Imported Upstream version 1.2.8
Imported upstream 1.2.8
mountd: fix exporting of "/" with sec= setting. Commit 91bb95f2689e84856ecdf6fac365489d36709cf9 4set_root: force "fsid=0" for all exports of '/' set NFSEXP_FSID for the export of "/" if nothing else had any fsid set, however it didn't also set the flag for all security flavours. So the kernel complains that the flags on the security flavours don't match and it rejects the export. So call fix_pseudoflavor_flags() in write_secinfo() to make sure that any fiddling that has been done to e_flags gets copied to e_secinfo. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
nfsd: Add support for the -V and --nfs-version optional arguments Add command line options to enable those NFS versions that are currently disabled by default. We choose to use the options '-V' and '--nfs-version' for compatibility with rpc.mountd. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Add a default flavor to an export's e_secinfo list The list of security flavors that mountd allows for the NFSv4 pseudo-fs is constructed from the union of flavors of all current exports. exports(5) documents that the default security flavor for an export, if "sec=" is not specified, is "sys". Suppose /etc/exports contains: /a *(rw) /b *(rw,sec=krb5:krb5i:krb5p) The resulting security flavor list for the pseudo-fs is missing "sec=sys". /proc/net/rpc/nfsd.export/content contains: /a *(rw,root_squash,sync,wdelay,no_subtree_check, uuid=095c95bc:08e4407a:91ab8601:05fe0bbf) /b *(rw,root_squash,sync,wdelay,no_subtree_check, uuid=2a6fe811:0cf044a7:8fc75ebe:65180068, sec=390003:390004:390005) / *(ro,root_squash,sync,no_wdelay,v4root,fsid=0, uuid=2a6fe811:0cf044a7:8fc75ebe:65180068, sec=390003:390004:390005) The root entry is not correct, as there does exist an export whose unspecified default security flavor is "sys". The security settings on the root cause sec=sys mount attempts to be incorrectly rejected. The reason is that when the line in /etc/exports for "/a" is parsed, the e_secinfo list for that exportent is left empty. Thus the union of e_secinfo lists created by set_pseudofs_security() is "krb5:krb5i:krb5p". I fixed this by ensuring that if no "sec=" option is specified for an export, its e_secinfo list gets at least an entry for AUTH_UNIX. [ Yes, we could make the security flavors allowed for the pseudo-fs a fixed list of all flavors the server supports. That becomes complicated by the special meaning of AUTH_NULL, and we still have to check /etc/exports for whether Kerberos flavors should be listed. I opted for a simple approach for now. ] Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: fix checking for errors when exporting filesystems commit 5604b35a61e22930873ffc4e9971002f578e7978 nfs-utils: Increase the stdio file buffer size for procfs files changed writes to some sysfs files to be line buffered (_IOLBF) where they weren't before. While this probably makes sense, it introduced a bug. With fully buffered streams, you don't expect to get an error until you call fflush(). With line buffered streams you can get the error from fprintf() et al. qword_eol() only tests the return from fflush(), not from fprintf(). Consequently errors were not noticed. One result of this is that if you export, with crossmnt, a filesystem underneath which are mounted non-exportable filesystems (e.g. /proc) then an 'ls -l' on the client will block indefinitely waiting for a meaningful 'yes' or 'no' from the server, but will never get one. This patch changes qword_eol to test both fprintf and fflush. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: Avoid unnecessary type conversions Removed a number of Wconversion warnings in the mountd code. Took the opportunity to eliminate some code duplication. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: Eliminate dereferencing type punned pointers Removed a number of Wstrict-aliasing warnings Note also that site-local IPv6 addresses are deprecated, and thus are no longer encountered. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: Add exportent_release() Split out the logic that releases dynamically allocated data in an exportent. The junction resolution code will invoke this to clean up the junction exportent once it has been dumped to the kernel. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfsdcld: Before clearing the capability bounding set, check if we have the cap From: Harald Hoyer <harald@redhat.com> PR_CAPBSET_DROP can return EINVAL, if an older kernel does support some capabilities, which are defined by CAP_LAST_CAP, which results in a failure of the service. For example kernel 3.4 errors on CAP_EPOLLWAKEUP, which was newly introduced in 3.5. So, for future capabilities, we clear until we get an EINVAL for PR_CAPBSET_READ. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
rpcdebug: Add new "state" flag for the nfs module Kernel 3.5 adds a debugging flag for showing NFS client debugging messages having to do with NFSv4 state operations. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
statd: drop all capabilities from the bounding set as well statd drops all capabilities except for CAP_NET_BIND when it starts. It's possible though that if it ever had a compromise that an attacker would be able to invoke a setuid process (or something with file capabilities) in order to reinstate some caps. This could happen as a result of the daemon becoming compromised, or possibly as a result of the ha-callout program becoming compromised. In order to prevent that, have statd also prune the capability bounding set to nothing prior to dropping capabilities. That ensures that the process won't be able to reacquire capabilities via any means -- including exec'ing a setuid program. We do however need to be cognizant of the fact that PR_CAPBSET_DROP was only added in 2.6.25, so check to make sure that #define exists via autoconf before we rely on it. In order to do that, we must add ax_check_define.m4 from the GNU autoconf macro archive. Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound exists before attempting to clear the bounding set. If it does, then don't bother trying since it won't work. In that event though, do throw a warning however since the presence of that file indicates that there is a disconnect between the build and runtime environments. Acked-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
nfsdcld: add client tracking daemon stub This program opens and "listens" on the new nfsd/cld rpc_pipefs pipe. The code here doesn't actually do anything on stable storage yet. That will be added in a later patch. The patch also adds a autoconf enable switch for the new daemon that defaults to "no", and a test for the upcall description header file. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
rpc.idmap: Hide global symbols from libidmap plugins This patch limits the visibility of the symbols in the nfs-utils conffile.c so that they are only visible to programs linked directly to it. This forces the objects dynamically loaded via libnfsidmap to use the functions defined in that shared library instead. Signed-off-by: Steve Dickson <steved@redhat.com>