixes.

Signed-off-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
  This mostly takes care of the difference between - and \-; in
  man pages, the former is hyphen (which indicates, among others,
  that a line might be split at that point), while the latter is a
  dash. For options, the latter is correct.

  There's also one minor grammatical fix.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoUse the gssglue version of gssapi.h for svcgssd_mech2file.c
Kevin Coffman [Thu, 8 Feb 2007 22:27:25 +0000 (17:27 -0500)]
Use the gssglue version of gssapi.h for svcgssd_mech2file.c

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Remove Kerberos implementation dependency from svcgssd_mech2file.c
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoStop using storage after free
Kevin Coffman [Thu, 8 Feb 2007 22:27:19 +0000 (17:27 -0500)]
Stop using storage after free

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The previous patch seems to expose a use after free bug in dirscancb. At
least, I could reliably reproduce a segfault by doing a bunch of mounts
and then unmounting them all. The code uses the following list macro:

      TAILQ_FOREACH(ic, icq, ic_next) {

...to iterate over all of the ic entries and clean up any that no longer
have a corresponding directory in rpc_pipefs. This macro unrolls into:

      for(ic=icq->tqh_first; ic != NULL; ic=ic->ic_next.tqe_next) {

...but within this loop, we can free ic, and then the for loop can trip
over that when it tries to do the iteration. The attached patch works
around this by not using the TAILQ_FOREACH macro and saving off the
tqe_next pointer prior to the free.

Again, this was tested on a patched 1.0.6, but the 1.0.10 code is very
similar, and I think the problem exists there as well.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoFix memory leak in idmapd.
Kevin Coffman [Thu, 8 Feb 2007 22:27:14 +0000 (17:27 -0500)]
Fix memory leak in idmapd.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
There is a pretty nasty memory leak in idmapd in dirscancb(). Some of
our customers have reported that idmapd can eat gigabytes of memory on
machines with a large number of mounts and unmounts and a long uptime.

That function uses scandir(), which malloc's an array of strings, but
dirscancb() never frees the strings or the array. The following patch
should correct this, but I've not yet tested it on 1.0.10 (only on the
RHEL4 1.0.6 version). Still, the code is very similar and I'm fairly
certain the problem exists in both versions.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoTreat GSSAPI error codes as unsigned.
Kevin Coffman [Thu, 8 Feb 2007 22:27:09 +0000 (17:27 -0500)]
Treat GSSAPI error codes as unsigned.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
GSSAPI error codes (major and minor) are defined as unsigned values.
However, we treat them as signed while passing them down to the
kernel where conversion fails if they include the minus sign.
Convert them as unsigned.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoAdd AM_MAINTAINER_MODE to configure.in
Kevin Coffman [Thu, 8 Feb 2007 22:26:59 +0000 (17:26 -0500)]
Add AM_MAINTAINER_MODE to configure.in

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As requested by "Steinar H. Gunderson" <sgunderson@bigfoot.com>, add
AM_MAINTAINER_MODE to configure.in.  See the description of this
macro below:

  `AM_MAINTAINER_MODE' disables the so called "rebuild rules" bys
  default. If you have `AM_MAINTAINER_MODE' in `configure.ac', and
  run `./configure && make', then `make' will *never* attempt to
  rebuild `configure', `Makefile.in's, Lex or Yacc outputs, etc.
  I.e., this disables build rules for files which are usually
  distributed and that users should normally not have to update.

     If you run `./configure --enable-maintainer-mode', then these
     rebuild rules will be active.
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoTouch up some of the autotools files
Kevin Coffman [Thu, 8 Feb 2007 22:26:53 +0000 (17:26 -0500)]
Touch up some of the autotools files

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
this patch touches up the autotool code a bit in nfs-utils:
 - run autogen.sh with -e so if something fails, it'll abort properly
 - set ACLOCAL_AMFLAGS so that when running autoreconf or when
   autotools re-runs itself, the m4 files are found properly
 - make sure we include bsdsignals.m4 in the final tarball
 - add some cross-compiling fallback logic to bsdsignals.m4 so that
   when cross-compiling nfs-utils, the configure is a bit more nice
   than simply:
      checking for BSD signal semantics... configure: error: cannot run test program while cross compiling
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoMake UDP sockets not blocking
Neil Brown [Mon, 5 Feb 2007 04:37:55 +0000 (15:37 +1100)]
Make UDP sockets not blocking

 This is needs if mountd is running multithreaded else multiple threads
 will be blocked on a UDP port with nothing to read and so won't
 be able to serve up-calls from the kernel.

 Thanks to "Murali Krishna V" <vm.krishna@gmail.com> for highlighting
 the problem.

17 years agoFurther README updates.
Neil Brown [Mon, 5 Feb 2007 03:12:01 +0000 (14:12 +1100)]
Further README updates.

17 years agoUpdate README
J. Bruce Fields [Thu, 1 Feb 2007 17:38:47 +0000 (12:38 -0500)]
Update README

The README has bit-rotted: redhat and debian packaging scripts are no
longer included, util-linux mount is (in theory) no longer required, and
instructions on building from latest git would be useful.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoEnable tcpwrappers by default
Neil Brown [Mon, 5 Feb 2007 00:56:07 +0000 (11:56 +1100)]
Enable tcpwrappers by default

This used to be the default but we lost it at about 1.0.8

17 years agoRemove explicit path names from man page for showmount and lockd.
Neil Brown [Mon, 5 Feb 2007 00:33:13 +0000 (11:33 +1100)]
Remove explicit path names from man page for showmount and lockd.

Just like statd, the path isn't needs in the man page and different
distros install it in different places.

17 years agoUse memset instead of __bzero.
Steinar H. Gunderson [Mon, 20 Nov 2006 22:47:52 +0000 (23:47 +0100)]
Use memset instead of __bzero.

    bzero has been deprecated
    for years (and anything starting with __ is an internal
    function anyhow), and __bzero seems to have broken on ia64
    not too long ago.

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoAdd generated files to CLEANFILES in rquotad
Neil Brown [Sun, 4 Feb 2007 23:06:41 +0000 (10:06 +1100)]
Add generated files to CLEANFILES in rquotad

Matching utils/statd, make sure generated files get cleaned.

17 years agoRemove path name for rpc.statd from manpage.
Neil Brown [Sun, 4 Feb 2007 23:00:48 +0000 (10:00 +1100)]
Remove path name for rpc.statd from manpage.

As the man page doesn't need it, and different distros put it in
different places.

17 years agoFix an off-by-one in the handling of the -d option to rpc.gssd
Steinar H. Gunderson [Sun, 4 Feb 2007 22:53:14 +0000 (09:53 +1100)]
Fix an off-by-one in the handling of the -d option to rpc.gssd

 https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/76409

17 years agoVarious minor manpage fixes.
Steinar H. Gunderson [Sun, 4 Feb 2007 22:45:21 +0000 (09:45 +1100)]
Various minor manpage fixes.

         This mostly takes care of the difference between
         - and \-; in man pages, the former is hyphen
         (which indicates, among others, that a line might
         be split at that point), while the latter is a
         dash. For options, the latter is correct.

         There's also one minor grammatical fix.

17 years agoRemove getkversion
Neil Brown [Sun, 4 Feb 2007 22:17:39 +0000 (09:17 +1100)]
Remove getkversion

This is not used, does not seem useful, and causes compile
problems on some distgributions.

17 years agoAllow default options in /etc/exports
Steinar H. Gunderson [Tue, 26 Dec 2006 22:58:48 +0000 (23:58 +0100)]
Allow default options in /etc/exports

  Implement default options in /etc/exports, to fix a long-standing wishlist
  bug in Debian. (The user claims the syntax matches that of OpenBSD.) This
  makes it possible to write "/srv/www -sync,no_subtree_check host1 host2 host3"
  instead of having to write (sync,no_subtree_check) over and over and over
  again, driving the administrator slowly mad. Such option lines can be
  placed anywhere on the line, and affects anything after them (I do not
  know if OpenBSD allows this). The patch is slightly convoluted in order to
  avoid triggering spurious warnings; for instance, we want
  "/srv/www -sync host1" to trigger a warning, but not "/srv/www
  -sync,no_subtree_check host1" or "/srv/www -sync host1(no_subtree_check)".

  There was also a suggestion for a truly global (ie. per-file) option list,
  but this seemed like the safest bet, given that it matches that of other
  implementations.

  Also, the man page is updated with information on the new possibilities,
  and an example.

Signed-off-by: Steinar H. Gunderson <sesse@debian.org>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoMake mountd complain on unsupported uid mapping schemes
Steinar H. Gunderson [Sat, 23 Dec 2006 12:28:20 +0000 (13:28 +0100)]
Make mountd complain on unsupported uid mapping schemes

  The NFS kernel server does not support uid mappings, activated with flags
  such as "map_daemon" in exports. There is already code that parses these
  flags, and gives an error at mount time if an unsupported flag (ie. any
  but the default) is given. However, at some point the kernel changed the
  export interface, and the new code forgot to include the relevant check.
  Thus, simply copy the check from the old to the new code, which makes
  sure mountd behaves the same in this aspect regardless of kernel version,
  and makes sure the admin does not inadvertently use map_daemon and expect
  it to work.

Signed-off-by: Steinar H. Gunderson <sesse@debian.org>
17 years agoNever set flushtime for a cache in the future.
Neil Brown [Sun, 4 Feb 2007 21:57:36 +0000 (08:57 +1100)]
Never set flushtime for a cache in the future.

If 'etab' happens to have a timestamp in the future, this will get
copied to the flush-time for various caches,  and no exports will
work until that time arrives.  So clamp the flushtime to 'now'.

17 years agoEnsure 'showmount -e' gets current information.
Neil Brown [Thu, 11 Jan 2007 01:51:29 +0000 (12:51 +1100)]
Ensure 'showmount -e' gets current information.

If auth_reload has been called by someone else, get_exportlist
can incorrectly return old data.  So track modify times better
and only use cached data if the modify time matches.

17 years agoError check messages sent to the kernel.
Neil Brown [Thu, 11 Jan 2007 01:45:48 +0000 (12:45 +1100)]
Error check messages sent to the kernel.

And make sure that if we fail to export a filesystem in mountd,
then we don't try to get a filehandle on it, or a deadlock
might occur.

17 years agoadd missing long option for -r in mountd
Jeff Layton [Tue, 19 Dec 2006 16:59:07 +0000 (11:59 -0500)]
add missing long option for -r in mountd

I forgot a bit of code that needs to go into patch 3 that I posted yesterday.
This adds a long option for the -r option. I'll post manpage update patches
once I get them written up.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoReduce showmount timeouts.
Ian Kent [Tue, 19 Dec 2006 11:16:17 +0000 (20:16 +0900)]
Reduce showmount timeouts.

Showmount itself tries to use a short timeout but
the RPC clnttcp_create and clntudp_create calls will call portmap
internally to get the port to use if it is set to 0 in the passed
address structure. The above calls then use the internal timeouts,
 basically 60 seconds, which slows things down. Also the for tcp a
blocking connect is used which can take quite a while to timeout as
well.

showmount tries tcp then udp so a fail can go through several lengthy
waits before failing.

I've grabbed some of the autofs code and put together a patch to allow
specification of the timeouts for the portmap getport and to implement a
non-blocking connect.

Signed-off-by: Neil Brown <neilb@suse.de>
17 years agonhfsstone remove due to license uncertainty.
Neil Brown [Mon, 18 Dec 2006 22:44:17 +0000 (09:44 +1100)]
nhfsstone remove due to license uncertainty.

It isn't clear the the License (See DISCLAIMER) is GPLv2 compatable,
and it is believed that the code is largely unused, so get rid
of nhfsstone just to be safe.

Signed-off-by: NeilBrown <neilb@suse.de>
17 years agoadd -r flag to make mountd do reverse resolve of ipaddress on the fly
Jeff Layton [Mon, 18 Dec 2006 20:44:11 +0000 (15:44 -0500)]
add -r flag to make mountd do reverse resolve of ipaddress on the fly

For those that want "traditional" showmount -a behavior from their mountd
(hostname:/path instead of ipaddr:/path). This patch adds a '-r' flag that
does a reverse-resolve for each IP address listed in the rmtab when
a dump operation is called.

Probably not a good idea for those concerned about performance, but since it's
not the default option, I don't see it being an issue.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoremove extraneous mountlist_add/del calls and change remaining ones to use IP addresses
Jeff Layton [Mon, 18 Dec 2006 20:43:56 +0000 (15:43 -0500)]
remove extraneous mountlist_add/del calls and change remaining ones to use IP addresses

Neil suggested a patch to change the mountlist_add and mountlist_del calls to
use IP addresses instead of the names returned by client_compose based on a
command line option flag.

I don't see any real reason to put client_compose strings into the rmtab, so
this patch makes it so that it adds IP addresses instead of those strings to
the rmtab by default.

It also removes all mountlist_add calls that are being done from kernel cache
routines. My main concern there is NFSv4. We don't seem to make any upcalls to
mountd on NFSv4 unmounts, and I don't see a way to reliably remove NFSv4
entries. So, I figured I'd stick with having mountlist_add only called when
a v2 or v3 mount call is made, and mountlist_del called only on the
corresponding unmount call.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agoDon't rely on old info in my_client
Jeff Layton [Mon, 18 Dec 2006 20:43:16 +0000 (15:43 -0500)]
Don't rely on old info in my_client

Here's a new set of patches to fix up "showmount -a", based on the approach
suggested by Neil. This first patch is fairly simple. It just stops
the current caching of my_client.

For an explanation, consider this situation with the current code:

1) Client mounts an NFS export from server that is restricted to a particular
hostname or netgroup.

2) DNS or netgroup changes so that the client would be denied.

3) Client attempts mount again. Mount succeeds, even though it shouldn't due
to the fact that mountd relies on cached info in my_client.

This situation can occur as long as no other client attempts a mount between
1 and 3 above. The patch below removes this caching, and causes a new
invocation of client_compose for each pass through auth_authenticate:

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
17 years agonfs-utils - mtab locking needed on add as well as update
Ian Kent [Thu, 14 Dec 2006 11:34:52 +0000 (20:34 +0900)]
nfs-utils - mtab locking needed on add as well as update

Hi all,

I noticed some mtab corruption the other day when doing some autofs
testing but thought nothing of it.

When investigating another issue I came across utils/mount.c:add_mtab
which looks like it adds an entry to /etc/mtab without performing
correct locking. Perhaps this is not needed when adding entries but I
think it is.

18 years agoFix -n option to mountd
Steinar H. Gunderson [Tue, 24 Oct 2006 06:10:44 +0000 (16:10 +1000)]
Fix -n option to mountd

The getopt_long() option string in mountd was having a spurious
colon after the 'n', leading to the short form of --no-tcp not
being usable (expecting a parameter, contrary to the long form
and the documentation). Fix.

18 years agoDocument sensitive gids
Steinar H. Gunderson [Tue, 24 Oct 2006 06:09:33 +0000 (16:09 +1000)]
Document sensitive gids

The exports(8) man page already mentions that some non-root users,
such as bin, might be just as sensitive as root, and that root_squash
thus might not be as effective as one could hope for. Update the
documentation to also mention that this could be the case for non-root
groups, such as staff.

18 years agoAssorted man page fixes
Neil Brown [Tue, 24 Oct 2006 06:08:26 +0000 (16:08 +1000)]
Assorted man page fixes

Mostly thanks to Sylvain Cherrier <sylvain.cherrier@free.fr>

18 years agoAllow gssd ccaches in MEMORY: rather than FILE:
Kevin Coffman [Fri, 13 Oct 2006 19:36:03 +0000 (15:36 -0400)]
Allow gssd ccaches in MEMORY: rather than FILE:

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add option to store gssd ccaches in a MEMORY: cache rather
than the default FILE: cache.  In response to suggestion
from Steve Dickson <steved@redhat.com> and
Nalin Dahyabhai <nalin@redhat.com>.

18 years agoImplement a new version of lucid spkm3 context.
Olga Kornievskaia [Fri, 13 Oct 2006 19:35:57 +0000 (15:35 -0400)]
Implement a new version of lucid spkm3 context.

Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Implement a new version of lucid spkm3 context which is passed
down to the kernel.

18 years agoDon't always use default mapping to "nobody".
J. Bruce Fields [Fri, 13 Oct 2006 19:35:52 +0000 (15:35 -0400)]
Don't always use default mapping to "nobody".

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
We've been ignoring all mapping errors and instead mapping to a "nobody" user
or group.

This is arguably OK for the cases where we're returning a value to the user
(so, id->name mapping on the server or name->id mapping on the client).

But it's a disaster in the other direction (id->name on the server or id->name
on the client): for example, a chown to an unknown user should *not*
automatically be translated into a succesful chown to "nobody".

This patch fixes that problem on the server side.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
18 years agoFix misc warning messages
Kevin Coffman [Fri, 13 Oct 2006 19:35:43 +0000 (15:35 -0400)]
Fix misc warning messages

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Clean up a few warning messages.

18 years agoOn a glibc system gethostbyname is in libc not libnsl
did447@gmail.com [Fri, 13 Oct 2006 19:35:38 +0000 (15:35 -0400)]
On a glibc system gethostbyname is in libc not libnsl

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change configure test for gethostbyname, and properly
determine whether "-lnsl" or "-lsocket" are really
required.

18 years agoRestore extra help for PKG_CONFIG error
Kevin Coffman [Fri, 13 Oct 2006 19:35:32 +0000 (15:35 -0400)]
Restore extra help for PKG_CONFIG error

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Fix the error message printed when pkg-config is unable to locate
information for librpcsecgss so the message is actually printed.

18 years agoAdd a SEE ALSO in nfsd man page
Mike Frysinger [Mon, 21 Aug 2006 02:53:11 +0000 (12:53 +1000)]
Add a SEE ALSO in nfsd man page

18 years agoOne final step in convertion of anon = -2 -> 65534
Neil Brown [Tue, 8 Aug 2006 22:08:10 +0000 (08:08 +1000)]
One final step in convertion of anon = -2 -> 65534

Printing export options should avoid printing 'anonuid=65534'
rather than avoiding 'anonuid=-2'.

18 years agoSet version to 1.0.10 nfs-utils-1-0-10
Neil Brown [Mon, 7 Aug 2006 06:40:50 +0000 (16:40 +1000)]
Set version to 1.0.10

Note: 1.0.10 should be used in preference to
 1.0.9 especially with kernels 2.6.18 and later
 otherwise 'rpc.nfsd N' won't work to change the
 number of threads after nfsd has been started.

18 years ago"rpc.nfsd XX" should not fail if ports are already open.
Neil Brown [Mon, 7 Aug 2006 06:37:13 +0000 (16:37 +1000)]
"rpc.nfsd XX" should not fail if ports are already open.

    support/nfs/nfssvc.c:  if any ports are already open,
   don't try to open any more.
 This means that once nfsd is running
     rpc.nfsd  X
 will just change the number of threads, not the
 ports in use.

18 years agoRemove warning if neither 'sync' or 'async' present.
Neil Brown [Mon, 7 Aug 2006 04:19:32 +0000 (14:19 +1000)]
Remove warning if neither 'sync' or 'async' present.

Add warning of neither 'subtree_check' or 'no_subtree_check' present.

18 years agoFix compilation problem - write_oid not defined
Kevin Coffman [Wed, 12 Jul 2006 03:09:59 +0000 (23:09 -0400)]
Fix compilation problem - write_oid not defined

18 years agoFix off-by-one error in rpcgen
Richard Guenther [Thu, 20 Jul 2006 01:41:08 +0000 (11:41 +1000)]
Fix off-by-one error in rpcgen

We obviously need to allocate space for the terminating nul too.

18 years agoUpdate changelog and set version to 1.0.9 nfs-utils-1-0-9
Neil Brown [Sat, 8 Jul 2006 00:04:32 +0000 (10:04 +1000)]
Update changelog and set version to 1.0.9

18 years agoUse uid/gid of -1 to indicate the export's anonuid/anongid should be used
Kevin Coffman [Sat, 8 Jul 2006 00:01:40 +0000 (10:01 +1000)]
Use uid/gid of -1 to indicate the export's anonuid/anongid should be used

Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export.  We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
18 years agoChange svcgssd_LDFLAGS to match gssd_LDFLAGS
Kevin Coffman [Fri, 7 Jul 2006 23:58:03 +0000 (09:58 +1000)]
Change svcgssd_LDFLAGS to match gssd_LDFLAGS

18 years agoDisable building/installing mount.nfs by default.
Neil Brown [Fri, 7 Jul 2006 23:41:58 +0000 (09:41 +1000)]
Disable building/installing mount.nfs by default.

mount.nfs does not yet support 'user' option and some others.
To make it support this we need to make it setuid-root, and
some security isses need to be resolved before that can be done
safely.

18 years agoCall nfssvc_versbits before nfssvc_setfds
Steve Dickson [Fri, 7 Jul 2006 23:35:02 +0000 (09:35 +1000)]
Call nfssvc_versbits before nfssvc_setfds

nfssvc_versbits() has to be called before nfssvc_setfds()
for the version processing to work correctly

18 years agoOnly use -rpath for Kerberos libs when actually needed.
Neil Brown [Thu, 6 Jul 2006 03:05:11 +0000 (13:05 +1000)]
Only use -rpath for Kerberos libs when actually needed.

Avoid usage of -rpath is generally safer, and is required by Debian policy.

18 years agoUse 65534 instead of -2 in svcgssd_proc.c
Neil Brown [Thu, 6 Jul 2006 02:28:33 +0000 (12:28 +1000)]
Use 65534 instead of -2 in svcgssd_proc.c

as this is more consistant across achitectures.

18 years agoThis patch adds code to nfsstat to read /proc/net/rpc/nfsd for nfsv4 server statistic...
Shankar Anand [Tue, 4 Jul 2006 14:50:56 +0000 (08:50 -0600)]
This patch adds code to nfsstat to read /proc/net/rpc/nfsd for nfsv4 server statistics and print them.

Submitted by: Shankar Anand <shanand@novell.com>

18 years agoFix typos in various man pages.
Steinar H. Gunderson [Wed, 5 Jul 2006 05:55:45 +0000 (15:55 +1000)]
Fix typos in various man pages.

18 years agoUse 65534 for anon uid/gid rather than -2
Steinar H. Gunderson [Wed, 5 Jul 2006 05:51:30 +0000 (15:51 +1000)]
Use 65534 for anon uid/gid rather than -2

This is more consistant across platforms.

18 years agoUpdate rpcdebug to know about new 2.6 debug flags. Added
Greg Banks [Wed, 5 Jul 2006 03:37:21 +0000 (13:37 +1000)]
Update rpcdebug to know about new 2.6 debug flags.  Added
a manpage and installed rpcdebug (in sbindir).

18 years agoIgnore new generated files.
Greg Banks [Wed, 5 Jul 2006 02:22:45 +0000 (12:22 +1000)]
Ignore new generated files.

18 years agoAdd rquota.h to BUILT_SOURCES so rquotad builds on the first try.
Greg Banks [Wed, 5 Jul 2006 02:20:20 +0000 (12:20 +1000)]
Add rquota.h to BUILT_SOURCES so rquotad builds on the first try.

18 years agoGenerate rquota_xdr.c and rquota.h from rquota.x
Neil Brown [Wed, 5 Jul 2006 01:06:09 +0000 (11:06 +1000)]
Generate rquota_xdr.c and rquota.h from rquota.x

rquota_svc.c is still by-hand as it contains alot of extras.
These should really be moved to rquota_server.c

18 years agoRemove some files that old, unused, unneeded.
Neil Brown [Wed, 5 Jul 2006 00:41:03 +0000 (10:41 +1000)]
Remove some files that old, unused, unneeded.

deleted:  support/export/keys.c
deleted:  support/include/rpcdispatch.h
deleted:  support/include/rpcsec.h
deleted:  support/include/version.h
deleted:  support/include/ypupdate.h
deleted:  support/nfs/clients.c
deleted:  support/nfs/keytab.c
deleted:  support/nfs/ypupdate_xdr.c
deleted:  support/rpc/include/Makefile.am
deleted:  tools/rpcdebug/neat_idea.c
deleted:  utils/mountd/mount_xdr.c
deleted:  utils/rquotad/pathnames.h

18 years agoAvoid error creating an existing symlink
Neil Brown [Wed, 5 Jul 2006 00:30:51 +0000 (10:30 +1000)]
Avoid error creating an existing symlink

Just remove the link first.

18 years agoDon't depend on Kerberos headers when checking librpcsecgss in configure
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:33:54 +0000 (18:33 -0400)]
Don't depend on Kerberos headers when checking librpcsecgss in configure

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Older versions of MIT Kerberos are missing an OID definition, causing
the configure checks for librpcsecgss to fail.  We shouldn't be depending
on their libraries during the configure.

18 years agoEliminate warnings from code generated by rpcgen
Greg Banks [Tue, 4 Jul 2006 08:33:56 +0000 (18:33 +1000)]
Eliminate warnings from code generated by rpcgen

 - unused variable 'buf'
    - emit a declaration for `buf' on demand.
 - unused variable 'i'
    - declare i immediately before use
 - unused value from IXDR_PUT_
    - cast to (void)
 - type-punned pointer reference
    - cast to (void*) first :-(

18 years agoHandle mapping failure from get_ids.
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:43 +0000 (18:34 -0400)]
Handle mapping failure from get_ids.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Temporary patch to do default mapping if we get an error while trying to
map a gss principal to the appropriate uid/gid.  This currently returns
hardcoded values.  This may be correct, or we may need to try and figure
out the correct values to match the anonuid/anongid for the export.

18 years agoProperly report errors in readline() function
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:38 +0000 (18:34 -0400)]
Properly report errors in readline() function

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change message priorities for errors and debug messages.

18 years agoChange default buffer size increment for readline()
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:33 +0000 (18:34 -0400)]
Change default buffer size increment for readline()

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The readline routine expects much smaller messages than we are passing.
Change the default initial allocation and increment value from 128
to 2048.  This saves many calls to realloc().

18 years agoClean up the printerr() logging function.
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:27 +0000 (18:34 -0400)]
Clean up the printerr() logging function.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Update the printerr() function to:

1) Determine whether we'll print the message before going to all the
   work of formatting it.
2) Don't just toss away messages that are too long for the buffer.
   Print what we can and give an indication of the truncation with
   "..." at the end.
3) Use a single buffer rather than two.
4) Messages either go to syslog (with level ERR) or stderr.  Don't
   send some messages to syslog level DEBUG.

18 years agoUse setfsuid() rather than seteuid() while creating contexts
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:21 +0000 (18:34 -0400)]
Use setfsuid() rather than seteuid() while creating contexts

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
seteuid() when creating a gss context.  This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.

18 years agoLimit acquire_cred call to to Kerberos only
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:16 +0000 (18:34 -0400)]
Limit acquire_cred call to to Kerberos only

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.

18 years agoCheck that the gssapi library is usable early on.
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:10 +0000 (18:34 -0400)]
Check that the gssapi library is usable early on.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured.  We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.

18 years agoFix problems with 64-bit big-endian machines
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:34:05 +0000 (18:34 -0400)]
Fix problems with 64-bit big-endian machines

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Correct the definition of mech_used in the gss context to use gss_OID_desc.
This fixes problems on 64-bit machines when referencing the OID.

Also updates write_buffer function to use u_int rather than size_t when
doing calculations.

18 years agoDefine CFLAGS for gss_clnt_send_err compile
kwc@citi.umich.edu [Mon, 3 Jul 2006 22:33:59 +0000 (18:33 -0400)]
Define CFLAGS for gss_clnt_send_err compile

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err

18 years agoUse socklen_t some more to avoid warnings.
Greg Banks [Mon, 3 Jul 2006 05:59:54 +0000 (15:59 +1000)]
Use socklen_t some more to avoid warnings.

18 years agoFix warning about pointer signedness differing.
Greg Banks [Mon, 3 Jul 2006 05:39:41 +0000 (15:39 +1000)]
Fix warning about pointer signedness differing.

18 years agoInclude the right header to get xmalloc() declaration.
Greg Banks [Mon, 3 Jul 2006 05:17:34 +0000 (15:17 +1000)]
Include the right header to get xmalloc() declaration.