rpc.idmapd: Ignore open failures in dirscancb() From: David Jeffery <djeffery@redhat.com> The daemon "rpc.idmapd" scans the /var/lib/nfs/rpc_pipefs/nfs/ directory periodically looking for NFS client mounts to communicate to. The daemon tried to open communication with a client mount but it disappeared in between looking for directory entries and opening them. NFS mount was umounted just before rpc.idmapd tried to communicate with it. This behavior is usually seen when autofs is configured on the system. Signed-off-by: Steve Dickson <steved@redhat.com>
idmapd: allow non-ASCII characters (UTF-8) in NFSv4 domain name The validateascii() check in imconv() maps NFSv4 domain names with non-ASCII characters to 'nobody'. In setups where Active directory or LDAP is used this causes names with UTF-8 characters to being mapped to 'nobody' because of this check. As Bruce Fields puts it: "idmapd doesn't seem like the right place to enforce restrictions on names. Once the system has allowed a name it's too late to be complaining about it here." Replace the validateascii() call in imconv() with a check for null-termination just to be extra-careful and remove the validateascii() function itself as the only user of that function is being removed by this patch. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com> Signed-off-by: Steve Dickson <steved@redhat.com>
autoconf: don't let libnfsidmap test add -lnfsidmap to $LIBS ...as that makes that library get linked into every binary. Also, replace "hardcoded" -lnfsidmap linker flag in Makefiles with a AC_SUBST variable. This fixes a regression introduced in commit d7c64dd. Signed-off-by: Jeff Layton <jlayton@redhat.com>
rpc.idmapd: Dies with 'I/O possible' We have had problems on some of our machines (all Fedora 14), where rpc.idmapd used to die with an `I/O possible' message at (basically) random times. A strace suggested the issue being in nfsopen() where a signal type is reset before notification is disabled; a signal at just the right time might be the cause of the problem; see https://bugzilla.redhat.com/show_bug.cgi?id=684308 Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
idmapd: Fix decoding of octal encoded fields The decoded octal will always be positive and (char) -1 is negative. Any field containing an encoded octal will be rejected. As the encoded value should be an unsigned char, fix the check to reject all values > (unsigned char) -1 = UCHAR_MAX, as this indicate an error in the encoding. Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de> Signed-off-by: Steve Dickson <steved@redhat.com>
idmapd: Fix decoding of octal encoded fields The decoded octal will always be positive and (char) -1 is negative. Any field containing an encoded octal will be rejected. As the encoded value should be an unsigned char, fix the check to reject all values > (unsigned char) -1 = UCHAR_MAX, as this indicate an error in the encoding. Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de> Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: Move common code into support There are several source files and headers present in the ./utils/idmapd directory which are also usable in a doimapd daemon. Because of this we move that support into the support directory such that it can be shared by both daemons. Signed-off-by: Jim Rees <rees@umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
rpc.idmapd: Type of idmap client should be defined by ic_id not ic_clid. The type of idmap_client is defined by idmap_client.ic_id for nfs, so nfsd should have the same style. Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Removed warnings from idmapd.c idmapd.c:120: warning: missing initializer idmapd.c:120: warning: (near initialization for 'nfsd_ic[0].ic_event') idmapd.c:121: warning: missing initializer idmapd.c:121: warning: (near initialization for 'nfsd_ic[1].ic_event') idmapd.c: In function 'flush_nfsd_cache': idmapd.c:173: warning: comparison between signed and unsigned integer expressions idmapd.c: In function 'dirscancb': idmapd.c:384: warning: unused parameter 'fd' idmapd.c:384: warning: unused parameter 'which' idmapd.c: In function 'svrreopen': idmapd.c:468: warning: unused parameter 'fd' idmapd.c:468: warning: unused parameter 'which' idmapd.c:468: warning: unused parameter 'data' idmapd.c: In function 'clntscancb': idmapd.c:474: warning: unused parameter 'fd' idmapd.c:474: warning: unused parameter 'which' idmapd.c: In function 'nfsdcb': idmapd.c:488: warning: unused parameter 'fd' idmapd.c: In function 'nfscb': idmapd.c:663: warning: unused parameter 'fd' idmapd.c: In function 'validateascii': idmapd.c:850: warning: comparison between signed and unsigned integer expressions idmapd.c:858: warning: comparison between signed and unsigned integer expressions idmapd.c: In function 'getfield': idmapd.c:916: warning: comparison between signed and unsigned integer expressions Signed-off-by: Steve Dickson <steved@redhat.com>
idmapd: rearm event handler after error in nfsdcb() A couple of years ago, Bruce committed a patch to make knfsd send unsigned uid's and gid's to idmapd, rather than signed values. Part of that earlier discussion is here: http://linux-nfs.org/pipermail/nfsv4/2007-December/007321.html While this fixed the immediate problem, it doesn't appear that anything was ever done to make idmapd continue working when it gets a bogus upcall. idmapd uses libevent for its main event handling loop. When idmapd gets an upcall from knfsd it will service the request and then rearm the event by calling event_add on the event structure again. When it hits an error though, it returns in most cases w/o rearming the event. That prevents idmapd from servicing any further requests from knfsd. I've made another change too. If an error is encountered while reading the channel file, this patch has it close and reopen the file prior to rearming the event. I've not been able to test this patch directly, but I have tested a backport of it to earlier idmapd code and verified that it did prevent idmapd from hanging when it got a badly formatted upcall from knfsd. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
mydaemon: remove closeall() calls from mydaemon() idmapd and svcgssd have a mydaemon() routine that uses closeall() to close file descriptors. Unfortunately, they aren't using it correctly and it ends up closing the pipe that the child process uses to talk to its parent. Fix this by not using closeall() in this routine and instead, just close the file descriptors that we know need to be closed. If /dev/null can't be opened for some reason, then just have the child exit with a non-zero error. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>