]> git.decadent.org.uk Git - nfs-utils.git/log
nfs-utils.git
11 years ago.gitignore: ignore more generated files
Mike Frysinger [Fri, 19 Apr 2013 17:27:57 +0000 (13:27 -0400)]
.gitignore: ignore more generated files

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoconfigure.ac: do not fail sqlite check when cross-compiling
Mike Frysinger [Fri, 19 Apr 2013 17:21:47 +0000 (13:21 -0400)]
configure.ac: do not fail sqlite check when cross-compiling

If we're cross-compiling, we can't do a runtime test of sqlite,
so just assume that the user has a good enough version rather
than falling over.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agosm-notify: "-v hostname" doesn't work when IPV6_SUPPORT is enabled
Chuck Lever [Fri, 19 Apr 2013 17:13:57 +0000 (13:13 -0400)]
sm-notify: "-v hostname" doesn't work when IPV6_SUPPORT is enabled

Marc Eshel reports that using the -v command line option on the
sm-notify command stopped working after nfs-utils 1.2.2, when IPv6
support was added.  If nfs-utils is built without IPv6 support, it
still works.  Marc specified a hostname with a single A record.

smn_bind_address() must construct a bind address with the same
family as the RPC socket's protocol family.  Add an AI_V4MAPPED hint
so an appropriate IPv6 bind address is constructed even if -v
specifies an IPv4 presentation address, or a hostname with only IPv4
mappings.

We still use an IPv4 bind address if IPv6 support is compiled out or
the host does not support IPv6.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Cc: Marc Eshel <eshel@us.ibm.com>
11 years agomount: No longer negotiate to v2
Steve Dickson [Fri, 19 Apr 2013 17:11:43 +0000 (13:11 -0400)]
mount: No longer negotiate to v2

This patch remove the ability of negotiating to the v2
protocol. Explicitly setting the version on the command
line will be the only way to use v2.

Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: fix exporting of "/" with sec= setting.
NeilBrown [Fri, 19 Apr 2013 17:09:27 +0000 (13:09 -0400)]
mountd: fix exporting of "/" with sec= setting.

Commit 91bb95f2689e84856ecdf6fac365489d36709cf9
   4set_root: force "fsid=0" for all exports of '/'

set NFSEXP_FSID for the export of "/" if nothing else had any fsid set,
however it didn't also set the flag for all security flavours.  So the
kernel complains that the flags on the security flavours don't match and
it rejects the export.

So call fix_pseudoflavor_flags() in write_secinfo() to make sure that
any fiddling that has been done to e_flags gets copied to e_secinfo.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Allow GSSAPI to try to acquire credentials first.
Simo Sorce [Fri, 19 Apr 2013 17:02:36 +0000 (13:02 -0400)]
gssd: Allow GSSAPI to try to acquire credentials first.

GSSAPI can be given a uid number as a special name, and then
gss_acquire_cred() can use the name to try to find credentials for
the user.

Give GSSAPI a chance to do it on its own, then fallback to the classic
method of trolling through the file system to find a credential cache.

This patch uses a little know feature of GSSAPI that permits to acquire
crdentials specifying the user's UID. Normally GSSAPI will simply
perform a getpwuid() call and use the user name to generate a principal name and
then see if it can find a TGT for that principal in the local ccache.

This feature is vital to allow the GSS-Proxy to be able to initiate
crdentials on behalf of rpc.gssd using client keytabs stored in the filsystem.

GSS-Proxy works through an interposer-type plugin (new feature in MIT 1.11)
that allows to intercept all GSSAPI requestes and relay them to a system
daemon via a socket. This daemon (GSS-Proxy) then can perform operations
on behalf of other applications with additional logic.

In the rpc.gssd case the GSS-Proxy daemon allows applications running as
system users to properly access krb5 protected shares by creating a
credential cache on the fly when necessary.

This way all applications that need access to krb5 protected shares do not need
to be taught how to initiate crdentials on their own, nor they need to be
wrapped in additional init scripts like k5start or use wasteful cronjobs to
keep credentials fresh. All is needed is to drop a keytab with the right keys
in a special location on the system and gss-proxy will do the rest.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: Add the missing '$' in auth_unix_ip()
Jose Castillo [Fri, 19 Apr 2013 14:51:57 +0000 (10:51 -0400)]
mountd: Add the missing '$' in auth_unix_ip()

We found this problem because NFS clients to a RHEL6 NFS server were
experiencing periods of ESTALE errors after being mounted and initially
working successfully. Tests were run which snapshotted the nfs/sunrpc
caches before and after the issue, and it was found that the '$'
character
at the beginning of the ID strings, used when in use_ipaddr mode, was
getting
lost:

GOOD, while mount was working:
nfsd 1.2.3.4 $1.2.3.4

BAD, after mount started returning ESTALE:
nfsd 1.2.3.4 1.2.3.4

This would then cause the export checks to fail by passing '1.2.3.4'
instead of '$1.2.3.4' up to rpc.mountd.

The problem appears to be in the auth_unix_ip() function when renewing
the auth.unix.ip cache entry.  It would fail to add the '$' character
back to the beginning of the string used for the domain string,
breaking the use_ipaddr mode.

Signed-off-by: Jose Castillo <jcastillo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agonfs(5): Update description of sec= mount option
Chuck Lever [Wed, 10 Apr 2013 15:43:31 +0000 (11:43 -0400)]
nfs(5): Update description of sec= mount option

Bryan recently added SECINFO support, and I've beefed up the NFSv3
MNT processing in kernel to do some security flavor negotiation.

Thus the kernel can perform additional security flavor negotiation
now.  Update the description of the sec= mount option and the
SECURITY CONSIDERATIONS section to reflect this change.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Fix double free when exporting lucid context
Simo Sorce [Wed, 10 Apr 2013 15:34:41 +0000 (11:34 -0400)]
gssd: Fix double free when exporting lucid context

When using GSSAPI's gss_krb5_export_lucid_context the context passed
into the function is actually deleted during the export (to avoid
reuse as the context contains state that depends on its usage).

Change the code to pass in a pointer to the context so that it can be
properly NULLed if we are using the GSSAPI context and following calls to
gss_delete_sec_context will not cause double free errors and segfaults.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Fix segfault when using -R option
Simo Sorce [Tue, 2 Apr 2013 19:06:13 +0000 (15:06 -0400)]
gssd: Fix segfault when using -R option

The getopt string did not add : after the R option resulting in a
sefgault whenever -R was used as optarg is NULL and it is dereferenced.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Switch to use standard GSSAPI by default
Simo Sorce [Tue, 2 Apr 2013 19:04:37 +0000 (15:04 -0400)]
gssd: Switch to use standard GSSAPI by default

Make libgssglue configurable still but disabled by default.
There is no reason to use libgssglue anymore, and modern gssapi
supports all needed features for nfs-utils.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Add configure check for gss_krb5_free_lucid_sec_context().
Simo Sorce [Tue, 2 Apr 2013 18:41:39 +0000 (14:41 -0400)]
gssd: Add configure check for gss_krb5_free_lucid_sec_context().

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: GÃnther Deschner <gdeschner@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agonfsd: Add support for the -V and --nfs-version optional arguments
Trond Myklebust [Mon, 25 Mar 2013 20:07:59 +0000 (16:07 -0400)]
nfsd: Add support for the -V and --nfs-version optional arguments

Add command line options to enable those NFS versions that are
currently disabled by default. We choose to use the options '-V'
and '--nfs-version' for compatibility with rpc.mountd.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agorpcdebug: do not use build toolchain
Mike Frysinger [Mon, 25 Mar 2013 12:35:37 +0000 (08:35 -0400)]
rpcdebug: do not use build toolchain

The rpcdebug program gets installed, so we don't want to use the build
toolchain to compile it.  I can't find any scripts in the build system
that try to execute it, so this shouldn't be a problem.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoconfigure: check for libio.h availability
Mike Frysinger [Mon, 25 Mar 2013 12:31:31 +0000 (08:31 -0400)]
configure: check for libio.h availability

On some systems (like uClibc), there isn't a libio.h header.  But it
isn't also needed on them.  So check for the header first.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoREADME: drop version from file
Mike Frysinger [Mon, 25 Mar 2013 12:27:58 +0000 (08:27 -0400)]
README: drop version from file

It clearly doesn't get maintained, so punt it.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agonfsiostat: make it work w/python3
Mike Frysinger [Mon, 25 Mar 2013 12:26:40 +0000 (08:26 -0400)]
nfsiostat: make it work w/python3

Simple fixes here to work with python 2 & 3:
 - use print() everywhere
 - dict.iteritems() -> dict.items()
 - file() -> open()
 - sys.maxint -> sys.maxsize

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: regression in crossmounts
Steve Dickson [Sat, 23 Mar 2013 14:30:17 +0000 (10:30 -0400)]
mountd: regression in crossmounts

commit 8e2fb3fc cause a regression in mount export
that are on different local file system.
Exports like (all on different filesystems)

/home *(rw,fsid=0,crossmnt)
/home/fs1 *(rw,crossmnt)
/home/fs1/fs2/fs3 *(rw,nohide)

and then a mount of the root 'mount /home /mnt'
would end up mounting /home/fs1/fs2/fs3 not /home

Reverting the logic of commit 8e2fb3fc until
a better solution can be found for the original
problem.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoAdd a default flavor to an export's e_secinfo list
Chuck Lever [Sat, 23 Mar 2013 12:25:39 +0000 (08:25 -0400)]
Add a default flavor to an export's e_secinfo list

The list of security flavors that mountd allows for the NFSv4
pseudo-fs is constructed from the union of flavors of all current
exports.

exports(5) documents that the default security flavor for an
export, if "sec=" is not specified, is "sys".  Suppose
/etc/exports contains:

/a  *(rw)
/b  *(rw,sec=krb5:krb5i:krb5p)

The resulting security flavor list for the pseudo-fs is missing
"sec=sys".  /proc/net/rpc/nfsd.export/content contains:

/a  *(rw,root_squash,sync,wdelay,no_subtree_check,
        uuid=095c95bc:08e4407a:91ab8601:05fe0bbf)
/b  *(rw,root_squash,sync,wdelay,no_subtree_check,
        uuid=2a6fe811:0cf044a7:8fc75ebe:65180068,
        sec=390003:390004:390005)
/   *(ro,root_squash,sync,no_wdelay,v4root,fsid=0,
        uuid=2a6fe811:0cf044a7:8fc75ebe:65180068,
        sec=390003:390004:390005)

The root entry is not correct, as there does exist an export whose
unspecified default security flavor is "sys".  The security settings
on the root cause sec=sys mount attempts to be incorrectly rejected.

The reason is that when the line in /etc/exports for "/a" is parsed,
the e_secinfo list for that exportent is left empty.  Thus the union
of e_secinfo lists created by set_pseudofs_security() is
"krb5:krb5i:krb5p".

I fixed this by ensuring that if no "sec=" option is specified for
an export, its e_secinfo list gets at least an entry for AUTH_UNIX.

[ Yes, we could make the security flavors allowed for the pseudo-fs
a fixed list of all flavors the server supports.  That becomes
complicated by the special meaning of AUTH_NULL, and we still have
to check /etc/exports for whether Kerberos flavors should be listed.
I opted for a simple approach for now. ]

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoNFS man page patch that moves nordirplus/rdirplus
Chris Vogan [Sat, 23 Mar 2013 12:22:41 +0000 (08:22 -0400)]
NFS man page patch that moves nordirplus/rdirplus

NFS man page patch that moves nordirplus/rdirplus from "Options for NFS
versions 2 and 3 only" to "Options supported by all versions".  Its a
better fit here since this option is also needed for some NFSv4 servers.

Signed-off-by: Chris Vogan <cvogan@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: gethostname(3) returns zero or -1, not an errno
Chuck Lever [Sat, 23 Mar 2013 12:13:22 +0000 (08:13 -0400)]
gssd: gethostname(3) returns zero or -1, not an errno

According to "man gethostname," gssd is handling the return value of
gethostname(3) incorrectly.  It looks like other gethostname(3) call
sites in nfs-utils are already correct.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Fix whitespace nits
Chuck Lever [Sat, 23 Mar 2013 12:12:16 +0000 (08:12 -0400)]
gssd: Fix whitespace nits

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Clean up gssd_setup_krb5_user_gss_ccache()
Chuck Lever [Sat, 23 Mar 2013 12:11:28 +0000 (08:11 -0400)]
gssd: Clean up gssd_setup_krb5_user_gss_ccache()

Remove a contradictory portion of the block comment documenting
gssd_find_existing_krb5_ccache().  This should have been removed by
commit 289ad31e, which reversed the meaning of the function's return
values.

Note that, in user space, typically errno's are positive.  But here
we follow the kernel convention of using negative values to return
error codes.  Make the documenting comments explicit about the sign
of an error return -- it will never be positive in the case of an
error.

And a nit: At the last return statement in
gssd_setup_krb5_user_gss_ccache(), "err" always contains zero, as
far as I can tell.  Make it explicit (to human readers) that when
execution reaches this point, gssd_setup_krb5_user_gss_ccache() is
going to return "success."

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Update description of "-l" option
Chuck Lever [Sat, 23 Mar 2013 12:09:42 +0000 (08:09 -0400)]
gssd: Update description of "-l" option

Move most of the text in the description of the "-l" option up to
the DESCRIPTION section, to match what was done for "-n" and "-k".

The discussion is then less restricted by formatting, and we can
take the space to introduce a few concepts before describing the
behavior of rpc.gssd.

Fix a few misspellings and grammar issues while here.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Clarify use of the term "machine credentials" in rpc.gssd(8)
Chuck Lever [Sat, 23 Mar 2013 12:08:36 +0000 (08:08 -0400)]
gssd: Clarify use of the term "machine credentials" in rpc.gssd(8)

Our NFSv4 implementation uses machine credentials for operations
that manage state on behalf of the whole client (for example,
SETCLIENTID or RENEW).  The rpc.gssd man page is missing a
description of this usage, especially in the discussion of the "-n"
option.

The issue is that rpc.gssd's "-n" option requires root to acquire a
user credential.  In the absense of a system keytab (for instance,
if the system is diskless) root's credential is not to be used as
the machine credential that manages NFSv4 state.

Group the discussion of machine credentials and UID 0 in one place
to help clarify the discussion and simplify the description of
several of these options.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Provide an introduction in gssd(8)
Chuck Lever [Sat, 23 Mar 2013 12:07:46 +0000 (08:07 -0400)]
gssd: Provide an introduction in gssd(8)

It's good practice in user documentation to define terms before they
are used.  Add an INTRODUCTION section that defines important terms
that are used in the DESCRIPTION and OPTIONS sections.  The key
concepts are GSS context, user credential, machine credential, and
keytab.

The RFCs I looked at capitalize both "gss" and "rpcsec_gss".  For
consistency I changed this throughout the man page.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: gssd.man is missing a description of the "-M" option
Chuck Lever [Sat, 23 Mar 2013 12:06:29 +0000 (08:06 -0400)]
gssd: gssd.man is missing a description of the "-M" option

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Use italics for option values and pathnames
Chuck Lever [Sat, 23 Mar 2013 12:05:30 +0000 (08:05 -0400)]
gssd: Use italics for option values and pathnames

Clean up: The usual convention for the values of command line
options and for pathnames is for them to appear italicized,
rather than emboldened or in double quotes.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: make local functions in v4root.c static
Chuck Lever [Sat, 23 Mar 2013 12:03:56 +0000 (08:03 -0400)]
mountd: make local functions in v4root.c static

Clean up.  set_pseudofs_security() and pseudofs_update() have no
call sites outside of v4root.c, and there are no header declarations
for either function.  Define both as static.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: remove unused variable
Chuck Lever [Sat, 23 Mar 2013 12:02:50 +0000 (08:02 -0400)]
mountd: remove unused variable

Making all in mountd
cache.c: In function 'subexport':
cache.c:374:9: warning: unused variable 'l2' [-Wunused-variable]

Commit 8e2fb3fc removed the last use of "l2" in the subexport()
function.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd - expired credentials problem
Lukas Hejtmanek [Wed, 20 Mar 2013 17:24:02 +0000 (13:24 -0400)]
gssd - expired credentials problem

I noticed that there is a problem with expired credentials if NFS
client's time is even few seconds behind KDC's or NFS server's time.
Client's kernel requests new GSS context but rpc.gssd is happy with
existing krb cache as it valid according to local time.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: don't krb5_free_context if krb5_init_context fails
NeilBrown [Wed, 20 Mar 2013 17:03:58 +0000 (13:03 -0400)]
gssd: don't krb5_free_context if krb5_init_context fails

Most places that call krb5_init_context() abort cleanly on failure.
However these two then try to free the non-existent context, which
doesn't end well.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: use correct test for success of getrlimit()
NeilBrown [Wed, 20 Mar 2013 17:03:17 +0000 (13:03 -0400)]
gssd:  use correct test for success of getrlimit()

commit 7c5cb5e732a4b8704f8c79ec819c5d271e040339
    gssd: base the size of the fd array on the RLIMIT_NOFILE limit.

didn't actually work as claimed.  It only uses the returned value
if getrlimit() returns -1  -- which of course it only does when
there was an error.

So change the test to "== 0".

Reported-by: Leonardo Chiquitto< lchiquitto@suse.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Call authgss_free_private_data() if library provides it.
NeilBrown [Wed, 13 Feb 2013 20:11:05 +0000 (15:11 -0500)]
gssd: Call authgss_free_private_data() if library provides it.

librpcsecgss provides authgss_free_private_data() as a pair to
authgss_get_private_data().  libtirpc does not - until recently.

This ommision results in authgss_destroy_context() sending an
incorrect RPCSEC_GSS_DESTROY request when gssd calls AUTH_DESTROY().

The call has been added to libtirpc, so this patch updates nfs-utils
to check for the presense of the function in libtirpc and to set
HAVE_AUTHGSS_FREE_PRIVATE_DATA if it is present.
This is also set unconditionally if librpcsecgss is used.

gssd is changed to test this value rather than HAVE_LIBTIRPC when
chosing whether to call authgss_free_private_data().

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agorpc.statd: Fix socket binding loop.
Hemmo Nieminen [Wed, 16 Jan 2013 20:29:14 +0000 (15:29 -0500)]
rpc.statd: Fix socket binding loop.

From: Hemmo Nieminen <hemmo.nieminen@iki.fi>

Instead of closing the sockets before requesting a new one, keep them
open until a suitable one is found. Otherwise bindresvport will return
the same port over and over again.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agorpc.idmapd: Ignore open failures in dirscancb()
David Jeffery [Wed, 16 Jan 2013 20:21:55 +0000 (15:21 -0500)]
rpc.idmapd: Ignore open failures in dirscancb()

From: David Jeffery <djeffery@redhat.com>

The daemon "rpc.idmapd" scans the /var/lib/nfs/rpc_pipefs/nfs/ directory
periodically looking for NFS client mounts to communicate to. The daemon
tried to open communication with a client mount but it disappeared in
between looking for directory entries and opening them. NFS mount was
umounted just before rpc.idmapd tried to communicate with it. This
behavior is usually seen when autofs is configured on the system.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agoidmapd: allow non-ASCII characters (UTF-8) in NFSv4 domain name
Suresh Jayaraman [Mon, 17 Dec 2012 21:29:44 +0000 (16:29 -0500)]
idmapd: allow non-ASCII characters (UTF-8) in NFSv4 domain name

The validateascii() check in imconv() maps NFSv4 domain names with
non-ASCII characters to 'nobody'. In setups where Active directory
or LDAP is used this causes names with UTF-8 characters to being
mapped to 'nobody' because of this check.

As Bruce Fields puts it:

"idmapd doesn't seem like the right place to enforce restrictions on
names.  Once the system has allowed a name it's too late to be
complaining about it here."

Replace the validateascii() call in imconv() with a check for
null-termination just to be extra-careful and remove the validateascii()
function itself as the only user of that function is being
removed by this patch.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: fix is_subdirectory to understand '/'
NeilBrown [Mon, 17 Dec 2012 21:21:15 +0000 (16:21 -0500)]
mountd: fix is_subdirectory to understand '/'

The is_subdirectory() function checks if a given 'child' is a
subdirectory of the given 'parent'.  However it always fails
if 'parent' == "/" (because 'child' doesn't begin with 'parent'
followed by "/").

So change is_subdirectory() to special-case "/".

subexport() also tests if one directory is a subdirectory of the
other, and contains the same bug.  So change it to use
is_subdirectory().

Finally, move is_subdirectory() and related path_matches() and
export_matches() earlier in the file to avoid a forward-reference.

This patch fixes a bug wherein if you export "/" with 'crossmnt', the
crossmnt flag is ineffective and you can only access the root
filesystem, not any descendants.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: fix checking for errors when exporting filesystems
NeilBrown [Mon, 17 Dec 2012 21:19:09 +0000 (16:19 -0500)]
mountd: fix checking for errors when exporting filesystems

commit 5604b35a61e22930873ffc4e9971002f578e7978
  nfs-utils: Increase the stdio file buffer size for procfs files

changed writes to some sysfs files to be line buffered (_IOLBF) where
they weren't before.  While this probably makes sense, it introduced a
bug.

With fully buffered streams, you don't expect to get an error until you
call fflush(). With line buffered streams you can get the error
from fprintf() et al.

qword_eol() only tests the return from fflush(), not from fprintf().
Consequently errors were not noticed.

One result of this is that if you export, with crossmnt, a filesystem
underneath which are mounted non-exportable filesystems (e.g. /proc)
then an 'ls -l' on the client will block indefinitely waiting for a
meaningful 'yes' or 'no' from the server, but will never get one.

This patch changes qword_eol to test both fprintf and fflush.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: Report the absolute path used to load the junction plug-in
Chuck Lever [Wed, 12 Dec 2012 15:31:06 +0000 (10:31 -0500)]
mountd: Report the absolute path used to load the junction plug-in

As a debugging feature, report the absolute pathname of the plug-in
library that mountd loads to resolve junctions.

Since mountd passes a relative path to dlopen(3), dlopen(3) must
search for the right library.  Displaying the absolute pathname of
the object that it found verifies that mountd loaded the correct
plug-in.

Note: dlinfo(3) is provided by libdl, but there doesn't seem to be a
man page on Fedora 16 for dlinfo(3).  Instead, see:

  http://www.unix.com/man-page/all/3/dlinfo/

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agolibexport.a: xtab.c no longer needs #include xmalloc.h
Chuck Lever [Wed, 12 Dec 2012 15:30:25 +0000 (10:30 -0500)]
libexport.a: xtab.c no longer needs #include xmalloc.h

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agolibexport.a: rmtab.c no longer needs #include xmalloc.h
Chuck Lever [Wed, 12 Dec 2012 15:29:40 +0000 (10:29 -0500)]
libexport.a: rmtab.c no longer needs #include xmalloc.h

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: cache.c no longer needs #include xmalloc.h
Chuck Lever [Wed, 12 Dec 2012 15:26:59 +0000 (10:26 -0500)]
mountd: cache.c no longer needs #include xmalloc.h

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: auth.c no longer needs #include xmalloc.h
Chuck Lever [Wed, 12 Dec 2012 15:26:09 +0000 (10:26 -0500)]
mountd: auth.c no longer needs #include xmalloc.h

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: base the size of the fd array on the RLIMIT_NOFILE limit.
NeilBrown [Wed, 28 Nov 2012 19:35:25 +0000 (14:35 -0500)]
gssd: base the size of the fd array on the RLIMIT_NOFILE limit.

We have previously raised the size of the 'pollarray' once (32 -> 256)
and I have had another request to make it bigger.
Rather than changing the hard-coded value, make it depend on
RLIMIT_NOFILE.  This is an upper limit on the size of the array
that can be passed to poll() anyway.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd_proc: remove pointless test against FD_ALLOC_BLOCK in process_pipedir
NeilBrown [Wed, 28 Nov 2012 19:33:59 +0000 (14:33 -0500)]
gssd_proc: remove pointless test against FD_ALLOC_BLOCK in process_pipedir

I can see no possible point for this test against FD_ALLOC_BLOCK,
so just remove the test.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd_proc: use pollsize, not FD_ALLOC_BLOCK, in get_poll_index()
NeilBrown [Wed, 28 Nov 2012 19:32:00 +0000 (14:32 -0500)]
gssd_proc: use pollsize, not FD_ALLOC_BLOCK, in get_poll_index()

get_poll_index wants to walk the entire "pollarray", but uses
the constant FD_ALLOC_BLOCK, rather than the variable
pollsize (which has the same value).  If we want to make the
size of the array variable, it is best not to use the constant.

As pollsize is 'unsigned long', 'i' should be too.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Handle the target name correctly
Trond Myklebust [Wed, 28 Nov 2012 19:30:07 +0000 (14:30 -0500)]
gssd: Handle the target name correctly

The target name contains a hostname in the realm that we are
authenticating
to. Since we may be authenticating to a different realm than the default
realm for the server, we should not assume that the target name and host
name point to the same string.
In fact, the kernel NFS client will always use its own hostname as the
target name, since it is always authenticating to its own default realm.
On the other hand, the NFS server's callback channel will pass the
hostname
of the NFS client that it is authenticating too (Section 3.4, RFC3530).

This patch fixes the handling of the target name in process_krb5_upcall,
and ensures that it gets passed to find_keytab_entry().

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agogssd: Remove insane sanity checks of the service name
Trond Myklebust [Wed, 28 Nov 2012 19:25:33 +0000 (14:25 -0500)]
gssd: Remove insane sanity checks of the service name

Either we trust the info file, or we don't. The current
'checks' only work for the combination 'nfs', '100003' and
a version number between 2 and 4.
The problem is that the callback channel also wants to use
'nfs' in combination with a different program number and
version number.

This patch throws the bogus checks out altogether and lets the
kernel use whatever combination it wants....

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agonfsdcltrack: skip "." and ".." when trying to clean out legacy recdir
Jeff Layton [Wed, 28 Nov 2012 19:03:55 +0000 (14:03 -0500)]
nfsdcltrack: skip "." and ".." when trying to clean out legacy recdir

readdir picks up these two entries as "normal" dentries, but rmdir'ing
them won't work (and we wouldn't want to remove them anyway).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomount.nfs: error message clean up.
Steve Dickson [Wed, 28 Nov 2012 14:26:18 +0000 (09:26 -0500)]
mount.nfs: error message clean up.

Remove a unnecessary newline in an error message.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomount.nfs: Continue to trying address when the server return EACCES
Steve Dickson [Wed, 28 Nov 2012 14:20:15 +0000 (09:20 -0500)]
mount.nfs: Continue to trying address when the server return EACCES

With recent changes to the /etc/hosts file, the 'localhost'
host name is now multiply defined as both an IPv4 address (127.0.01)
and an IPv6 address (::1). This causes first address returned
by getaddrinfo('localhost') to be the IPv6 address instead of
the IPv4 address.

The change in the default 'localhost' address type causes
existing exports using '127.0.0.1' to fail, because the
'::1' address is tried first and fails. The problem is
not all the addresses in the address list are being tried.

So this patch allows that address list to continue to be
process when a 'EACCES' error is returned by the server.

Signed-off-by: Steve Dickson <steved@redhat.com>
11 years agomountd: auth_unix_ip should downcall on error to prevent hangs
J. Bruce Fields [Wed, 28 Nov 2012 14:11:29 +0000 (09:11 -0500)]
mountd: auth_unix_ip should downcall on error to prevent hangs

Since bf6a4febaa78bf188896b7b5b02c46562dd08b70 "mountd: handle
allocation failures in auth_unix_ip upcall", a failure to map the
address of an incoming client to a name could result in a hang.

We should be responding with an error in the case, not just skipping the
downcall and leaving everybody hanging.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agosvcgssd: Encryption types not being parsed correctly
Steve Dickson [Sat, 17 Nov 2012 13:50:09 +0000 (08:50 -0500)]
svcgssd: Encryption types not being parsed correctly

When svcgssd reads the supported encrytion types from the
kernel, they are prefixed with a 'enctypes='. That prefix
has to be ignored to correctly parse the rest of the types.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoRelease 1.2.7
Steve Dickson [Fri, 9 Nov 2012 13:01:46 +0000 (08:01 -0500)]
Release 1.2.7

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoconfigure.ac: When v4 is disable v4.1 should also be disabled.
Steve Dickson [Thu, 8 Nov 2012 22:00:12 +0000 (17:00 -0500)]
configure.ac: When v4 is disable v4.1 should also be disabled.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoconfigure.ac: Disabling v4 should not break the gssd build
Steve Dickson [Thu, 8 Nov 2012 21:49:40 +0000 (16:49 -0500)]
configure.ac: Disabling v4 should not break the gssd build

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: Ensure the build is diabled when NFS v4 is disabled
Jeff Layton [Thu, 8 Nov 2012 21:42:15 +0000 (16:42 -0500)]
nfsdcltrack: Ensure the build is diabled when NFS v4 is disabled

When '--disable-nfsv4' is in the configure options, then
the building of nfsdcltrack need to be disabled as well.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: update the README about server startup order
Jeff Layton [Thu, 8 Nov 2012 20:12:00 +0000 (15:12 -0500)]
nfsdcltrack: update the README about server startup order

Now that nfsdcld is gone, remove the section about starting it up.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: remove the nfsdcld daemon
Jeff Layton [Thu, 8 Nov 2012 20:09:41 +0000 (15:09 -0500)]
nfsdcltrack: remove the nfsdcld daemon

Since we want to move to using the usermodehelper upcall
unconditionally, just remove nfsdcld. The kernel code to handle
this will be formally deprecated in 3.10 as well.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: add a manpage for nfsdcltrack
Jeff Layton [Thu, 8 Nov 2012 20:07:29 +0000 (15:07 -0500)]
nfsdcltrack: add a manpage for nfsdcltrack

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: add a legacy transition mechanism
Jeff Layton [Thu, 8 Nov 2012 20:02:20 +0000 (15:02 -0500)]
nfsdcltrack: add a legacy transition mechanism

If the kernel passes the legacy recdir path in the environment, then we
can use that to transition from the old legacy tracker to the new one.

On a "check" operation, if there is no record of the client in the
database, check to see if there is a matching recoverydir. If there
isn't then just refuse the reclaim. If there is, then insert a new
record for this client into the db, and remove the legacy recoverydir.
If either of those operations fail, then refuse the reclaim.

On a "gracedone" operation, clean out the entire legacy recoverydir
after purging any unreclaimed records from the db. There's not much
we can do if this fails, so just log a warning if it does.

Note that this is a one-way conversion. If the user later boots back
into an older kernel, it will have no knowledge of the new database.

In principle, we could create a tool that would walk the clients
table, md5 hash the clientids and create directories in the
v4recovery dir. Doing that automatically would be pretty difficult
however.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: add a new "one-shot" program for manipulating the client tracking db
Jeff Layton [Thu, 8 Nov 2012 20:00:04 +0000 (15:00 -0500)]
nfsdcltrack: add a new "one-shot" program for manipulating the client tracking db

Usermode helper upcalls are all the rage these days for infrequent
upcalls, since they make it rather idiot-proof. No running daemon is
required, so there's really no setup beyond ensuring that the callout
exists and is runnable.

This program adds a callout program to nfs-utils for that purpose. The
storage engine on the backend is identical to the one used by nfsdcld.
This just adds a new frontend for it.

For now, building with --enable-nfsdcltrack gives you both nfsdcld and
nfsdcltrack programs. A later patch will remove nfsdcld altogether.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: break out a function to open the database handle
Jeff Layton [Thu, 8 Nov 2012 19:56:51 +0000 (14:56 -0500)]
nfsdcltrack: break out a function to open the database handle

When we add a new usermodehelper upcall program to do the database
access, the existing "init" function will be overkill every time
we start up the program.

Break out the database handle establishment routine into a separate
function that we can call from each upcall command in the one-shot
program.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: remove pointless sqlite_topdir variable
Jeff Layton [Thu, 8 Nov 2012 19:39:28 +0000 (14:39 -0500)]
nfsdcltrack: remove pointless sqlite_topdir variable

This is holdover from an earlier version of the code and doesn't really
provide any benefit. Also, mark the topdir and dirname arguments const
since they should never be changed.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: rename the nfsdcld directory and options to nfsdcltrack
Jeff Layton [Thu, 8 Nov 2012 19:36:56 +0000 (14:36 -0500)]
nfsdcltrack: rename the nfsdcld directory and options to nfsdcltrack

We'll soon be adding a new nfsdcltrack program, at which point it won't
make much sense to call this directory and the config option "nfsdcld".
Rename it to be a bit more generic.

While we're at it, change the default for --enable-cltrack to "yes".
When we introduce the one-shot program, we're going to want to build
it by default anyway.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfsdcltrack: fix segfault in sqlite debug logging
Jeff Layton [Thu, 8 Nov 2012 19:02:21 +0000 (14:02 -0500)]
nfsdcltrack: fix segfault in sqlite debug logging

One too few arguments...

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: Squelch compiler error
Chuck Lever [Tue, 30 Oct 2012 19:11:32 +0000 (15:11 -0400)]
rpc.gssd: Squelch compiler error

gssd_proc.c: In function handle_krb5_upcall:
gssd_proc.c:1117:2: warning: ISO C forbids return with expression, in
function returning void [-pedantic]

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: Squelch compiler warning
Chuck Lever [Tue, 30 Oct 2012 19:09:19 +0000 (15:09 -0400)]
rpc.gssd: Squelch compiler warning

gssd_proc.c: At top level:
gssd_proc.c:782:5: warning: no previous prototype for create_auth_rpc_client [-Wmissing-prototypes]

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: Squelch compiler warning
Chuck Lever [Tue, 30 Oct 2012 19:07:54 +0000 (15:07 -0400)]
rpc.gssd: Squelch compiler warning

gss_util.c: At top level:
gss_util.c:98:36: warning: ISO C does not allow extra ; outside of a
function [-pedantic]

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Avoid unnecessary type conversions
Chuck Lever [Tue, 30 Oct 2012 19:01:39 +0000 (15:01 -0400)]
mountd: Avoid unnecessary type conversions

Fixed a number of -Wconversion warnings

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Avoid unnecessary type conversions
Chuck Lever [Tue, 30 Oct 2012 18:55:29 +0000 (14:55 -0400)]
mountd: Avoid unnecessary type conversions

Removed a Wsign-conversion warning

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Avoid unnecessary type conversions
Chuck Lever [Tue, 30 Oct 2012 18:44:57 +0000 (14:44 -0400)]
mountd: Avoid unnecessary type conversions

Clean up compiler warnings:

cache.c: In function get_uuid:
cache.c:249:2: warning: conversion to size_t from int may change
  the sign of the result [-Wsign-conversion]

  And the like.

signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Make local functions static
Chuck Lever [Tue, 30 Oct 2012 18:06:22 +0000 (14:06 -0400)]
mountd: Make local functions static

Removed a couple Wmissing-prototypes warnings in the mountd code.

Once the parse_fsid() function was made static, the compiler
detected execution paths through it that did not initialize some
fields in *parsed.

[ I'm pretty sure these problems are currently harmless, since each
path is taken depending on the value of the .fsidtype field.  Each
path accesses only the fields in *parsed that it cares about. ]

This is because parsed_fsid isn't a union type.  parse_fsid() leaves
uninitialized fields that are not used by a particular fsidtype.  To
prevent an accidental dereference of stack garbage (.fhuuid being an
example of a pointer that is left uninitialized sometimes), have
parse_fsid() defensively pre-initialize *parsed to zero.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Eliminate unnecessary type conversions
Chuck Lever [Tue, 30 Oct 2012 18:05:11 +0000 (14:05 -0400)]
mountd: Eliminate unnecessary type conversions

Removed a copule Wsign-conversion in the mountd code.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Avoid unnecessary type conversions
Chuck Lever [Tue, 30 Oct 2012 18:02:24 +0000 (14:02 -0400)]
mountd: Avoid unnecessary type conversions

Removed a number of Wconversion warnings in the mountd code.

Took the opportunity to eliminate some code duplication.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agonfs-utils: Eliminate dereferencing type punned pointers
Chuck Lever [Tue, 30 Oct 2012 18:01:34 +0000 (14:01 -0400)]
nfs-utils: Eliminate dereferencing type punned pointers

Removed a number of Wstrict-aliasing warnings

Note also that site-local IPv6 addresses are deprecated, and thus
are no longer encountered.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Simplify "no junction support" case
Chuck Lever [Fri, 19 Oct 2012 14:43:50 +0000 (10:43 -0400)]
mountd: Simplify "no junction support" case

We've added logic in the "not an export" case in nfsd_export(), so it's
no longer a simple function call.  Clean up this code by splitting
it into a new function, and make plain what happens when junction
support is compiled out.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Dynamically allocate exportent that represents junctions
Chuck Lever [Fri, 19 Oct 2012 14:41:54 +0000 (10:41 -0400)]
mountd: Dynamically allocate exportent that represents junctions

We're now duplicating a real exportent with arbitrary export options
to create a junction exportent.  After a dupexportent() call,
several of the structure's fields can point to dynamically allocated
memory.  We have to be careful about not orphaning that memory.

What's more, returning a pointer to a static structure is as 90's as
a bad mullet.  It's more straightforward to allocate the exportent
dynamically and release it when we are through with it.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Add exportent_release()
Chuck Lever [Fri, 19 Oct 2012 14:38:51 +0000 (10:38 -0400)]
mountd: Add exportent_release()

Split out the logic that releases dynamically allocated data in an
exportent.  The junction resolution code will invoke this to clean
up the junction exportent once it has been dumped to the kernel.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Junctions inherit parent export's options
Chuck Lever [Fri, 19 Oct 2012 14:37:26 +0000 (10:37 -0400)]
mountd: Junctions inherit parent export's options

Attempting to access junctions on a Linux NFS server from an NFS
client connected via an ephemeral source port fails with a "client
insecure" error on the server.  This happens even when the
"insecure" export option is specified on the junction's parent
export.

As a test, via a mountd code change, I added "insecure" to the fixed
export options that mountd sets up for each junction, and the error
disappeared.

It's simple enough for old-school referrals configured directly in
/etc/exports ("refer=") to have the needed options specified there.
Cache entries for junctions, however, are created on the fly by
mountd, and don't ever appear in /etc/exports.  So there's nowhere
obvious that export options for junctions can be specified.

Bruce suggested that in order to specify unique export options for
junctions, they should inherit the export options of their parent
export.  The junction's parent's exportent is duplicated in order
to create an exportent for the junction itself.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Add lookup_export_parent()
Chuck Lever [Fri, 19 Oct 2012 14:29:28 +0000 (10:29 -0400)]
mountd: Add lookup_export_parent()

In a moment I will be adding some logic that needs to know an
junction's parent export.

Here's a function that can discover an export's parent.  It takes
the target export's pathname, chops off the rightmost component, and
tries a lookup_export().  If that succeeds, we have our answer.
If not, it chops off the next rightmost component and tries again,
until the root is reached.

At the same time, infrastructure is added to pass the parent export
down into the functions that convert locations into a new junction
export entry.  For now the parent export remains unused.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Set e_fslocdata field directly
Chuck Lever [Fri, 19 Oct 2012 14:27:26 +0000 (10:27 -0400)]
mountd: Set e_fslocdata field directly

To create an export entry for a junction, an options string is
constructed from the set of locations in the junction.  This options
string is then passed to mkexportent() where it is parsed and
converted into an exportent.

There is only one export option that is used to create a junction's
exportent: "refer=".  When that option is parsed, it's value is
simply copied to a fresh string and planted in the new export's
e_fslocdata field.

Let's avoid the option parsing and extra string copy.  Construct
a string for the new e_fslocdata field and plant it in the exportent
directly.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Use static buffer when constructing junction export options
Chuck Lever [Fri, 19 Oct 2012 14:25:14 +0000 (10:25 -0400)]
mountd: Use static buffer when constructing junction export options

Clean up: Simplify locations_to_export() by constructing a junction's
export options in a static buffer.

We can do this because all of this code is called serially, in one
thread, and the result is thrown away immediately after the caller
is finished.  The returned exportent itself is static.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomountd: Warn when a broken junction is encountered
Chuck Lever [Fri, 19 Oct 2012 14:24:07 +0000 (10:24 -0400)]
mountd: Warn when a broken junction is encountered

A broken junction is a problem that administrators will want to
know about and correct.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoGSSD: Pass GSS_context lifetime to the kernel.
Andy Adamson [Thu, 18 Oct 2012 17:21:09 +0000 (13:21 -0400)]
GSSD: Pass GSS_context lifetime to the kernel.

From: Andy Adamson <andros@netapp.com>

The kernel gss_cl_ctx stores the context lifetime in gc_expiry, set
by gssd in do_downcall() called by process_krb5_upcall(). The lifetime
value is currently not related at all to the Kerberos TGS lifetime.
It is either set to the value of gssd -t <timeout>, or to a kernel
default of 3600 seconds.

Most of the time the gssd -t command line is not set, and a timeout
value of zero was sent to the kernel triggering the use of the 3600
second kernel default timeout.

In order for the kernel to properly know when to renew a context, or to
stop buffering writes for a context about to expire, the gc_expiry value
needs to reflect the credential lifetime used to create the context.

Note that gss_inquire_cred returns the number of seconds for which the
context remains valid in the lifetime_rec parameter.

Send the actual TGS remaining lifetime to the kernel. It can still be
overwritten by the gssd -t command line option, or set to the kernel
default if the gss_inquire_cred call fails (which sets the lifetime_rec
to zero).

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoutils: Return status 0 on clean exits
Mantas Mikulenas [Mon, 15 Oct 2012 20:08:34 +0000 (16:08 -0400)]
utils: Return status 0 on clean exits

Some init systems actually expect daemons to return 0 on success.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomount.nfs4: Backgrounding mount broken with NFS versions <4
Wolfram Gloger [Mon, 15 Oct 2012 19:31:23 +0000 (15:31 -0400)]
mount.nfs4: Backgrounding mount broken with NFS versions <4

When the NFS version isn't specified in the mount options, mount.nfs
attempts V4 first and appends 'vers=4' to the extra_options string in
the mount options.  If the server isn't immediately reachable, this
attempt fails.  However, if the background option is specified and the
server comes up later on, the extra_options are used again for all
further attempts and thus they fail if the server only supports
vers<4.

Fix this by only amending extra_options on a successful vers=4 mount.

This is now Debian bug #690181 and has apparently been around for
ages.

Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Wolfram Gloger <bugzilla1@malloc.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agomount.nfs mapage: clear up confusion between 'proto' and 'transport'
Neil Brown [Mon, 15 Oct 2012 16:50:35 +0000 (12:50 -0400)]
mount.nfs mapage: clear up confusion between 'proto' and 'transport'

The mount option "proto=" actually set the "transport" which in
netconfig usage is the pairing of a protocol (e.g. UDP, TCP) with
a protocol family (e.g. INET, INET6).

This can cause confusion if people naively except "proto=udp" to work
equally well on IPv6.

So add some text to both nfs(5) and nfsmount.conf(5) to hopefully
clarify this.

Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoExportfs crashes with long path
Ivan Romanov [Mon, 15 Oct 2012 16:41:36 +0000 (12:41 -0400)]
Exportfs crashes with long path

Acked-by: Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoAdded fsc and nofsc to the mount manpage.
Steve Dickson [Thu, 23 Aug 2012 17:41:56 +0000 (13:41 -0400)]
Added fsc and nofsc to the mount manpage.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoblkmapd: proper signal handling
Peng Tao [Thu, 23 Aug 2012 17:03:34 +0000 (13:03 -0400)]
blkmapd: proper signal handling

Signed-off-by: Peng Tao <tao.peng@emc.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoblkmapd: allow blocklayoutdriver module to load/unload
Peng Tao [Thu, 23 Aug 2012 16:50:33 +0000 (12:50 -0400)]
blkmapd: allow blocklayoutdriver module to load/unload

User may load/unload blocklayoutdriver module dynanmically.
So we handle it by watching the pipe file creation/deletion.

Signed-off-by: Peng Tao <tao.peng@emc.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agogssd: Use /run/user/${UID} instead of /run/user/${USER}
Nalin Dahyabhai [Wed, 22 Aug 2012 18:43:05 +0000 (14:43 -0400)]
gssd: Use /run/user/${UID} instead of /run/user/${USER}

Newer versions of systemd create a /run/user/${UID} directory
instead of the /run/user/${USER} directory, so switch to
scanning for that.  To make the per-user directory bit a little
less magical, change the default to incorporate a "%U", which
gets dynamically expanded to the user's UID when needed.

Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agogssd: scan for DIR: ccaches, too
Nalin Dahyabhai [Wed, 22 Aug 2012 18:35:17 +0000 (14:35 -0400)]
gssd: scan for DIR: ccaches, too

In addition to matching "FILE:krb5cc_*" in the specified directory or
directories, also match "DIR:krb5cc*", if we find subdirectories with
names that match the search pattern.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: don't call poll(2) twice a second
Chuck Lever [Mon, 6 Aug 2012 13:08:53 +0000 (09:08 -0400)]
rpc.gssd: don't call poll(2) twice a second

Use ppoll() instead.

[ cel Wed Aug  1 11:44:46 EDT 2012 - autoconfiscated Bruce's version ]

Related clean-up: Since we're pulling the poll/ppoll call out into a
separate function, note that the second argument of poll(2) and
ppoll(2) is not an int, it's an unsigned long.  The nfds_t typedef
is a recent invention, so use the raw type for compatibility with
older glibc headers.

Acked-by: J. Bruce Fields" <bfields@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: handle error to open toplevel directory
J. Bruce Fields [Mon, 6 Aug 2012 12:57:19 +0000 (08:57 -0400)]
rpc.gssd: handle error to open toplevel directory

From: "J. Bruce Fields" <bfields@redhat.com>

Reverse the sense of the test here, and also add debugging and cleanup
in the error case.

(Though the lack of cleanup isn't currently a problem in practice since
we'll eventually exit in this case.)

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: don't call printerr from signal handler
J. Bruce Fields [Mon, 6 Aug 2012 12:55:45 +0000 (08:55 -0400)]
rpc.gssd: don't call printerr from signal handler

From: "J. Bruce Fields" <bfields@redhat.com>

printerr() isn't actually safe to call from a signal handler.  It might
be possible to make it so, but I think this is the only case in
nfs-utils where we try to, and I'm not convince it's worth it.

This fixes a bug that would eventually cause mounts to hang when gssd
is run with -vv.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agorpc.gssd: simplify signal handling
J. Bruce Fields [Mon, 6 Aug 2012 12:54:11 +0000 (08:54 -0400)]
rpc.gssd: simplify signal handling

From: "J. Bruce Fields" <bfields@redhat.com>

We're not actually using the extra sa_sigaction parameters.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
12 years agoumount: use correct return value for is_vers4.
NeilBrown [Mon, 6 Aug 2012 12:41:13 +0000 (08:41 -0400)]
umount: use correct return value for is_vers4.

is_vers4 in mount_libmount.c is based on nfs_umount_is_vers4
in nfsumount.c, except the return values are reversed.
The result of this is:
 - a MOUNT_UMNT call is not sent when an NFSv3 or NFSv2
   filesystem is unmounted
 - a MOUNT_UMNT call *is* sent when and 'nfs4' filesystem
   is unmounted (but not when an 'nfs -o vers=4 filesystem
   is unmounted, as that is checked elsewhere).

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>