Ben Hutchings [Mon, 23 Mar 2015 16:34:55 +0000 (16:34 +0000)]
Update debian/watch
- New releases are under utils/nfs-utils, not utils/nfs
- bzip2 compression is no longer used, so download xz-compressed archives
- Web server supports SSL/TLS, so use it
Steve Langasek [Mon, 24 Feb 2014 18:10:54 +0000 (10:10 -0800)]
Provide quoted entries by default in debian/nfs-kernel-server.default, consistent with other default files, so that users who edit the file to add multiple options don't accidentally cause shell syntax bugs.
Steve Langasek [Mon, 24 Feb 2014 18:05:13 +0000 (10:05 -0800)]
debian/nfs-kernel-server.init: don't try to check for nfsv3 configuration in nfsd and pass --no-nfs-version 3 to mountd if absent; the check is buggy and impossible to make reliable, and there's no reason to single out NFSv3 here (and the original rationale for this behavior is lost). Closes LP: #897644, LP: #1284210.
Steve Langasek [Sat, 1 Feb 2014 16:56:26 +0000 (11:56 -0500)]
Tweak nfs-common preinst to not remove nfs state files except on package removal (i.e., these should not be removed when the package is deconfigured temporarily).
Steve Langasek [Mon, 13 Jan 2014 22:58:17 +0000 (22:58 +0000)]
Only start nfs-common in runlevel S; it doesn't need to be started more than once (and startpar won't actually run it more than once, anyway). Closes: #510528.
Steve Langasek [Mon, 13 Jan 2014 22:35:14 +0000 (22:35 +0000)]
Move the rpc.svcgssd(8) symlink to nfs-common along with the rest of it, and add the Replaces: on old versions of nfs-kernel-server to support upgrades properly.
Steve Langasek [Sat, 1 Jun 2013 00:43:11 +0000 (00:43 +0000)]
Build --with-libgssglue, which was the default prior to 1.2.8; this fixes a regression that makes rpc.gssd (and hence, all Kerberos-authenticated mounts) completely useless, because objects are being incorrectly passed between multiple gss implementations (by way of libtirpc). Closes: #707960.
Luk Claes [Fri, 10 May 2013 08:13:53 +0000 (10:13 +0200)]
New upstream version (Closes: #707258).
* New upstream version (Closes: #707258).
- Only amend extra-options on a successful vers=4 mount
(Closes: #690181).
- Use default domain (Closes: #657188).
- Fix is-subdirectory to understand '/' (Closes: #685306).
- Drop 18-osd_login-sbindir: incorporated upstream.
Simo Sorce [Fri, 19 Apr 2013 14:10:33 +0000 (10:10 -0400)]
Avoid DNS reverse resolution for server names (take 3)
A NFS client should be able to work properly even if the DNS Reverse
record for the server is not set. This means a DNS lookup should not be
done on server names at are passed to GSSAPI. This patch changes the default
behavior to no longer do those types of lookups
This change default behavior could negatively impact some current
environments, so the -D option is also being added that will re-enable
the DNS reverse looks on server names, which are passed to GSSAPI.
Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Fri, 19 Apr 2013 17:13:57 +0000 (13:13 -0400)]
sm-notify: "-v hostname" doesn't work when IPV6_SUPPORT is enabled
Marc Eshel reports that using the -v command line option on the
sm-notify command stopped working after nfs-utils 1.2.2, when IPv6
support was added. If nfs-utils is built without IPv6 support, it
still works. Marc specified a hostname with a single A record.
smn_bind_address() must construct a bind address with the same
family as the RPC socket's protocol family. Add an AI_V4MAPPED hint
so an appropriate IPv6 bind address is constructed even if -v
specifies an IPv4 presentation address, or a hostname with only IPv4
mappings.
We still use an IPv4 bind address if IPv6 support is compiled out or
the host does not support IPv6.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> Cc: Marc Eshel <eshel@us.ibm.com>
set NFSEXP_FSID for the export of "/" if nothing else had any fsid set,
however it didn't also set the flag for all security flavours. So the
kernel complains that the flags on the security flavours don't match and
it rejects the export.
So call fix_pseudoflavor_flags() in write_secinfo() to make sure that
any fiddling that has been done to e_flags gets copied to e_secinfo.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Simo Sorce [Fri, 19 Apr 2013 17:02:36 +0000 (13:02 -0400)]
gssd: Allow GSSAPI to try to acquire credentials first.
GSSAPI can be given a uid number as a special name, and then
gss_acquire_cred() can use the name to try to find credentials for
the user.
Give GSSAPI a chance to do it on its own, then fallback to the classic
method of trolling through the file system to find a credential cache.
This patch uses a little know feature of GSSAPI that permits to acquire
crdentials specifying the user's UID. Normally GSSAPI will simply
perform a getpwuid() call and use the user name to generate a principal name and
then see if it can find a TGT for that principal in the local ccache.
This feature is vital to allow the GSS-Proxy to be able to initiate
crdentials on behalf of rpc.gssd using client keytabs stored in the filsystem.
GSS-Proxy works through an interposer-type plugin (new feature in MIT 1.11)
that allows to intercept all GSSAPI requestes and relay them to a system
daemon via a socket. This daemon (GSS-Proxy) then can perform operations
on behalf of other applications with additional logic.
In the rpc.gssd case the GSS-Proxy daemon allows applications running as
system users to properly access krb5 protected shares by creating a
credential cache on the fly when necessary.
This way all applications that need access to krb5 protected shares do not need
to be taught how to initiate crdentials on their own, nor they need to be
wrapped in additional init scripts like k5start or use wasteful cronjobs to
keep credentials fresh. All is needed is to drop a keytab with the right keys
in a special location on the system and gss-proxy will do the rest.
Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jose Castillo [Fri, 19 Apr 2013 14:51:57 +0000 (10:51 -0400)]
mountd: Add the missing '$' in auth_unix_ip()
We found this problem because NFS clients to a RHEL6 NFS server were
experiencing periods of ESTALE errors after being mounted and initially
working successfully. Tests were run which snapshotted the nfs/sunrpc
caches before and after the issue, and it was found that the '$'
character
at the beginning of the ID strings, used when in use_ipaddr mode, was
getting
lost:
GOOD, while mount was working:
nfsd 1.2.3.4 $1.2.3.4
BAD, after mount started returning ESTALE:
nfsd 1.2.3.4 1.2.3.4
This would then cause the export checks to fail by passing '1.2.3.4'
instead of '$1.2.3.4' up to rpc.mountd.
The problem appears to be in the auth_unix_ip() function when renewing
the auth.unix.ip cache entry. It would fail to add the '$' character
back to the beginning of the string used for the domain string,
breaking the use_ipaddr mode.
Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 10 Apr 2013 15:43:31 +0000 (11:43 -0400)]
nfs(5): Update description of sec= mount option
Bryan recently added SECINFO support, and I've beefed up the NFSv3
MNT processing in kernel to do some security flavor negotiation.
Thus the kernel can perform additional security flavor negotiation
now. Update the description of the sec= mount option and the
SECURITY CONSIDERATIONS section to reflect this change.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Simo Sorce [Wed, 10 Apr 2013 15:34:41 +0000 (11:34 -0400)]
gssd: Fix double free when exporting lucid context
When using GSSAPI's gss_krb5_export_lucid_context the context passed
into the function is actually deleted during the export (to avoid
reuse as the context contains state that depends on its usage).
Change the code to pass in a pointer to the context so that it can be
properly NULLed if we are using the GSSAPI context and following calls to
gss_delete_sec_context will not cause double free errors and segfaults.
Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Simo Sorce [Tue, 2 Apr 2013 19:04:37 +0000 (15:04 -0400)]
gssd: Switch to use standard GSSAPI by default
Make libgssglue configurable still but disabled by default.
There is no reason to use libgssglue anymore, and modern gssapi
supports all needed features for nfs-utils.
Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Trond Myklebust [Mon, 25 Mar 2013 20:07:59 +0000 (16:07 -0400)]
nfsd: Add support for the -V and --nfs-version optional arguments
Add command line options to enable those NFS versions that are
currently disabled by default. We choose to use the options '-V'
and '--nfs-version' for compatibility with rpc.mountd.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Mike Frysinger [Mon, 25 Mar 2013 12:35:37 +0000 (08:35 -0400)]
rpcdebug: do not use build toolchain
The rpcdebug program gets installed, so we don't want to use the build
toolchain to compile it. I can't find any scripts in the build system
that try to execute it, so this shouldn't be a problem.
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Steve Dickson <steved@redhat.com>
The root entry is not correct, as there does exist an export whose
unspecified default security flavor is "sys". The security settings
on the root cause sec=sys mount attempts to be incorrectly rejected.
The reason is that when the line in /etc/exports for "/a" is parsed,
the e_secinfo list for that exportent is left empty. Thus the union
of e_secinfo lists created by set_pseudofs_security() is
"krb5:krb5i:krb5p".
I fixed this by ensuring that if no "sec=" option is specified for
an export, its e_secinfo list gets at least an entry for AUTH_UNIX.
[ Yes, we could make the security flavors allowed for the pseudo-fs
a fixed list of all flavors the server supports. That becomes
complicated by the special meaning of AUTH_NULL, and we still have
to check /etc/exports for whether Kerberos flavors should be listed.
I opted for a simple approach for now. ]
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chris Vogan [Sat, 23 Mar 2013 12:22:41 +0000 (08:22 -0400)]
NFS man page patch that moves nordirplus/rdirplus
NFS man page patch that moves nordirplus/rdirplus from "Options for NFS
versions 2 and 3 only" to "Options supported by all versions". Its a
better fit here since this option is also needed for some NFSv4 servers.
Signed-off-by: Chris Vogan <cvogan@gmail.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:13:22 +0000 (08:13 -0400)]
gssd: gethostname(3) returns zero or -1, not an errno
According to "man gethostname," gssd is handling the return value of
gethostname(3) incorrectly. It looks like other gethostname(3) call
sites in nfs-utils are already correct.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:11:28 +0000 (08:11 -0400)]
gssd: Clean up gssd_setup_krb5_user_gss_ccache()
Remove a contradictory portion of the block comment documenting
gssd_find_existing_krb5_ccache(). This should have been removed by
commit 289ad31e, which reversed the meaning of the function's return
values.
Note that, in user space, typically errno's are positive. But here
we follow the kernel convention of using negative values to return
error codes. Make the documenting comments explicit about the sign
of an error return -- it will never be positive in the case of an
error.
And a nit: At the last return statement in
gssd_setup_krb5_user_gss_ccache(), "err" always contains zero, as
far as I can tell. Make it explicit (to human readers) that when
execution reaches this point, gssd_setup_krb5_user_gss_ccache() is
going to return "success."
Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:09:42 +0000 (08:09 -0400)]
gssd: Update description of "-l" option
Move most of the text in the description of the "-l" option up to
the DESCRIPTION section, to match what was done for "-n" and "-k".
The discussion is then less restricted by formatting, and we can
take the space to introduce a few concepts before describing the
behavior of rpc.gssd.
Fix a few misspellings and grammar issues while here.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:08:36 +0000 (08:08 -0400)]
gssd: Clarify use of the term "machine credentials" in rpc.gssd(8)
Our NFSv4 implementation uses machine credentials for operations
that manage state on behalf of the whole client (for example,
SETCLIENTID or RENEW). The rpc.gssd man page is missing a
description of this usage, especially in the discussion of the "-n"
option.
The issue is that rpc.gssd's "-n" option requires root to acquire a
user credential. In the absense of a system keytab (for instance,
if the system is diskless) root's credential is not to be used as
the machine credential that manages NFSv4 state.
Group the discussion of machine credentials and UID 0 in one place
to help clarify the discussion and simplify the description of
several of these options.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:07:46 +0000 (08:07 -0400)]
gssd: Provide an introduction in gssd(8)
It's good practice in user documentation to define terms before they
are used. Add an INTRODUCTION section that defines important terms
that are used in the DESCRIPTION and OPTIONS sections. The key
concepts are GSS context, user credential, machine credential, and
keytab.
The RFCs I looked at capitalize both "gss" and "rpcsec_gss". For
consistency I changed this throughout the man page.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:05:30 +0000 (08:05 -0400)]
gssd: Use italics for option values and pathnames
Clean up: The usual convention for the values of command line
options and for pathnames is for them to appear italicized,
rather than emboldened or in double quotes.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 23 Mar 2013 12:03:56 +0000 (08:03 -0400)]
mountd: make local functions in v4root.c static
Clean up. set_pseudofs_security() and pseudofs_update() have no
call sites outside of v4root.c, and there are no header declarations
for either function. Define both as static.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Lukas Hejtmanek [Wed, 20 Mar 2013 17:24:02 +0000 (13:24 -0400)]
gssd - expired credentials problem
I noticed that there is a problem with expired credentials if NFS
client's time is even few seconds behind KDC's or NFS server's time.
Client's kernel requests new GSS context but rpc.gssd is happy with
existing krb cache as it valid according to local time.
NeilBrown [Wed, 20 Mar 2013 17:03:58 +0000 (13:03 -0400)]
gssd: don't krb5_free_context if krb5_init_context fails
Most places that call krb5_init_context() abort cleanly on failure.
However these two then try to free the non-existent context, which
doesn't end well.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Wed, 13 Feb 2013 20:11:05 +0000 (15:11 -0500)]
gssd: Call authgss_free_private_data() if library provides it.
librpcsecgss provides authgss_free_private_data() as a pair to
authgss_get_private_data(). libtirpc does not - until recently.
This ommision results in authgss_destroy_context() sending an
incorrect RPCSEC_GSS_DESTROY request when gssd calls AUTH_DESTROY().
The call has been added to libtirpc, so this patch updates nfs-utils
to check for the presense of the function in libtirpc and to set
HAVE_AUTHGSS_FREE_PRIVATE_DATA if it is present.
This is also set unconditionally if librpcsecgss is used.
gssd is changed to test this value rather than HAVE_LIBTIRPC when
chosing whether to call authgss_free_private_data().
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Hemmo Nieminen [Wed, 16 Jan 2013 20:29:14 +0000 (15:29 -0500)]
rpc.statd: Fix socket binding loop.
From: Hemmo Nieminen <hemmo.nieminen@iki.fi>
Instead of closing the sockets before requesting a new one, keep them
open until a suitable one is found. Otherwise bindresvport will return
the same port over and over again.
David Jeffery [Wed, 16 Jan 2013 20:21:55 +0000 (15:21 -0500)]
rpc.idmapd: Ignore open failures in dirscancb()
From: David Jeffery <djeffery@redhat.com>
The daemon "rpc.idmapd" scans the /var/lib/nfs/rpc_pipefs/nfs/ directory
periodically looking for NFS client mounts to communicate to. The daemon
tried to open communication with a client mount but it disappeared in
between looking for directory entries and opening them. NFS mount was
umounted just before rpc.idmapd tried to communicate with it. This
behavior is usually seen when autofs is configured on the system.
Suresh Jayaraman [Mon, 17 Dec 2012 21:29:44 +0000 (16:29 -0500)]
idmapd: allow non-ASCII characters (UTF-8) in NFSv4 domain name
The validateascii() check in imconv() maps NFSv4 domain names with
non-ASCII characters to 'nobody'. In setups where Active directory
or LDAP is used this causes names with UTF-8 characters to being
mapped to 'nobody' because of this check.
As Bruce Fields puts it:
"idmapd doesn't seem like the right place to enforce restrictions on
names. Once the system has allowed a name it's too late to be
complaining about it here."
Replace the validateascii() call in imconv() with a check for
null-termination just to be extra-careful and remove the validateascii()
function itself as the only user of that function is being
removed by this patch.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Mon, 17 Dec 2012 21:21:15 +0000 (16:21 -0500)]
mountd: fix is_subdirectory to understand '/'
The is_subdirectory() function checks if a given 'child' is a
subdirectory of the given 'parent'. However it always fails
if 'parent' == "/" (because 'child' doesn't begin with 'parent'
followed by "/").
So change is_subdirectory() to special-case "/".
subexport() also tests if one directory is a subdirectory of the
other, and contains the same bug. So change it to use
is_subdirectory().
Finally, move is_subdirectory() and related path_matches() and
export_matches() earlier in the file to avoid a forward-reference.
This patch fixes a bug wherein if you export "/" with 'crossmnt', the
crossmnt flag is ineffective and you can only access the root
filesystem, not any descendants.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
changed writes to some sysfs files to be line buffered (_IOLBF) where
they weren't before. While this probably makes sense, it introduced a
bug.
With fully buffered streams, you don't expect to get an error until you
call fflush(). With line buffered streams you can get the error
from fprintf() et al.
qword_eol() only tests the return from fflush(), not from fprintf().
Consequently errors were not noticed.
One result of this is that if you export, with crossmnt, a filesystem
underneath which are mounted non-exportable filesystems (e.g. /proc)
then an 'ls -l' on the client will block indefinitely waiting for a
meaningful 'yes' or 'no' from the server, but will never get one.
This patch changes qword_eol to test both fprintf and fflush.
Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 12 Dec 2012 15:31:06 +0000 (10:31 -0500)]
mountd: Report the absolute path used to load the junction plug-in
As a debugging feature, report the absolute pathname of the plug-in
library that mountd loads to resolve junctions.
Since mountd passes a relative path to dlopen(3), dlopen(3) must
search for the right library. Displaying the absolute pathname of
the object that it found verifies that mountd loaded the correct
plug-in.
Note: dlinfo(3) is provided by libdl, but there doesn't seem to be a
man page on Fedora 16 for dlinfo(3). Instead, see:
http://www.unix.com/man-page/all/3/dlinfo/
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Wed, 28 Nov 2012 19:35:25 +0000 (14:35 -0500)]
gssd: base the size of the fd array on the RLIMIT_NOFILE limit.
We have previously raised the size of the 'pollarray' once (32 -> 256)
and I have had another request to make it bigger.
Rather than changing the hard-coded value, make it depend on
RLIMIT_NOFILE. This is an upper limit on the size of the array
that can be passed to poll() anyway.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
projects / nfs-utils.git / log