From f45e7bc2b0c449bc1fb28576806db1d7aa6517b6 Mon Sep 17 00:00:00 2001 From: hjl Date: Wed, 5 Jul 2000 00:07:48 +0000 Subject: [PATCH 01/16] 2000-07-04 H.J. Lu * configure.in (VERSION): Set to "0.1.9.1". * configure: Regenerated. * nfs-utils.spec: Updated. * README: Updated. --- ChangeLog | 8 ++++++++ README | 10 +++++----- configure | 2 +- configure.in | 2 +- nfs-utils.spec | 2 +- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c54ed0..b225aef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2000-07-04 H.J. Lu + + * configure.in (VERSION): Set to "0.1.9.1". + * configure: Regenerated. + * nfs-utils.spec: Updated. + + * README: Updated. + 2000-07-04 Neil Brown * support/export/hostname.c (hostent_dup): Handle the NULL diff --git a/README b/README index ae74715..af42d00 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the Linux NFS utility package version 0.1.9. +This is the Linux NFS utility package version 0.1.9.1. There is a Linux NFS mailing list at @@ -14,8 +14,8 @@ will get the latest version. The files are -ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9.tar.gz -ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.8.2-0.1.9.diff.gz +ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9.1.tar.gz +ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9-0.1.9.1.diff.gz To compile, just do @@ -30,7 +30,7 @@ They are tested on RedHat 6.2. On RedHat 6.2, you can use -# rpm -ta nfs-utils-0.1.9.tar.gz +# rpm -ta nfs-utils-0.1.9.1.tar.gz to build the source and binary RPMs. @@ -48,4 +48,4 @@ Thanks. H.J. hjl@lucon.org -07/03/2000 +07/04/2000 diff --git a/configure b/configure index 52f58f8..4a17bdb 100755 --- a/configure +++ b/configure @@ -544,7 +544,7 @@ fi # The nfs-utils version -VERSION="0.1.9" +VERSION="0.1.9.1" # Check whether --with-statedir or --without-statedir was given. diff --git a/configure.in b/configure.in index a6098c8..b6298d9 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ AC_INIT(rules.mk) AC_PREFIX_DEFAULT(/usr) # The nfs-utils version -VERSION="0.1.9" +VERSION="0.1.9.1" AC_SUBST(VERSION) dnl ************************************************************* diff --git a/nfs-utils.spec b/nfs-utils.spec index 2801d4b..5815978 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -1,6 +1,6 @@ Summary: NFS utlilities and supporting daemons for the kernel NFS server. Name: nfs-utils -Version: 0.1.9 +Version: 0.1.9.1 Release: 1 Source0: ftp://nfs.sourceforge.net/pub/nfs/%{name}-%{version}.tar.gz Group: System Environment/Daemons -- 2.39.2 From 311607be93bc843e5d170b3e56b7d9d2587b3e1e Mon Sep 17 00:00:00 2001 From: hjl Date: Wed, 5 Jul 2000 00:16:57 +0000 Subject: [PATCH 02/16] 2000-07-04 H.J. Lu * utils/statd/log.c: Include for exit (). * utils/statd/misc.c (xunlink): Add `{' and `}' to quiet the gcc warning. --- ChangeLog | 7 +++++++ utils/statd/log.c | 1 + utils/statd/misc.c | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b225aef..44bef0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2000-07-04 H.J. Lu + + * utils/statd/log.c: Include for exit (). + + * utils/statd/misc.c (xunlink): Add `{' and `}' to quiet the + gcc warning. + 2000-07-04 H.J. Lu * configure.in (VERSION): Set to "0.1.9.1". diff --git a/utils/statd/log.c b/utils/statd/log.c index cf903af..bf66547 100644 --- a/utils/statd/log.c +++ b/utils/statd/log.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include diff --git a/utils/statd/misc.c b/utils/statd/misc.c index 42f6e57..d2365d6 100644 --- a/utils/statd/misc.c +++ b/utils/statd/misc.c @@ -62,11 +62,12 @@ xunlink (char *path, char *host, short int check) tozap=alloca (strlen(path)+strlen(host)+2); sprintf (tozap, "%s/%s", path, host); - if (!check || !nlist_gethost(rtnl, host, 0)) + if (!check || !nlist_gethost(rtnl, host, 0)) { if (unlink (tozap) == -1) log (L_ERROR, "unlink (%s): %s", tozap, strerror (errno)); else dprintf (L_DEBUG, "Unlinked %s", tozap); + } else dprintf (L_DEBUG, "Not unlinking %s--host still monitored.", tozap); } -- 2.39.2 From 9b2a1e5430e9bcca39eddc25464234fd95d50b83 Mon Sep 17 00:00:00 2001 From: hjl Date: Thu, 10 Aug 2000 03:02:40 +0000 Subject: [PATCH 03/16] 2000-08-02 H.J. Lu * utils/mountd/auth.c (auth_authenticate_internal): Try to avoid the reverse name lookup. --- ChangeLog | 5 +++++ utils/mountd/auth.c | 23 +++++++++++++++++------ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 44bef0a..b56dd18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2000-08-02 H.J. Lu + + * utils/mountd/auth.c (auth_authenticate_internal): Try to + avoid the reverse name lookup. + 2000-07-04 H.J. Lu * utils/statd/log.c: Include for exit (). diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c index 98c3944..49567c9 100644 --- a/utils/mountd/auth.c +++ b/utils/mountd/auth.c @@ -78,10 +78,19 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller, } auth_fixpath(path); - if (!(*hpp = gethostbyaddr((const char *)&addr, sizeof(addr), AF_INET))) - *hpp = get_hostent((const char *)&addr, sizeof(addr), - AF_INET); - else { + /* First try it w/o doing a hostname lookup... */ + *hpp = get_hostent((const char *)&addr, sizeof(addr), AF_INET); + exp = export_find(*hpp, path); + + if (!exp) { + /* Ok, that didn't fly. Try it with a reverse lookup. */ + free (*hpp); + *hpp = gethostbyaddr((const char *)&addr, sizeof(addr), + AF_INET); + if (!(*hpp)) { + *error = no_entry; + return NULL; + } else { /* must make sure the hostent is authorative. */ char **sp; struct hostent *forward = NULL; @@ -113,12 +122,14 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller, *hpp = hostent_dup (*hpp); return NULL; } - } + } - if (!(exp = export_find(*hpp, path))) { + if (!(exp = export_find(*hpp, path))) { *error = no_entry; return NULL; + } } + if (!exp->m_mayexport) { *error = not_exported; return NULL; -- 2.39.2 From da25e1aa006bafb4dd08e2ffedbd42d7c1f4036b Mon Sep 17 00:00:00 2001 From: hjl Date: Thu, 10 Aug 2000 03:04:51 +0000 Subject: [PATCH 04/16] 2000-08-09 H.J. Lu * etc/redhat/nfs.init: Run /usr/sbin/exportfs first during startup to ensure all existing clients work fine. * support/export/xtab.c (xtab_mount_read): Pass 1 instead of 0 to xtab_read () for reading _PATH_XTAB. --- ChangeLog | 8 ++++++++ etc/redhat/nfs.init | 4 +--- support/export/xtab.c | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b56dd18..2fcd4a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2000-08-09 H.J. Lu + + * etc/redhat/nfs.init: Run /usr/sbin/exportfs first during + startup to ensure all existing clients work fine. + + * support/export/xtab.c (xtab_mount_read): Pass 1 instead of 0 + to xtab_read () for reading _PATH_XTAB. + 2000-08-02 H.J. Lu * utils/mountd/auth.c (auth_authenticate_internal): Try to diff --git a/etc/redhat/nfs.init b/etc/redhat/nfs.init index a667619..eb95a24 100755 --- a/etc/redhat/nfs.init +++ b/etc/redhat/nfs.init @@ -36,6 +36,7 @@ RPCMOUNTDOPTS="--no-nfs-version 3" case "$1" in start) # Start daemons. + action "Starting NFS services: " /usr/sbin/exportfs -r echo -n "Starting NFS quotas: " daemon rpc.rquotad echo @@ -45,9 +46,6 @@ case "$1" in echo -n "Starting NFS daemon: " daemon rpc.nfsd $RPCNFSDCOUNT echo - # Do it the last so that all clients mounting points are - # exported. FIXME: Why? - action "Starting NFS services: " /usr/sbin/exportfs -r touch /var/lock/subsys/nfs ;; stop) diff --git a/support/export/xtab.c b/support/export/xtab.c index 4289d7c..c8adc06 100644 --- a/support/export/xtab.c +++ b/support/export/xtab.c @@ -53,7 +53,7 @@ xtab_mount_read(void) close(fd); return xtab_read(_PATH_PROC_EXPORTS, 0); } else - return xtab_read(_PATH_XTAB, 0); + return xtab_read(_PATH_XTAB, 1); } int -- 2.39.2 From 82d42dffa84fb884684f75769ca13668c5188a5e Mon Sep 17 00:00:00 2001 From: neilbrown Date: Wed, 23 Aug 2000 01:17:52 +0000 Subject: [PATCH 05/16] 1/ be less trusting of information in /var/lib/nfs/xtab. Add things to kernel even if they are in here. 2/ O_CREAT [ex]log when locking for write incase they don't exist 3/ added etc/debian diretory with some files --- ChangeLog | 20 +++++++++ etc/debian/nfs-common | 73 +++++++++++++++++++++++++++++++ etc/debian/nfs-kernel-server | 84 ++++++++++++++++++++++++++++++++++++ support/export/xtab.c | 19 ++++++-- support/include/exportfs.h | 4 +- support/nfs/xio.c | 2 +- utils/exportfs/exportfs.c | 2 +- utils/mountd/mountd.c | 2 +- 8 files changed, 197 insertions(+), 9 deletions(-) create mode 100644 etc/debian/nfs-common create mode 100644 etc/debian/nfs-kernel-server diff --git a/ChangeLog b/ChangeLog index 2fcd4a4..3663a64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2000-08-23 Neil Brown + + * support/export/xtab.c(xtab_read): introduce new mode for + reading xtab. i.e. a list of exports that might be known to the + kernel, or might not. These are flagged as m_exported == -1 + * support/export/xtab.c(xtab_mount_read): call xtab_read with new + value "2" for xtab, meaning don't trust this too much. + * support/include/exportfs.h(struct mexport): changed m_exported + from one bit to an int so that it can hold new value + * utils/exportfs/exportfs.c(exportfs_ipdate): add an export to the + kernel if it is uncertain whether the kernel knows (m_exported == -1) + * utils/mountd/mountd.c(get_rootfh): similarly export to kernel if + status is uncertain + + * support/nfs/xio.c(xflock): added O_CREAT when getting + a write lock so that missing files aren't fatal. + + * etc/debian/nfs-common: new file from "potato" + * etc/debian/nfs-kernel-server: new file from "potato" plus fixes. + 2000-08-09 H.J. Lu * etc/redhat/nfs.init: Run /usr/sbin/exportfs first during diff --git a/etc/debian/nfs-common b/etc/debian/nfs-common new file mode 100644 index 0000000..a9dcb5d --- /dev/null +++ b/etc/debian/nfs-common @@ -0,0 +1,73 @@ +#!/bin/sh +# +# nfs-common This shell script takes care of starting and stopping +# common daemons required for NFS clients and servers. +# +# chkconfig: 345 20 80 +# description: NFS is a popular protocol for file sharing across \ +# TCP/IP networks. This service provides NFS file \ +# locking functionality. +# + +PREFIX= + +NEED_LOCKD=yes +if test -f /proc/ksyms +then + # We need to be conservative and run lockd, + # unless we can prove that it isn't required. + grep -q lockdctl /proc/ksyms || NEED_LOCKD=no +fi + +[ -x $PREFIX/sbin/rpc.statd ] || exit 0 +[ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 + +# What is this? +DESC="NFS common utilities" + +# Make sure that daemon cwds are in root fs. +cd / + +# See how we were called. +case "$1" in + start) + printf "Starting $DESC:" + printf " statd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.statd + if [ "$NEED_LOCKD" = yes ] + then + printf " lockd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.lockd + fi + echo "." + ;; + + stop) + printf "Stopping $DESC:" + if [ "$NEED_LOCKD" = yes ] + then + printf " lockd" + start-stop-daemon --stop --oknodo --quiet \ + --name lockd --user root --signal 9 + fi + printf " statd" + start-stop-daemon --stop --oknodo --quiet \ + --exec $PREFIX/sbin/rpc.statd + echo "." + ;; + + restart | force-reload) + $0 stop + sleep 1 + $0 start + ;; + + *) + echo "Usage: nfs-common {start|stop|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/debian/nfs-kernel-server b/etc/debian/nfs-kernel-server new file mode 100644 index 0000000..826e126 --- /dev/null +++ b/etc/debian/nfs-kernel-server @@ -0,0 +1,84 @@ +#!/bin/sh +# +# nfs-kernel-server +# This shell script takes care of starting and stopping +# the kernel-mode NFS server. +# +# chkconfig: 345 60 20 +# description: NFS is a popular protocol for file sharing across TCP/IP \ +# networks. This service provides NFS server functionality, \ +# which is configured via the /etc/exports file. +# + +PREFIX=/usr +[ -x $PREFIX/sbin/rpc.nfsd ] || exit 0 +[ -x $PREFIX/sbin/rpc.mountd ] || exit 0 +[ -x $PREFIX/sbin/exportfs ] || exit 0 + +# What is this? +DESC="NFS kernel daemon" + +RPCNFSDCOUNT=8 # Number of servers to be started up by default +RPCMOUNTDOPTS= + +# Make sure that daemon cwds are in root fs. +cd / + +# See how we were called. +case "$1" in + start) + if grep -q '^/' /etc/exports; then + printf "Exporting directories for $DESC..." + $PREFIX/sbin/exportfs -r + echo "done." + + printf "Starting $DESC:" + printf " nfsd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT + printf " mountd" + $PREFIX/bin/rpcinfo -u localhost nfs 3 > /dev/null 2>&1 || + RPCMOUNTDOPTS="$RPCMOUNDOPTS --no-nfs-version 3" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS + echo "." + + else + echo "Not starting $DESC: No exports." + fi + ;; + + stop) + printf "Stopping $DESC: mountd" + start-stop-daemon --stop --oknodo --quiet \ + --exec $PREFIX/sbin/rpc.mountd + printf " nfsd" + start-stop-daemon --stop --oknodo --quiet \ + --name nfsd --user root --signal 2 + echo "." + + printf "Unexporting directories for $DESC..." + $PREFIX/sbin/exportfs -au + echo "done." + ;; + + reload | force-reload) + printf "Re-exporting directories for $DESC..." + $PREFIX/sbin/exportfs -r + echo "done." + ;; + + restart) + $0 stop + sleep 1 + $0 start + ;; + + *) + echo "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}" + exit 1 + ;; +esac + +exit 0 + diff --git a/support/export/xtab.c b/support/export/xtab.c index c8adc06..b0c3095 100644 --- a/support/export/xtab.c +++ b/support/export/xtab.c @@ -21,6 +21,10 @@ static int xtab_read(char *xtab, int is_export) { + /* is_export == 0 => reading /proc/fs/nfs/exports - we know these things are exported to kernel + * is_export == 1 => reading /var/lib/nfs/etab - these things are allowed to be exported + * is_export == 2 => reading /var/lib/nfs/xtab - these things might be known to kernel + */ struct exportent *xp; nfs_export *exp; int lockid; @@ -33,11 +37,18 @@ xtab_read(char *xtab, int is_export) !(exp = export_create(xp))) { continue; } - if (is_export) { + switch (is_export) { + case 0: + exp->m_exported = 1; + break; + case 1: exp->m_xtabent = 1; exp->m_mayexport = 1; - } else - exp->m_exported = 1; + break; + case 2: + exp->m_exported = -1;/* may be exported */ + break; + } } endexportent(); xfunlock(lockid); @@ -53,7 +64,7 @@ xtab_mount_read(void) close(fd); return xtab_read(_PATH_PROC_EXPORTS, 0); } else - return xtab_read(_PATH_XTAB, 1); + return xtab_read(_PATH_XTAB, 2); } int diff --git a/support/include/exportfs.h b/support/include/exportfs.h index d440dc1..3ca248e 100644 --- a/support/include/exportfs.h +++ b/support/include/exportfs.h @@ -36,8 +36,8 @@ typedef struct mexport { struct mexport * m_next; struct mclient * m_client; struct exportent m_export; - int m_exported : 1, /* known to knfsd */ - m_xtabent : 1, /* xtab entry exists */ + int m_exported; /* known to knfsd. -1 means not sure */ + int m_xtabent : 1, /* xtab entry exists */ m_mayexport: 1, /* derived from xtabbed */ m_changed : 1; /* options (may) have changed */ } nfs_export; diff --git a/support/nfs/xio.c b/support/nfs/xio.c index 49ee6bc..0a250fc 100644 --- a/support/nfs/xio.c +++ b/support/nfs/xio.c @@ -55,7 +55,7 @@ xflock(char *fname, char *type) struct flock fl = { readonly? F_RDLCK : F_WRLCK, SEEK_SET, 0, 0, 0 }; int fd; - if ((fd = open(fname, readonly? O_RDONLY : O_RDWR)) < 0) { + if ((fd = open(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT))) < 0) { xlog(L_WARNING, "could not open %s for locking", fname); return -1; } diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index c3bb5ba..0504709 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -132,7 +132,7 @@ exports_update(int verbose) nfs_export *exp; for (exp = exportlist[MCL_FQDN]; exp; exp=exp->m_next) { - if (exp->m_mayexport && (!exp->m_exported || exp->m_changed)) { + if (exp->m_mayexport && ((exp->m_exported<1) || exp->m_changed)) { if (verbose) printf("%sexporting %s:%s to kernel\n", exp->m_exported ?"re":"", diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 1cfdc74..1eeefdc 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -263,7 +263,7 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, int *error, int v3) } else { struct nfs_fh_len *fh; - if (!exp->m_exported) + if (exp->m_exported<1) export_export(exp); if (!exp->m_xtabent) xtab_append(exp); -- 2.39.2 From 1369ddc35e940c56aafdb73174b6fe7acc631d8f Mon Sep 17 00:00:00 2001 From: neilbrown Date: Thu, 24 Aug 2000 03:58:16 +0000 Subject: [PATCH 06/16] "dot+1" is bogus - it is a DNS domain, not a yp domain --- ChangeLog | 5 +++++ support/export/client.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3663a64..2c70cdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2000-08-24 Neil Brown + * support/export/client.c(client_check): removed the "dot+1" as a + ypdomain argument to innetgr as this is entirely bogus. + It should always be NULL. + 2000-08-23 Neil Brown * support/export/xtab.c(xtab_read): introduce new mode for diff --git a/support/export/client.c b/support/export/client.c index 8c5200a..a7f9d02 100644 --- a/support/export/client.c +++ b/support/export/client.c @@ -237,7 +237,7 @@ client_check(nfs_client *clp, struct hostent *hp) return 0; *dot = '\0'; - match = innetgr(cname+1, hname, NULL, dot + 1); + match = innetgr(cname+1, hname, NULL, NULL); *dot = '.'; return match; -- 2.39.2 From 8c8a9fb90c606cd8fc852a60727291cf9dea051c Mon Sep 17 00:00:00 2001 From: chip Date: Fri, 25 Aug 2000 17:38:47 +0000 Subject: [PATCH 07/16] Debian build support. --- ChangeLog | 6 ++ debian/changelog | 121 +++++++++++++++++++++++++++++ debian/control | 38 +++++++++ debian/copyright | 1 + debian/nfs-common.conffiles | 1 + debian/nfs-common.dirs | 4 + debian/nfs-common.files | 5 ++ debian/nfs-common.init | 73 +++++++++++++++++ debian/nfs-common.postinst | 17 ++++ debian/nfs-common.postrm | 7 ++ debian/nfs-common.prerm | 7 ++ debian/nfs-kernel-server.conffiles | 1 + debian/nfs-kernel-server.dirs | 3 + debian/nfs-kernel-server.init | 83 ++++++++++++++++++++ debian/nfs-kernel-server.postinst | 29 +++++++ debian/nfs-kernel-server.postrm | 8 ++ debian/nfs-kernel-server.prerm | 7 ++ debian/nhfsstone.dirs | 1 + debian/nhfsstone.files | 2 + debian/nhfsstone.postinst | 9 +++ debian/nhfsstone.prerm | 5 ++ debian/rules | 77 ++++++++++++++++++ 22 files changed, 505 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/nfs-common.conffiles create mode 100644 debian/nfs-common.dirs create mode 100644 debian/nfs-common.files create mode 100755 debian/nfs-common.init create mode 100755 debian/nfs-common.postinst create mode 100755 debian/nfs-common.postrm create mode 100755 debian/nfs-common.prerm create mode 100644 debian/nfs-kernel-server.conffiles create mode 100644 debian/nfs-kernel-server.dirs create mode 100755 debian/nfs-kernel-server.init create mode 100755 debian/nfs-kernel-server.postinst create mode 100755 debian/nfs-kernel-server.postrm create mode 100755 debian/nfs-kernel-server.prerm create mode 100644 debian/nhfsstone.dirs create mode 100644 debian/nhfsstone.files create mode 100644 debian/nhfsstone.postinst create mode 100644 debian/nhfsstone.prerm create mode 100755 debian/rules diff --git a/ChangeLog b/ChangeLog index 2c70cdd..8b6e4af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,10 @@ +2000-08-25 Chip Salzenberg + + * debian/*: Complete Debian build support. + * etc/debian/*: Remove. + 2000-08-24 Neil Brown + * support/export/client.c(client_check): removed the "dot+1" as a ypdomain argument to innetgr as this is entirely bogus. It should always be NULL. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..f773143 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,121 @@ +nfs-utils (1:0.1.9.1-2) frozen unstable; urgency=medium + + * Upstream fixes from H.J. Lu and Neil Brown. + + -- Chip Salzenberg Wed, 25 Aug 2000 10:30:00 -0700 + +nfs-utils (1:0.1.9.1-1) frozen unstable; urgency=high + + * New upstream version, fixes more logging errors. + * Fix Debian distribution list. + + -- Chip Salzenberg Wed, 5 Jul 2000 15:00:00 -0800 + +nfs-utils (1:0.1.8.2-2) unstable; urgency=high + + * Fix serious logging error in statd. + + -- Chip Salzenberg Wed, 28 Jun 2000 23:00:00 -0800 + +nfs-utils (1:0.1.8.2-1) unstable; urgency=low + + * New upstream version. + * During startup, start daemons before running exportfs. + + -- Chip Salzenberg Wed, 28 Jun 2000 15:00:00 -0800 + +nfs-utils (1:0.1.8.1-1) unstable; urgency=medium + + * New upstream version. + * Chdir to / before spawning daemons. (closes: #60837, #64857) + * Follow policy for init messages. (closes: #59184, #65519) + + -- Chip Salzenberg Mon, 12 Jun 2000 22:30:00 -0800 + +nfs-utils (1:0.1.8-1) unstable; urgency=low + + * New upstream version. + + -- Chip Salzenberg Sun, 4 Jun 2000 13:30:00 -0800 + +nfs-utils (1:0.1.7.1-1) unstable; urgency=medium + + * New upstream version. + * Use fewer sockets in mountd by sharing RPC transports, + even when it is run without '-p'. + + -- Chip Salzenberg Sat, 29 Apr 2000 20:45:00 -0800 + +nfs-utils (1:0.1.6-3) frozen unstable; urgency=medium + + * Fix kernel server shutdown order: mountd, nfsd, exportfs. + * Upstream: Fix 'mountd -p'. Use fewer UDP sockets + by sharing RPC transports. Display more mount flags. + + -- Chip Salzenberg Mon, 13 Mar 2000 14:45:00 -0800 + +nfs-utils (1:0.1.6-2) frozen unstable; urgency=medium + + * Split off nhfsstone into its own package, since it has + helper scripts and most people won't use it. + * Also include nhfsstone's helpers: nhfs{run,nums,graph}. + * Install man page for nhfsstone. (closes: #55194) + * Always run lockd on non-module kernels. (closes: #57841) + * Make init scripts config files. (closes: #55193) + * Handle "force-reload" in nfs-common's init script. (ditto) + * Fix line numbers in error messages. (closes: #57717) + * Write man page for rpc.lockd. (closes: #55192) + * Fix typo in exports(5) man page. (closes: #46933) + * Add /usr/doc -> /usr/share doc links. (closes: #54983) + * Add copyright file. (closes: #55195) + * Refresh sources from upstream. + * Refine dependencies. + + -- Chip Salzenberg Sat, 26 Feb 2000 02:00:00 -0800 + +nfs-utils (1:0.1.6-1) unstable; urgency=high + + * New upstream version. + * Make nfs-kernel-server conflict with and replace knfs. + + -- Chip Salzenberg Wed, 12 Jan 2000 19:30:00 -0800 + +nfs-utils (1:0.1.5-2) unstable; urgency=high + + * Rename packages to "nfs-common" and "nfs-kernel-server". + (Previous package names were only temporary anyway.) + * Prepend "1:" to version, to override existing nfs-common. + * Remove rpc.rquotad -- it's already packaged in "quota". + + -- Chip Salzenberg Wed, 29 Dec 1999 17:00:00 -0800 + +nfs-utils (0.1.5-1) unstable; urgency=medium + + * New upstream version. + * Allow for some kernels not requiring rpc.lockd. + + -- Chip Salzenberg Sun, 19 Dec 1999 11:40:00 -0800 + +nfs-utils (0.1.4-1) unstable; urgency=low + + * New upstream version. + * Don't disable NFSv3 by default. + + -- Chip Salzenberg Fri, 10 Dec 1999 23:00:00 -0800 + +nfs-utils (0.1.3-2) unstable; urgency=low + + * Conflict with standard NFS packages. + + -- Chip Salzenberg Fri, 3 Dec 1999 22:00:00 -0800 + +nfs-utils (0.1.3-1) unstable; urgency=low + + * New upstream version. + * Start following CVS tree at SourceForge. + + -- Chip Salzenberg Fri, 3 Dec 1999 20:00:00 -0800 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..a45f291 --- /dev/null +++ b/debian/control @@ -0,0 +1,38 @@ +Source: nfs-utils +Priority: standard +Section: net +Maintainer: Chip Salzenberg +Standards-Version: 3.1.1.1 + +Package: nfs-kernel-server +Architecture: any +Depends: nfs-common (>= 1:0.1.5), ${shlibs:Depends} +Provides: knfs, nfs-server +Conflicts: knfs, nfs-server +Replaces: knfs, nfs-server +Description: Kernel NFS server support + Use this package if you have a fairly recent kernel (2.2.13 or better) + and you want to use the kernel-mode NFS server. The user-mode NFS + server in the "nfs-server" package is slower but more featureful and + easier to debug than the kernel-mode server. + . + Upstream: SourceForge project "nfs", CVS module nfs-utils. + +Package: nhfsstone +Architecture: any +Depends: nfs-common, ${shlibs:Depends} +Description: NFS benchmark program. + . + Upstream: SourceForge project "nfs", CVS module nfs-utils. + +Package: nfs-common +Architecture: any +Depends: ${shlibs:Depends} +Provides: nfs-client +Conflicts: nfs-client +Replaces: nfs-client +Description: NFS support files common to client and server + Use this package on any machine that does NFS either as client or + server. Programs included: lockd, statd, showmount, and nfsstat. + . + Upstream: SourceForge project "nfs", CVS module nfs-utils. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..2d75428 --- /dev/null +++ b/debian/copyright @@ -0,0 +1 @@ +The copyright of this package is GPL, version 2 or later. diff --git a/debian/nfs-common.conffiles b/debian/nfs-common.conffiles new file mode 100644 index 0000000..7ad0f45 --- /dev/null +++ b/debian/nfs-common.conffiles @@ -0,0 +1 @@ +/etc/init.d/nfs-common diff --git a/debian/nfs-common.dirs b/debian/nfs-common.dirs new file mode 100644 index 0000000..5e54201 --- /dev/null +++ b/debian/nfs-common.dirs @@ -0,0 +1,4 @@ +etc/init.d +sbin +usr/sbin +var/lib/nfs diff --git a/debian/nfs-common.files b/debian/nfs-common.files new file mode 100644 index 0000000..2a4dd89 --- /dev/null +++ b/debian/nfs-common.files @@ -0,0 +1,5 @@ +usr/sbin/nfsstat +usr/share/man/man8/*lockd* +usr/share/man/man8/*statd* +usr/share/man/man8/nfsstat* +usr/share/man/man8/showmount* diff --git a/debian/nfs-common.init b/debian/nfs-common.init new file mode 100755 index 0000000..a9dcb5d --- /dev/null +++ b/debian/nfs-common.init @@ -0,0 +1,73 @@ +#!/bin/sh +# +# nfs-common This shell script takes care of starting and stopping +# common daemons required for NFS clients and servers. +# +# chkconfig: 345 20 80 +# description: NFS is a popular protocol for file sharing across \ +# TCP/IP networks. This service provides NFS file \ +# locking functionality. +# + +PREFIX= + +NEED_LOCKD=yes +if test -f /proc/ksyms +then + # We need to be conservative and run lockd, + # unless we can prove that it isn't required. + grep -q lockdctl /proc/ksyms || NEED_LOCKD=no +fi + +[ -x $PREFIX/sbin/rpc.statd ] || exit 0 +[ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 + +# What is this? +DESC="NFS common utilities" + +# Make sure that daemon cwds are in root fs. +cd / + +# See how we were called. +case "$1" in + start) + printf "Starting $DESC:" + printf " statd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.statd + if [ "$NEED_LOCKD" = yes ] + then + printf " lockd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.lockd + fi + echo "." + ;; + + stop) + printf "Stopping $DESC:" + if [ "$NEED_LOCKD" = yes ] + then + printf " lockd" + start-stop-daemon --stop --oknodo --quiet \ + --name lockd --user root --signal 9 + fi + printf " statd" + start-stop-daemon --stop --oknodo --quiet \ + --exec $PREFIX/sbin/rpc.statd + echo "." + ;; + + restart | force-reload) + $0 stop + sleep 1 + $0 start + ;; + + *) + echo "Usage: nfs-common {start|stop|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/nfs-common.postinst b/debian/nfs-common.postinst new file mode 100755 index 0000000..9814bc5 --- /dev/null +++ b/debian/nfs-common.postinst @@ -0,0 +1,17 @@ +#!/bin/sh -e + +case "$1" in + configure) + test ! -d /usr/share/doc/nfs-common || + test -L /usr/doc/nfs-common || + ln -sf ../share/doc/nfs-common /usr/doc/nfs-common + + update-rc.d nfs-common defaults 19 81 >/dev/null 2>&1 + + /etc/init.d/nfs-common start + ;; + + *) + /etc/init.d/nfs-common start + ;; +esac diff --git a/debian/nfs-common.postrm b/debian/nfs-common.postrm new file mode 100755 index 0000000..31d0f79 --- /dev/null +++ b/debian/nfs-common.postrm @@ -0,0 +1,7 @@ +#!/bin/sh + +case "$1" in + purge) + update-rc.d nfs-common remove >/dev/null 2>&1 + ;; +esac diff --git a/debian/nfs-common.prerm b/debian/nfs-common.prerm new file mode 100755 index 0000000..fbdc65a --- /dev/null +++ b/debian/nfs-common.prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +[ -x /etc/init.d/nfs-common ] && /etc/init.d/nfs-common stop + +rm -f /usr/doc/nfs-common + +exit 0 diff --git a/debian/nfs-kernel-server.conffiles b/debian/nfs-kernel-server.conffiles new file mode 100644 index 0000000..804d5da --- /dev/null +++ b/debian/nfs-kernel-server.conffiles @@ -0,0 +1 @@ +/etc/init.d/nfs-kernel-server diff --git a/debian/nfs-kernel-server.dirs b/debian/nfs-kernel-server.dirs new file mode 100644 index 0000000..3378996 --- /dev/null +++ b/debian/nfs-kernel-server.dirs @@ -0,0 +1,3 @@ +etc/init.d +usr/sbin +var/lib/nfs diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init new file mode 100755 index 0000000..1626213 --- /dev/null +++ b/debian/nfs-kernel-server.init @@ -0,0 +1,83 @@ +#!/bin/sh +# +# nfs-kernel-server +# This shell script takes care of starting and stopping +# the kernel-mode NFS server. +# +# chkconfig: 345 60 20 +# description: NFS is a popular protocol for file sharing across TCP/IP \ +# networks. This service provides NFS server functionality, \ +# which is configured via the /etc/exports file. +# + +PREFIX=/usr +[ -x $PREFIX/sbin/rpc.nfsd ] || exit 0 +[ -x $PREFIX/sbin/rpc.mountd ] || exit 0 +[ -x $PREFIX/sbin/exportfs ] || exit 0 + +# What is this? +DESC="NFS kernel daemon" + +RPCNFSDCOUNT=8 # Number of servers to be started up by default +RPCMOUNTDOPTS= + +# Make sure that daemon cwds are in root fs. +cd / + +# See how we were called. +case "$1" in + start) + if grep -q '^/' /etc/exports; then + printf "Exporting directories for $DESC..." + $PREFIX/sbin/exportfs -r + echo "done." + + printf "Starting $DESC:" + printf " nfsd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT + printf " mountd" + $PREFIX/bin/rpcinfo -u localhost nfs 3 > /dev/null 2>&1 || + RPCMOUNTDOPTS="$RPCMOUNDOPTS --no-nfs-version 3" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS + echo "." + else + echo "Not starting $DESC: No exports." + fi + ;; + + stop) + printf "Stopping $DESC: mountd" + start-stop-daemon --stop --oknodo --quiet \ + --exec $PREFIX/sbin/rpc.mountd + printf " nfsd" + start-stop-daemon --stop --oknodo --quiet \ + --name nfsd --user root --signal 2 + echo "." + + printf "Unexporting directories for $DESC..." + $PREFIX/sbin/exportfs -au + echo "done." + ;; + + reload | force-reload) + printf "Re-exporting directories for $DESC..." + $PREFIX/sbin/exportfs -r + echo "done." + ;; + + restart) + $0 stop + sleep 1 + $0 start + ;; + + *) + echo "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}" + exit 1 + ;; +esac + +exit 0 + diff --git a/debian/nfs-kernel-server.postinst b/debian/nfs-kernel-server.postinst new file mode 100755 index 0000000..cc035fa --- /dev/null +++ b/debian/nfs-kernel-server.postinst @@ -0,0 +1,29 @@ +#!/bin/sh -e + +case "$1" in + configure) + test ! -d /usr/share/doc/nfs-kernel-server || + test -L /usr/doc/nfs-kernel-server || + ln -sf ../share/doc/nfs-kernel-server /usr/doc/nfs-kernel-server + + mkdir -p /var/lib/nfs + touch /var/lib/nfs/xtab /var/lib/nfs/etab /var/lib/nfs/rmtab + if test -s /etc/exports + then + : do nothing + else + cat </etc/exports +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +EOF + fi + + update-rc.d nfs-kernel-server defaults 20 80 >/dev/null 2>&1 + + /etc/init.d/nfs-kernel-server start + ;; + + *) + /etc/init.d/nfs-kernel-server start + ;; +esac diff --git a/debian/nfs-kernel-server.postrm b/debian/nfs-kernel-server.postrm new file mode 100755 index 0000000..eb6d5f2 --- /dev/null +++ b/debian/nfs-kernel-server.postrm @@ -0,0 +1,8 @@ +#!/bin/sh + +case "$1" in + purge) + update-rc.d nfs-kernel-server remove >/dev/null 2>&1 + ;; +esac + diff --git a/debian/nfs-kernel-server.prerm b/debian/nfs-kernel-server.prerm new file mode 100755 index 0000000..f4b4be3 --- /dev/null +++ b/debian/nfs-kernel-server.prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +[ -x /etc/init.d/nfs-kernel-server ] && /etc/init.d/nfs-kernel-server stop + +rm -f /usr/doc/nfs-kernel-server + +exit 0 diff --git a/debian/nhfsstone.dirs b/debian/nhfsstone.dirs new file mode 100644 index 0000000..236670a --- /dev/null +++ b/debian/nhfsstone.dirs @@ -0,0 +1 @@ +usr/sbin diff --git a/debian/nhfsstone.files b/debian/nhfsstone.files new file mode 100644 index 0000000..5d2c329 --- /dev/null +++ b/debian/nhfsstone.files @@ -0,0 +1,2 @@ +usr/sbin/nhfs* +usr/share/man/man8/nhfs* diff --git a/debian/nhfsstone.postinst b/debian/nhfsstone.postinst new file mode 100644 index 0000000..39c3096 --- /dev/null +++ b/debian/nhfsstone.postinst @@ -0,0 +1,9 @@ +#!/bin/sh -e + +case "$1" in + configure) + test ! -d /usr/share/doc/nhfsstone || + test -L /usr/doc/nhfsstone || + ln -sf ../share/doc/nhfsstone /usr/doc/nhfsstone + ;; +esac diff --git a/debian/nhfsstone.prerm b/debian/nhfsstone.prerm new file mode 100644 index 0000000..00a899e --- /dev/null +++ b/debian/nhfsstone.prerm @@ -0,0 +1,5 @@ +#!/bin/sh + +rm -f /usr/doc/nhfsstone + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9f46a9c --- /dev/null +++ b/debian/rules @@ -0,0 +1,77 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# You can use gcc 2.7.2 if it's installed, +# but I don't think that's necessary any more. +#SETGCC := CC=$(notdir $(shell which gcc272 gcc 2>/dev/null | sed '1q')) + +# Temporary root +DEBTMP := $(shell pwd)/debian/tmp + +build: build-stamp +build-stamp: + dh_testdir + # Add here commands to compile the package. + $(SETGCC) ./configure \ + --mandir='$${prefix}/share/man' \ + --enable-secure-statd + $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + # Add here commands to clean up after the build process. + -$(MAKE) distclean + dh_clean + +# Build architecture-independent files here. +binary-indep: build +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + # Add here commands to install the files into debian/tmp + $(MAKE) install_prefix='$(DEBTMP)' install + dh_movefiles + # Fixups Start Here # + cd debian && \ + for f in rpc.lockd rpc.statd showmount; do \ + mv tmp/usr/sbin/$$f nfs-common/sbin/$$f; \ + done; \ + rm -f tmp/usr/sbin/*quota*; \ + rm -f tmp/usr/share/man/man8/*quota*; \ + rm -rf tmp/var/lib/nfs/* + # Fixups End Here # + dh_installdocs ChangeLog README + dh_installexamples +# dh_installmenu + dh_installinit -n +# dh_installcron +# dh_installmanpages +# dh_undocumented + dh_installchangelogs + dh_strip + dh_suidregister + dh_compress + dh_fixperms + dh_installdeb +# dh_makeshlibs + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary -- 2.39.2 From 25f30caad17b6379a462d567b242e961082e1485 Mon Sep 17 00:00:00 2001 From: chip Date: Fri, 25 Aug 2000 17:39:27 +0000 Subject: [PATCH 08/16] Full debian build files are now in /debian. --- etc/debian/nfs-common | 73 ------------------------------- etc/debian/nfs-kernel-server | 84 ------------------------------------ 2 files changed, 157 deletions(-) delete mode 100644 etc/debian/nfs-common delete mode 100644 etc/debian/nfs-kernel-server diff --git a/etc/debian/nfs-common b/etc/debian/nfs-common deleted file mode 100644 index a9dcb5d..0000000 --- a/etc/debian/nfs-common +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -# -# nfs-common This shell script takes care of starting and stopping -# common daemons required for NFS clients and servers. -# -# chkconfig: 345 20 80 -# description: NFS is a popular protocol for file sharing across \ -# TCP/IP networks. This service provides NFS file \ -# locking functionality. -# - -PREFIX= - -NEED_LOCKD=yes -if test -f /proc/ksyms -then - # We need to be conservative and run lockd, - # unless we can prove that it isn't required. - grep -q lockdctl /proc/ksyms || NEED_LOCKD=no -fi - -[ -x $PREFIX/sbin/rpc.statd ] || exit 0 -[ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 - -# What is this? -DESC="NFS common utilities" - -# Make sure that daemon cwds are in root fs. -cd / - -# See how we were called. -case "$1" in - start) - printf "Starting $DESC:" - printf " statd" - start-stop-daemon --start --quiet \ - --exec $PREFIX/sbin/rpc.statd - if [ "$NEED_LOCKD" = yes ] - then - printf " lockd" - start-stop-daemon --start --quiet \ - --exec $PREFIX/sbin/rpc.lockd - fi - echo "." - ;; - - stop) - printf "Stopping $DESC:" - if [ "$NEED_LOCKD" = yes ] - then - printf " lockd" - start-stop-daemon --stop --oknodo --quiet \ - --name lockd --user root --signal 9 - fi - printf " statd" - start-stop-daemon --stop --oknodo --quiet \ - --exec $PREFIX/sbin/rpc.statd - echo "." - ;; - - restart | force-reload) - $0 stop - sleep 1 - $0 start - ;; - - *) - echo "Usage: nfs-common {start|stop|restart}" - exit 1 - ;; -esac - -exit 0 diff --git a/etc/debian/nfs-kernel-server b/etc/debian/nfs-kernel-server deleted file mode 100644 index 826e126..0000000 --- a/etc/debian/nfs-kernel-server +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -# -# nfs-kernel-server -# This shell script takes care of starting and stopping -# the kernel-mode NFS server. -# -# chkconfig: 345 60 20 -# description: NFS is a popular protocol for file sharing across TCP/IP \ -# networks. This service provides NFS server functionality, \ -# which is configured via the /etc/exports file. -# - -PREFIX=/usr -[ -x $PREFIX/sbin/rpc.nfsd ] || exit 0 -[ -x $PREFIX/sbin/rpc.mountd ] || exit 0 -[ -x $PREFIX/sbin/exportfs ] || exit 0 - -# What is this? -DESC="NFS kernel daemon" - -RPCNFSDCOUNT=8 # Number of servers to be started up by default -RPCMOUNTDOPTS= - -# Make sure that daemon cwds are in root fs. -cd / - -# See how we were called. -case "$1" in - start) - if grep -q '^/' /etc/exports; then - printf "Exporting directories for $DESC..." - $PREFIX/sbin/exportfs -r - echo "done." - - printf "Starting $DESC:" - printf " nfsd" - start-stop-daemon --start --quiet \ - --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT - printf " mountd" - $PREFIX/bin/rpcinfo -u localhost nfs 3 > /dev/null 2>&1 || - RPCMOUNTDOPTS="$RPCMOUNDOPTS --no-nfs-version 3" - start-stop-daemon --start --quiet \ - --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS - echo "." - - else - echo "Not starting $DESC: No exports." - fi - ;; - - stop) - printf "Stopping $DESC: mountd" - start-stop-daemon --stop --oknodo --quiet \ - --exec $PREFIX/sbin/rpc.mountd - printf " nfsd" - start-stop-daemon --stop --oknodo --quiet \ - --name nfsd --user root --signal 2 - echo "." - - printf "Unexporting directories for $DESC..." - $PREFIX/sbin/exportfs -au - echo "done." - ;; - - reload | force-reload) - printf "Re-exporting directories for $DESC..." - $PREFIX/sbin/exportfs -r - echo "done." - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - *) - echo "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}" - exit 1 - ;; -esac - -exit 0 - -- 2.39.2 From 764e46f5c5fe1a6e376f4cd350424f33afc9e838 Mon Sep 17 00:00:00 2001 From: hjl Date: Fri, 25 Aug 2000 23:10:40 +0000 Subject: [PATCH 09/16] 2000-08-25 H.J. Lu * support/include/tcpwrapper.h: New for the tcp wrapper support. * support/misc/Makefile: Likewise. * support/misc/from_local.c: Likewise. * support/misc/tcpwrapper.c: Likewise. * aclocal.m4 (AC_TCP_WRAPPER): New. * configure.in: Use it. Substitute LIBWRAP. * configure: Rebuilt. * config.mk.in (LIBNSL): New. (LIBWRAP): Likewise. * support/Makefile (SUBDIRS): Add misc. * support/lib/Makefile (LIBS): Add libmisc.a. * utils/rquotad/Makefile (LIBS): Add -lmisc $(LIBWRAP) $(LIBNSL) * utils/statd/Makefile (LIBS): Likewise. * utils/rquotad/rquota_svc.c: Include "tcpwrapper.h" if HAVE_TCP_WRAPPER is defined. (rquotaprog_1): Call check_default () if HAVE_TCP_WRAPPER is defined. Reject an RPC call if check_default () fails. * utils/statd/statd.c: Include "tcpwrapper.h" if HAVE_TCP_WRAPPER is defined. (sm_prog_1_wrapper): New. A wrapper for sm_prog_1. Call check_default () before calling sm_prog_1 (). Define it as sm_prog_1_wrapper if HAVE_TCP_WRAPPER is defined. --- ChangeLog | 36 +++++ aclocal.m4 | 21 ++- config.mk.in | 2 + configure | 163 +++++++++++++--------- configure.in | 3 + support/Makefile | 2 +- support/include/tcpwrapper.h | 18 +++ support/lib/Makefile | 2 +- support/misc/Makefile | 11 ++ support/misc/from_local.c | 188 +++++++++++++++++++++++++ support/misc/tcpwrapper.c | 256 +++++++++++++++++++++++++++++++++++ utils/rquotad/Makefile | 2 +- utils/rquotad/rquota_svc.c | 13 ++ utils/statd/Makefile | 2 +- utils/statd/statd.c | 21 ++- 15 files changed, 667 insertions(+), 73 deletions(-) create mode 100644 support/include/tcpwrapper.h create mode 100644 support/misc/Makefile create mode 100644 support/misc/from_local.c create mode 100644 support/misc/tcpwrapper.c diff --git a/ChangeLog b/ChangeLog index 8b6e4af..1fe0a6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,39 @@ +2000-08-25 H.J. Lu + + * support/include/tcpwrapper.h: New for the tcp wrapper + support. + * support/misc/Makefile: Likewise. + * support/misc/from_local.c: Likewise. + * support/misc/tcpwrapper.c: Likewise. + + * aclocal.m4 (AC_TCP_WRAPPER): New. + * configure.in: Use it. Substitute LIBWRAP. + * configure: Rebuilt. + + * config.mk.in (LIBNSL): New. + (LIBWRAP): Likewise. + + * support/Makefile (SUBDIRS): Add misc. + + * support/lib/Makefile (LIBS): Add libmisc.a. + + * utils/rquotad/Makefile (LIBS): Add + + -lmisc $(LIBWRAP) $(LIBNSL) + + * utils/statd/Makefile (LIBS): Likewise. + + * utils/rquotad/rquota_svc.c: Include "tcpwrapper.h" if + HAVE_TCP_WRAPPER is defined. + (rquotaprog_1): Call check_default () if HAVE_TCP_WRAPPER is + defined. Reject an RPC call if check_default () fails. + + * utils/statd/statd.c: Include "tcpwrapper.h" if + HAVE_TCP_WRAPPER is defined. + (sm_prog_1_wrapper): New. A wrapper for sm_prog_1. Call + check_default () before calling sm_prog_1 (). Define it as + sm_prog_1_wrapper if HAVE_TCP_WRAPPER is defined. + 2000-08-25 Chip Salzenberg * debian/*: Complete Debian build support. diff --git a/aclocal.m4 b/aclocal.m4 index baa54d1..7a4df46 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -52,7 +52,7 @@ dnl ** we have to include sys/types.h. Ugh. define(AC_DEV_T_SIZE, [AC_MSG_CHECKING(size of dev_t) AC_CACHE_VAL(ac_cv_sizeof_dev_t, - [AC_TRY_RUN( + [AC_TRY_LINK( [#include #include main() @@ -118,3 +118,22 @@ define([AC_BSD_SIGNALS], AC_MSG_RESULT($knfsd_cv_bsd_signals) test $knfsd_cv_bsd_signals = yes && AC_DEFINE(HAVE_BSD_SIGNALS) ])dnl +dnl *********** the tcp wrapper library *************** +define(AC_TCP_WRAPPER, + [AC_MSG_CHECKING(for the tcp wrapper library) + AC_CACHE_VAL(knfsd_cv_tcp_wrapper, + [old_LIBS="$LIBS" + LIBS="$LIBS -lwrap $LIBNSL" + AC_TRY_LINK([ + int deny_severity = 0; + int allow_severity = 0;], + [return hosts_ctl ("nfsd", "", "")], + knfsd_cv_tcp_wrapper=yes, knfsd_cv_tcp_wrapper=no) + LDFLAGS="$old_LDFLAGS"]) + AC_MSG_RESULT($knfsd_cv_tcp_wrapper) + if test "$knfsd_cv_tcp_wrapper" = yes; then + CFLAGS="$CFLAGS -DHAVE_TCP_WRAPPER" + CXXFLAGS="$CXXFLAGS -DHAVE_TCP_WRAPPER" + LIBWRAP="-lwrap" + fi +]) dnl diff --git a/config.mk.in b/config.mk.in index 299170f..85e302a 100644 --- a/config.mk.in +++ b/config.mk.in @@ -29,6 +29,8 @@ MANGROUP = root # Various libs LIBBSD = @LIBBSD@ +LIBNSL = @LIBNSL@ +LIBWRAP = @LIBWRAP@ ################# END OF USER SERVICEABLE PARTS ################## ALLTARGETS = all clean distclean install installman \ diff --git a/configure b/configure index 4a17bdb..c624d88 100755 --- a/configure +++ b/configure @@ -37,7 +37,6 @@ program_suffix=NONE program_transform_name=s,x,x, silent= site= -sitefile= srcdir= target=NONE verbose= @@ -152,7 +151,6 @@ Configuration: --help print this message --no-create do not create output files --quiet, --silent do not print \`checking...' messages - --site-file=FILE use FILE as the site file --version print the version of autoconf that created configure Directory and file names: --prefix=PREFIX install architecture-independent files in PREFIX @@ -323,11 +321,6 @@ EOF -site=* | --site=* | --sit=*) site="$ac_optarg" ;; - -site-file | --site-file | --site-fil | --site-fi | --site-f) - ac_prev=sitefile ;; - -site-file=* | --site-file=* | --site-fil=* | --site-fi=* | --site-f=*) - sitefile="$ac_optarg" ;; - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) @@ -493,16 +486,12 @@ fi srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` # Prefer explicitly selected file to automatically selected ones. -if test -z "$sitefile"; then - if test -z "$CONFIG_SITE"; then - if test "x$prefix" != xNONE; then - CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" - else - CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" - fi +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi -else - CONFIG_SITE="$sitefile" fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then @@ -602,7 +591,7 @@ EOF # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:606: checking for $ac_word" >&5 +echo "configure:595: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -632,7 +621,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:636: checking for $ac_word" >&5 +echo "configure:625: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -683,7 +672,7 @@ fi # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:687: checking for $ac_word" >&5 +echo "configure:676: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -715,7 +704,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:719: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:708: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -726,12 +715,12 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext << EOF -#line 730 "configure" +#line 719 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -757,12 +746,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:761: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:750: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:766: checking whether we are using GNU C" >&5 +echo "configure:755: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -771,7 +760,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:775: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:764: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -790,7 +779,7 @@ ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:794: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:783: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -826,7 +815,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:830: checking for $ac_word" >&5 +echo "configure:819: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CXX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -858,7 +847,7 @@ test -n "$CXX" || CXX="gcc" echo $ac_n "checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:862: checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) works" >&5 +echo "configure:851: checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) works" >&5 ac_ext=C # CXXFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -869,12 +858,12 @@ cross_compiling=$ac_cv_prog_cxx_cross cat > conftest.$ac_ext << EOF -#line 873 "configure" +#line 862 "configure" #include "confdefs.h" int main(){return(0);} EOF -if { (eval echo configure:878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cxx_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -900,12 +889,12 @@ if test $ac_cv_prog_cxx_works = no; then { echo "configure: error: installation or configuration problem: C++ compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:904: checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:893: checking whether the C++ compiler ($CXX $CXXFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cxx_cross" 1>&6 cross_compiling=$ac_cv_prog_cxx_cross echo $ac_n "checking whether we are using GNU C++""... $ac_c" 1>&6 -echo "configure:909: checking whether we are using GNU C++" >&5 +echo "configure:898: checking whether we are using GNU C++" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gxx'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -914,7 +903,7 @@ else yes; #endif EOF -if { ac_try='${CXX-g++} -E conftest.C'; { (eval echo configure:918: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CXX-g++} -E conftest.C'; { (eval echo configure:907: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gxx=yes else ac_cv_prog_gxx=no @@ -933,7 +922,7 @@ ac_test_CXXFLAGS="${CXXFLAGS+set}" ac_save_CXXFLAGS="$CXXFLAGS" CXXFLAGS= echo $ac_n "checking whether ${CXX-g++} accepts -g""... $ac_c" 1>&6 -echo "configure:937: checking whether ${CXX-g++} accepts -g" >&5 +echo "configure:926: checking whether ${CXX-g++} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cxx_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -965,7 +954,7 @@ else fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:969: checking how to run the C preprocessor" >&5 +echo "configure:958: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -980,13 +969,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:990: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:979: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -997,13 +986,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1007: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:996: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1014,13 +1003,13 @@ else rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1024: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1013: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1075,7 +1064,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:1079: checking for a BSD compatible install" >&5 +echo "configure:1068: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1128,12 +1117,12 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1132: checking for ANSI C header files" >&5 +echo "configure:1121: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1141,7 +1130,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1134: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1158,7 +1147,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1176,7 +1165,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1197,7 +1186,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1208,7 +1197,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:1212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1232,12 +1221,12 @@ EOF fi echo $ac_n "checking for GNU libc2""... $ac_c" 1>&6 -echo "configure:1236: checking for GNU libc2" >&5 +echo "configure:1225: checking for GNU libc2" >&5 if eval "test \"`echo '$''{'knfsd_cv_glibc2'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -1246,7 +1235,7 @@ else #endif EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1239: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1269,7 +1258,7 @@ fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1273: checking for main in -lsocket" >&5 +echo "configure:1262: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1277,14 +1266,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1305,7 +1294,7 @@ else fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1309: checking for main in -lnsl" >&5 +echo "configure:1298: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1313,14 +1302,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1341,7 +1330,7 @@ else fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1345: checking for crypt in -lcrypt" >&5 +echo "configure:1334: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1349,7 +1338,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1353: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1382,7 +1371,7 @@ fi if test "$knfsd_cv_glibc2" = no; then echo $ac_n "checking for daemon in -lbsd""... $ac_c" 1>&6 -echo "configure:1386: checking for daemon in -lbsd" >&5 +echo "configure:1375: checking for daemon in -lbsd" >&5 ac_lib_var=`echo bsd'_'daemon | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1390,7 +1379,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1394: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1427,16 +1416,55 @@ fi +echo $ac_n "checking for the tcp wrapper library""... $ac_c" 1>&6 +echo "configure:1421: checking for the tcp wrapper library" >&5 + if eval "test \"`echo '$''{'knfsd_cv_tcp_wrapper'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + old_LIBS="$LIBS" + LIBS="$LIBS -lwrap $LIBNSL" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + knfsd_cv_tcp_wrapper=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + knfsd_cv_tcp_wrapper=no +fi +rm -f conftest* + LDFLAGS="$old_LDFLAGS" +fi + + echo "$ac_t""$knfsd_cv_tcp_wrapper" 1>&6 + if test "$knfsd_cv_tcp_wrapper" = yes; then + CFLAGS="$CFLAGS -DHAVE_TCP_WRAPPER" + CXXFLAGS="$CXXFLAGS -DHAVE_TCP_WRAPPER" + LIBWRAP="-lwrap" + fi + + + for ac_func in innetgr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1435: checking for $ac_func" >&5 +echo "configure:1463: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1491: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1640,6 +1668,7 @@ s%@LIBSOCKET@%$LIBSOCKET%g s%@LIBNSL@%$LIBNSL%g s%@LIBCRYPT@%$LIBCRYPT%g s%@LIBBSD@%$LIBBSD%g +s%@LIBWRAP@%$LIBWRAP%g CEOF EOF diff --git a/configure.in b/configure.in index b6298d9..3ca9f21 100644 --- a/configure.in +++ b/configure.in @@ -64,6 +64,9 @@ AC_SUBST(LIBNSL) AC_SUBST(LIBCRYPT) AC_SUBST(LIBBSD) +AC_TCP_WRAPPER +AC_SUBST(LIBWRAP) + dnl ************************************************************* dnl Check for headers dnl ************************************************************* diff --git a/support/Makefile b/support/Makefile index 6b8598b..37b6359 100644 --- a/support/Makefile +++ b/support/Makefile @@ -2,7 +2,7 @@ # Makefile for linux-nfs/support # -SUBDIRS = include nfs export lib +SUBDIRS = include nfs export lib misc .DEFAULT: all include $(TOP)rules.mk diff --git a/support/include/tcpwrapper.h b/support/include/tcpwrapper.h new file mode 100644 index 0000000..98cf806 --- /dev/null +++ b/support/include/tcpwrapper.h @@ -0,0 +1,18 @@ +#ifndef TCP_WRAPPER_H +#define TCP_WRAPPER_H + +#include +#include +#include + +extern int verboselog; + +extern int allow_severity; +extern int deny_severity; + +extern int good_client(char *daemon, struct sockaddr_in *addr); +extern int from_local (struct sockaddr_in *addr); +extern int check_default(char *daemon, struct sockaddr_in *addr, + u_long proc, u_long prog); + +#endif /* TCP_WRAPPER_H */ diff --git a/support/lib/Makefile b/support/lib/Makefile index b5fa14a..2eeb93b 100644 --- a/support/lib/Makefile +++ b/support/lib/Makefile @@ -1,7 +1,7 @@ include $(TOP)rules.mk -LIBS = libnfs.a libexport.a +LIBS = libnfs.a libexport.a libmisc.a all install:: $(LIBS) @: diff --git a/support/misc/Makefile b/support/misc/Makefile new file mode 100644 index 0000000..b2f73f8 --- /dev/null +++ b/support/misc/Makefile @@ -0,0 +1,11 @@ +# +# linux-nfs/support/misc/Makefile +# + +LIBNAME = libmisc.a +OBJS = tcpwrapper.o from_local.o + +include $(TOP)rules.mk + +install:: + @: diff --git a/support/misc/from_local.c b/support/misc/from_local.c new file mode 100644 index 0000000..56478d7 --- /dev/null +++ b/support/misc/from_local.c @@ -0,0 +1,188 @@ + /* + * Check if an address belongs to the local system. Adapted from: + * + * @(#)pmap_svc.c 1.32 91/03/11 Copyright 1984,1990 Sun Microsystems, Inc. + * @(#)get_myaddress.c 2.1 88/07/29 4.0 RPCSRC. + */ + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + */ + +#ifndef lint +static char sccsid[] = "@(#) from_local.c 1.3 96/05/31 15:52:57"; +#endif + +#ifdef TEST +#undef perror +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef TRUE +#define TRUE 1 +#define FALSE 0 +#endif + + /* + * With virtual hosting, each hardware network interface can have multiple + * network addresses. On such machines the number of machine addresses can + * be surprisingly large. + */ +static int num_local; +static int num_addrs; +static struct in_addr *addrs; + +/* grow_addrs - extend list of local interface addresses */ + +static int grow_addrs() +{ + struct in_addr *new_addrs; + int new_num; + + /* + * Keep the previous result if we run out of memory. The system would + * really get hosed if we simply give up. + */ + new_num = (addrs == 0) ? 1 : num_addrs + num_addrs; + new_addrs = (struct in_addr *) malloc(sizeof(*addrs) * new_num); + if (new_addrs == 0) { + perror("portmap: out of memory"); + return (0); + } else { + if (addrs != 0) { + memcpy((char *) new_addrs, (char *) addrs, + sizeof(*addrs) * num_addrs); + free((char *) addrs); + } + num_addrs = new_num; + addrs = new_addrs; + return (1); + } +} + +/* find_local - find all IP addresses for this host */ +static int +find_local() +{ + struct ifconf ifc; + struct ifreq ifreq; + struct ifreq *ifr; + struct ifreq *the_end; + int sock; + char buf[BUFSIZ]; + + /* + * Get list of network interfaces. We use a huge buffer to allow for the + * presence of non-IP interfaces. + */ + + if ((sock = socket(PF_INET, SOCK_DGRAM, 0)) < 0) { + perror("socket"); + return (0); + } + ifc.ifc_len = sizeof(buf); + ifc.ifc_buf = buf; + if (ioctl(sock, SIOCGIFCONF, (char *) &ifc) < 0) { + perror("SIOCGIFCONF"); + (void) close(sock); + return (0); + } + /* Get IP address of each active IP network interface. */ + + the_end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); + num_local = 0; + for (ifr = ifc.ifc_req; ifr < the_end; ifr++) { + if (ifr->ifr_addr.sa_family == AF_INET) { /* IP net interface */ + ifreq = *ifr; + if (ioctl(sock, SIOCGIFFLAGS, (char *) &ifreq) < 0) { + perror("SIOCGIFFLAGS"); + } else if (ifreq.ifr_flags & IFF_UP) { /* active interface */ + if (ioctl(sock, SIOCGIFADDR, (char *) &ifreq) < 0) { + perror("SIOCGIFADDR"); + } else { + if (num_local >= num_addrs) + if (grow_addrs() == 0) + break; + addrs[num_local++] = ((struct sockaddr_in *) + & ifreq.ifr_addr)->sin_addr; + } + } + } + /* Support for variable-length addresses. */ +#ifdef HAS_SA_LEN + ifr = (struct ifreq *) ((caddr_t) ifr + + ifr->ifr_addr.sa_len - sizeof(struct sockaddr)); +#endif + } + (void) close(sock); + return (num_local); +} + +/* from_local - determine whether request comes from the local system */ +int +from_local(addr) +struct sockaddr_in *addr; +{ + int i; + + if (addrs == 0 && find_local() == 0) + syslog(LOG_ERR, "cannot find any active local network interfaces"); + + for (i = 0; i < num_local; i++) { + if (memcmp((char *) &(addr->sin_addr), (char *) &(addrs[i]), + sizeof(struct in_addr)) == 0) + return (TRUE); + } + return (FALSE); +} + +#ifdef TEST + +main() +{ + char *inet_ntoa(); + int i; + + find_local(); + for (i = 0; i < num_local; i++) + printf("%s\n", inet_ntoa(addrs[i])); +} + +#endif diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c new file mode 100644 index 0000000..498a829 --- /dev/null +++ b/support/misc/tcpwrapper.c @@ -0,0 +1,256 @@ +/* This is copied from portmap 4.0-29 in RedHat. */ + + /* + * pmap_check - additional portmap security. + * + * Always reject non-local requests to update the portmapper tables. + * + * Refuse to forward mount requests to the nfs mount daemon. Otherwise, the + * requests would appear to come from the local system, and nfs export + * restrictions could be bypassed. + * + * Refuse to forward requests to the nfsd process. + * + * Refuse to forward requests to NIS (YP) daemons; The only exception is the + * YPPROC_DOMAIN_NONACK broadcast rpc call that is used to establish initial + * contact with the NIS server. + * + * Always allocate an unprivileged port when forwarding a request. + * + * If compiled with -DCHECK_PORT, require that requests to register or + * unregister a privileged port come from a privileged port. This makes it + * more difficult to replace a critical service by a trojan. + * + * If compiled with -DHOSTS_ACCESS, reject requests from hosts that are not + * authorized by the /etc/hosts.{allow,deny} files. The local system is + * always treated as an authorized host. The access control tables are never + * consulted for requests from the local system, and are always consulted + * for requests from other hosts. Access control is based on IP addresses + * only; attempts to map an address to a host name might cause the + * portmapper to hang. + * + * Author: Wietse Venema (wietse@wzv.win.tue.nl), dept. of Mathematics and + * Computing Science, Eindhoven University of Technology, The Netherlands. + */ + +#include "tcpwrapper.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef SYSV40 +#include +#include +#endif + +static void logit(); +static void toggle_verboselog(); +int verboselog = 0; +int allow_severity = LOG_INFO; +int deny_severity = LOG_WARNING; + +/* A handful of macros for "readability". */ + +/* coming from libwrap.a (tcp_wrappers) */ +extern int hosts_ctl(char *daemon, char *name, char *addr, char *user); + +#define legal_port(a,p) \ + (ntohs((a)->sin_port) < IPPORT_RESERVED || (p) >= IPPORT_RESERVED) + +#define log_bad_port(addr, proc, prog) \ + logit(deny_severity, addr, proc, prog, ": request from unprivileged port") + +#define log_bad_host(addr, proc, prog) \ + logit(deny_severity, addr, proc, prog, ": request from unauthorized host") + +#define log_bad_owner(addr, proc, prog) \ + logit(deny_severity, addr, proc, prog, ": request from non-local host") + +#define log_no_forward(addr, proc, prog) \ + logit(deny_severity, addr, proc, prog, ": request not forwarded") + +#define log_client(addr, proc, prog) \ + logit(allow_severity, addr, proc, prog, "") + +int +good_client(daemon, addr) +char *daemon; +struct sockaddr_in *addr; +{ + struct hostent *hp; + char **sp; + char *tmpname; + + /* Check the IP address first. */ + if (hosts_ctl(daemon, "", inet_ntoa(addr->sin_addr), "")) + return 1; + + /* Check the hostname. */ + hp = gethostbyaddr ((const char *) &(addr->sin_addr), + sizeof (addr->sin_addr), AF_INET); + + if (!hp) + return 0; + + /* must make sure the hostent is authorative. */ + tmpname = alloca (strlen (hp->h_name) + 1); + strcpy (tmpname, hp->h_name); + hp = gethostbyname(tmpname); + if (hp) { + /* now make sure the "addr->sin_addr" is on the list */ + for (sp = hp->h_addr_list ; *sp ; sp++) { + if (memcmp(*sp, &(addr->sin_addr), hp->h_length)==0) + break; + } + if (!*sp) + /* it was a FAKE. */ + return 0; + } + else + /* never heard of it. misconfigured DNS? */ + return 0; + + /* Check the official name first. */ + if (hosts_ctl(daemon, "", hp->h_name, "")) + return 1; + + /* Check aliases. */ + for (sp = hp->h_aliases; *sp ; sp++) { + if (hosts_ctl(daemon, "", *sp, "")) + return 1; + } + + /* No match */ + return 0; +} + +/* check_startup - additional startup code */ + +void check_startup() +{ + + /* + * Give up root privileges so that we can never allocate a privileged + * port when forwarding an rpc request. + * + * Fix 8/3/00 Philipp Knirsch: First lookup our rpc user. If we find it, + * switch to that uid, otherwise simply resue the old bin user and print + * out a warning in syslog. + */ + + struct passwd *pwent; + + pwent = getpwnam("rpc"); + if (pwent == NULL) { + syslog(LOG_WARNING, "user rpc not found, reverting to user bin"); + if (setuid(1) == -1) { + syslog(LOG_ERR, "setuid(1) failed: %m"); + exit(1); + } + } + else { + if (setuid(pwent->pw_uid) == -1) { + syslog(LOG_WARNING, "setuid() to rpc user failed: %m"); + if (setuid(1) == -1) { + syslog(LOG_ERR, "setuid(1) failed: %m"); + exit(1); + } + } + } + + (void) signal(SIGINT, toggle_verboselog); +} + +/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ + +int +check_default(daemon, addr, proc, prog) +char *daemon; +struct sockaddr_in *addr; +u_long proc; +u_long prog; +{ + if (!(from_local(addr) || good_client(daemon, addr))) { + log_bad_host(addr, proc, prog); + return (FALSE); + } + if (verboselog) + log_client(addr, proc, prog); + return (TRUE); +} + +/* check_privileged_port - additional checks for privileged-port updates */ +int +check_privileged_port(addr, proc, prog, port) +struct sockaddr_in *addr; +u_long proc; +u_long prog; +u_long port; +{ +#ifdef CHECK_PORT + if (!legal_port(addr, port)) { + log_bad_port(addr, proc, prog); + return (FALSE); + } +#endif + return (TRUE); +} + +/* toggle_verboselog - toggle verbose logging flag */ + +static void toggle_verboselog(sig) +int sig; +{ + (void) signal(sig, toggle_verboselog); + verboselog = !verboselog; +} + +/* logit - report events of interest via the syslog daemon */ + +static void logit(severity, addr, procnum, prognum, text) +int severity; +struct sockaddr_in *addr; +u_long procnum; +u_long prognum; +char *text; +{ + char *procname; + char procbuf[4 * sizeof(u_long)]; + char *progname; + char progbuf[4 * sizeof(u_long)]; + struct rpcent *rpc; + + /* + * Fork off a process or the portmap daemon might hang while + * getrpcbynumber() or syslog() does its thing. + */ + + if (fork() == 0) { + + /* Try to map program number to name. */ + + if (prognum == 0) { + progname = ""; + } else if ((rpc = getrpcbynumber((int) prognum))) { + progname = rpc->r_name; + } else { + sprintf(progname = progbuf, "%lu", prognum); + } + + /* Try to map procedure number to name. */ + + sprintf(procname = procbuf, "%lu", (u_long) procnum); + + /* Write syslog record. */ + + syslog(severity, "connect from %s to %s(%s)%s", + inet_ntoa(addr->sin_addr), procname, progname, text); + exit(0); + } +} diff --git a/utils/rquotad/Makefile b/utils/rquotad/Makefile index 1572655..82928b6 100644 --- a/utils/rquotad/Makefile +++ b/utils/rquotad/Makefile @@ -8,6 +8,6 @@ OBJS = rquota_server.o rquota_svc.o rquota_xdr.o quotactl.o hasquota.o DEPLIBS = MAN8 = rquotad -LIBS += -lnfs $(LIBBSD) +LIBS += -lnfs -lmisc $(LIBBSD) $(LIBWRAP) $(LIBNSL) include $(TOP)rules.mk diff --git a/utils/rquotad/rquota_svc.c b/utils/rquotad/rquota_svc.c index d402f0b..81b6928 100644 --- a/utils/rquotad/rquota_svc.c +++ b/utils/rquotad/rquota_svc.c @@ -20,6 +20,10 @@ */ #include "config.h" +#ifdef HAVE_TCP_WRAPPER +#include "tcpwrapper.h" +#endif + #include #include #include "rquota.h" @@ -59,6 +63,15 @@ static void rquotaprog_1(struct svc_req *rqstp, register SVCXPRT *transp) xdrproc_t xdr_argument, xdr_result; char *(*local)(char *, struct svc_req *); +#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ + if (!check_default("rquotad", svc_getcaller(transp), + rqstp->rq_proc, (u_long) 0)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +#endif + /* * Don't bother authentication for NULLPROC. */ diff --git a/utils/statd/Makefile b/utils/statd/Makefile index 3a3a794..211e22d 100644 --- a/utils/statd/Makefile +++ b/utils/statd/Makefile @@ -16,7 +16,7 @@ PROGRAM = statd PREFIX = rpc. OBJS = $(SRCS:.c=.o) CCOPTS = $(DEBUG) $(SIMUL) -LIBS = -lexport +LIBS = -lexport -lmisc $(LIBWRAP) $(LIBNSL) SRCS = $(RPCSRCS) $(SIMSRCS) \ callback.c notlist.c log.c misc.c monitor.c notify.c simu.c \ diff --git a/utils/statd/statd.c b/utils/statd/statd.c index 91cb3bc..d07a260 100644 --- a/utils/statd/statd.c +++ b/utils/statd/statd.c @@ -21,13 +21,32 @@ int _rpcpmstart = 0; /* flags for tirpc rpcgen */ int _rpcfdtype = 0; int _rpcsvcdirty = 0; -extern void sm_prog_1 (struct svc_req *, register SVCXPRT); +extern void sm_prog_1 (struct svc_req *, register SVCXPRT *); #ifdef SIMULATIONS extern void simulator (int, char **); #endif +#ifdef HAVE_TCP_WRAPPER +#include "tcpwrapper.h" + +static void +sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) +{ + /* remote host authorization check */ + if (!check_default("statd", svc_getcaller(transp), + rqstp->rq_proc, (u_long) 0)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } + + sm_prog_1 (rqstp, transp); +} + +#define sm_prog_1 sm_prog_1_wrapper +#endif + /* * Signal handler. */ -- 2.39.2 From 5591654c71e7e2e5959c8718a7e880516b9081e8 Mon Sep 17 00:00:00 2001 From: hjl Date: Sat, 26 Aug 2000 04:09:40 +0000 Subject: [PATCH 10/16] 2000-08-25 Ion Badulescu * utils/rquotad/rquotad.man, utils/statd/statd.man, utils/mountd/mountd.man: updated * utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL) * utils/rquotad/Makefile: fix comment * support/misc/tcpwrapper.c (logit): added comment about waiting for the children after fork() * utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving zombies behind (from logit()'s fork) * utils/rquotad/rquota_svc.c (main): ditto * utils/statd/statd.c (main): ditto * utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG to check_default instead of 0, for prognum * utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG to check_default instead of 0, for prognum * utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if HAVE_TCP_WRAPPER is defined. (mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is defined. Reject an RPC call if check_default () fails. --- ChangeLog | 27 ++++++++++++ support/misc/tcpwrapper.c | 2 + utils/mountd/Makefile | 2 +- utils/mountd/mount_dispatch.c | 13 ++++++ utils/mountd/mountd.c | 2 + utils/mountd/mountd.man | 81 ++++++++++++++++++++++++++++------- utils/rquotad/Makefile | 2 +- utils/rquotad/rquota_svc.c | 15 ++++++- utils/rquotad/rquotad.man | 56 ++++++++++++++++++------ utils/statd/statd.c | 4 +- utils/statd/statd.man | 28 +++++++++++- 11 files changed, 199 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1fe0a6b..6561cf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,30 @@ +2000-08-25 Ion Badulescu + + * utils/rquotad/rquotad.man, utils/statd/statd.man, + utils/mountd/mountd.man: updated + + * utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL) + * utils/rquotad/Makefile: fix comment + + * support/misc/tcpwrapper.c (logit): added comment about waiting + for the children after fork() + + * utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving + zombies behind (from logit()'s fork) + * utils/rquotad/rquota_svc.c (main): ditto + * utils/statd/statd.c (main): ditto + + * utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG + to check_default instead of 0, for prognum + + * utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG + to check_default instead of 0, for prognum + + * utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if + HAVE_TCP_WRAPPER is defined. + (mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is + defined. Reject an RPC call if check_default () fails. + 2000-08-25 H.J. Lu * support/include/tcpwrapper.h: New for the tcp wrapper diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index 498a829..ba76864 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -229,6 +229,8 @@ char *text; /* * Fork off a process or the portmap daemon might hang while * getrpcbynumber() or syslog() does its thing. + * + * Don't forget to wait for the children, too... */ if (fork() == 0) { diff --git a/utils/mountd/Makefile b/utils/mountd/Makefile index 93529a0..49b9900 100644 --- a/utils/mountd/Makefile +++ b/utils/mountd/Makefile @@ -6,7 +6,7 @@ PROGRAM = mountd PREFIX = rpc. OBJS = mountd.o mount_dispatch.o auth.o rmtab.o LIBDEPS = $(TOP)support/lib/libexport.a $(TOP)/support/lib/libnfs.a -LIBS = -lexport -lnfs +LIBS = -lexport -lnfs -lmisc $(LIBBSD) $(LIBWRAP) $(LIBNSL) MAN8 = mountd include $(TOP)rules.mk diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c index cee1981..e87831a 100644 --- a/utils/mountd/mount_dispatch.c +++ b/utils/mountd/mount_dispatch.c @@ -6,6 +6,10 @@ #include "config.h" +#ifdef HAVE_TCP_WRAPPER +#include "tcpwrapper.h" +#endif + #include "mountd.h" #include "rpcmisc.h" @@ -65,6 +69,15 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp) union mountd_arguments argument; union mountd_results result; +#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ + if (!check_default("mountd", svc_getcaller(transp), + rqstp->rq_proc, MOUNTPROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +#endif + rpc_dispatch(rqstp, transp, dtable, number_of(dtable), &argument, &result); } diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 1eeefdc..d79bf15 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -445,6 +445,8 @@ main(int argc, char **argv) sigaction(SIGHUP, &sa, NULL); sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + sigaction(SIGCHLD, &sa, NULL); if (nfs_version & 0x1) rpc_init("mountd", MOUNTPROG, MOUNTVERS, diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man index 593037b..9dff681 100644 --- a/utils/mountd/mountd.man +++ b/utils/mountd/mountd.man @@ -2,7 +2,7 @@ .\" mountd(8) .\" .\" Copyright (C) 1999 Olaf Kirch -.TH rpc.mountd 8 "31 May 1999" +.TH rpc.mountd 8 "25 Aug 2000" .SH NAME rpc.mountd \- NFS mount daemon .SH SYNOPSIS @@ -48,38 +48,87 @@ user level part of the NFS service. .P However, this file is mostly ornamental. One, the client can continue to use the file handle even after calling -.BR rpc.mountd 's +.B rpc.mountd 's UMOUNT procedure. And two, if a client reboots without notifying -.BR rpc.mountd , +.B rpc.mountd , a stale entry will remain in .BR rmtab . .SH OPTIONS .TP -.\" This file isn't touched by mountd at all--even though it -.\" accepts the option. -.\" .BR \-f " or " \-\-exports-file -.\" This option specifies the exports file, listing the clients that this -.\" server is prepared to serve and parameters to apply to each -.\" such mount (see -.\" .BR exports (5)). -.\" By default, export information is read from -.\" .IR /etc/exports . +.B \-d " or " \-\-debug +Turn on debugging. .TP -.BR \-N " or " \-\-no-nfs-version +.B \-F " or " \-\-foreground +Run in foreground (do not daemonize) +.TP +.B \-f " or " \-\-exports-file +This option specifies the exports file, listing the clients that this +server is prepared to serve and parameters to apply to each +such mount (see +.BR exports (5)). +By default, export information is read from +.IR /etc/exports . +.TP +.B \-h " or " \-\-help +Display usage message. +.TP +.B \-N " or " \-\-no-nfs-version This option can be used to request that .B rpc.mountd -does not offer certain versions of NFS. The current version of +do not offer certain versions of NFS. The current version of .B rpc.mountd can support both NFS version 2 and the newer version 3. If the NFS kernel module was compiled without support for NFSv3, .B rpc.mountd must be invoked with the option -.BR "\-\-no-nfs-version 3" . +.B "\-\-no-nfs-version 3" . +.TP +.B \-P +Ignored (compatibility with unfsd??). +.TP +.B \-p " or " \-\-port +Force +.B rpc.mountd +to bind to the specified port, instead of using the random port +number assigned by the portmapper. .TP -.BR \-v " or " \-\-version +.B \-V " or " \-\-nfs-version +This option can be used to request that +.B rpc.mountd +offer certain versions of NFS. The current version of +.B rpc.mountd +can support both NFS version 2 and the newer version 3. +.TP +.B \-v " or " \-\-version Print the version of .B rpc.mountd and exit. + +.SH TCP_WRAPPERS SUPPORT +This +.B rpc.mountd +version is protected by the +.B tcp_wrapper +library. You have to give the clients access to +.B rpc.mountd +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +mountd: .bar.com + +You have to use the daemon name +.B mountd +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH SEE ALSO .BR rpc.nfsd (8), .BR exportfs (8), diff --git a/utils/rquotad/Makefile b/utils/rquotad/Makefile index 82928b6..aaf5762 100644 --- a/utils/rquotad/Makefile +++ b/utils/rquotad/Makefile @@ -1,5 +1,5 @@ # -# Makefile for rpc.mountd +# Makefile for rpc.rquotad # PROGRAM = rquotad diff --git a/utils/rquotad/rquota_svc.c b/utils/rquotad/rquota_svc.c index 81b6928..f55c192 100644 --- a/utils/rquotad/rquota_svc.c +++ b/utils/rquotad/rquota_svc.c @@ -34,6 +34,7 @@ #include #include #include +#include #ifdef __STDC__ #define SIG_PF void(*)(int) @@ -66,7 +67,7 @@ static void rquotaprog_1(struct svc_req *rqstp, register SVCXPRT *transp) #ifdef HAVE_TCP_WRAPPER /* remote host authorization check */ if (!check_default("rquotad", svc_getcaller(transp), - rqstp->rq_proc, (u_long) 0)) { + rqstp->rq_proc, RQUOTAPROG)) { svcerr_auth (transp, AUTH_FAILED); return; } @@ -138,6 +139,15 @@ static void rquotaprog_2(struct svc_req *rqstp, register SVCXPRT *transp) xdrproc_t xdr_argument, xdr_result; char *(*local)(char *, struct svc_req *); +#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ + if (!check_default("rquotad", svc_getcaller(transp), + rqstp->rq_proc, RQUOTAPROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +#endif + /* * Don't bother authentication for NULLPROC. */ @@ -203,6 +213,9 @@ int main(int argc, char **argv) openlog("rquota", LOG_PID, LOG_DAEMON); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + signal(SIGCHLD, SIG_IGN); + transp = svcudp_create(RPC_ANYSOCK); if (transp == NULL) { syslog(LOG_ERR, "cannot create udp service."); diff --git a/utils/rquotad/rquotad.man b/utils/rquotad/rquotad.man index da8fa8c..9b16df5 100644 --- a/utils/rquotad/rquotad.man +++ b/utils/rquotad/rquotad.man @@ -1,5 +1,5 @@ -.\"@(#)rquotad.8c" -.TH RQUOTAD 8C" +.\"@(#)rquotad.8" +.TH RQUOTAD 8 "25 Aug 2000" .SH NAME rquotad, rpc.rquotad \- remote quota server .SH SYNOPSIS @@ -13,7 +13,7 @@ rquotad, rpc.rquotad \- remote quota server .IX "quotas" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server" .IX "file system" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server" .IX "remote procedure call services" "rquotad" "" "\fLrquotad\fP \(em remote quota server" -.B rquotad +.BR rquotad is an .BR rpc (3N) server which returns quotas for a user of a local file system @@ -22,20 +22,52 @@ which is mounted by a remote machine over the The results are used by .BR quota (1) to display user quotas for remote file systems. + The -.B rquotad +.BR rquotad daemon is normally started at boottime from the .BR rc.net -script +script (on systems with BSD'ish scripts, e.g. Slackware), or from the +.BR nfs +script in +.BR /etc/rc.d/init.d/ +or +.BR /etc/init.d/ +(on systems with SysV'ish scripts, e.g. RedHat, SuSE, etc). + +.SH TCP_WRAPPERS SUPPORT +This +.BR rpc.rquotad +version is protected by the +.BR tcp_wrapper +library. You have to give the clients access to +.BR rpc.rquotad +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +mountd: .bar.com + +You have to use the daemon name +.BR rquotad +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH FILES -.PD 0 -.TP 20 -.B quotas -quota file at the file system root +.BR quota.user , +.BR quota.group +-- quota files locate in the file system's root .PD .SH "SEE ALSO" -.BR quota (1), +.BR quota (8), .BR rpc (3N), -.BR nfs (4P), +.BR nfs (5), .BR services (5) -.BR inetd (8C), +.BR inetd (8), diff --git a/utils/statd/statd.c b/utils/statd/statd.c index d07a260..0c3b5e9 100644 --- a/utils/statd/statd.c +++ b/utils/statd/statd.c @@ -36,7 +36,7 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) { /* remote host authorization check */ if (!check_default("statd", svc_getcaller(transp), - rqstp->rq_proc, (u_long) 0)) { + rqstp->rq_proc, SM_PROG)) { svcerr_auth (transp, AUTH_FAILED); return; } @@ -104,6 +104,8 @@ main (int argc, char **argv) signal (SIGHUP, killer); signal (SIGINT, killer); signal (SIGTERM, killer); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + signal(SIGCHLD, SIG_IGN); for (;;) { pmap_unset (SM_PROG, SM_VERS); diff --git a/utils/statd/statd.man b/utils/statd/statd.man index 373cf77..38db9c5 100644 --- a/utils/statd/statd.man +++ b/utils/statd/statd.man @@ -3,7 +3,7 @@ .\" .\" Copyright (C) 1999 Olaf Kirch .\" Modified by Jeffrey A. Uphoff, 1999. -.TH rpc.statd 8 "11 June 1999" +.TH rpc.statd 8 "20 Aug 2000" .SH NAME rpc.statd \- NSM status monitor .SH SYNOPSIS @@ -36,6 +36,32 @@ forks and puts itself in the background when started. The .B -F argument tells it to remain in the foreground. This option is mainly for debugging purposes. + +.SH TCP_WRAPPERS SUPPORT +This +.B rpc.statd +version is protected by the +.B tcp_wrapper +library. You have to give the clients access to +.B rpc.statd +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +statd: .bar.com + +You have to use the daemon name +.B statd +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH FILES .BR /var/lib/nfs/sm/state .br -- 2.39.2 From 1f06942239a30cdb9a06990cc087267bc8655b87 Mon Sep 17 00:00:00 2001 From: hjl Date: Sat, 26 Aug 2000 04:19:09 +0000 Subject: [PATCH 11/16] 2000-08-25 H.J. Lu * support/misc/tcpwrapper.c (logit): Modify the log output. --- ChangeLog | 4 ++++ support/misc/tcpwrapper.c | 12 +++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6561cf5..a80a45e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2000-08-25 H.J. Lu + + * support/misc/tcpwrapper.c (logit): Modify the log output. + 2000-08-25 Ion Badulescu * utils/rquotad/rquotad.man, utils/statd/statd.man, diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index ba76864..8743a7b 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -221,9 +221,9 @@ u_long prognum; char *text; { char *procname; - char procbuf[4 * sizeof(u_long)]; + char procbuf[16 + 4 * sizeof(u_long)]; char *progname; - char progbuf[4 * sizeof(u_long)]; + char progbuf[16 + 4 * sizeof(u_long)]; struct rpcent *rpc; /* @@ -242,16 +242,18 @@ char *text; } else if ((rpc = getrpcbynumber((int) prognum))) { progname = rpc->r_name; } else { - sprintf(progname = progbuf, "%lu", prognum); + snprintf(progname = progbuf, sizeof (progbuf), + "prog (%lu)", prognum); } /* Try to map procedure number to name. */ - sprintf(procname = procbuf, "%lu", (u_long) procnum); + snprintf(procname = procbuf, sizeof (procbuf), + "proc (%lu)", (u_long) procnum); /* Write syslog record. */ - syslog(severity, "connect from %s to %s(%s)%s", + syslog(severity, "connect from %s to %s in %s%s", inet_ntoa(addr->sin_addr), procname, progname, text); exit(0); } -- 2.39.2 From f1a5721d6d085f2fad7e62ab824b3eac5226cf03 Mon Sep 17 00:00:00 2001 From: chip Date: Sun, 27 Aug 2000 00:24:35 +0000 Subject: [PATCH 12/16] Fix distros. Update change list. --- debian/changelog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index f773143..b0d34f0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -nfs-utils (1:0.1.9.1-2) frozen unstable; urgency=medium +nfs-utils (1:0.1.9.1-2) unstable; urgency=medium + * Upstream addition of tcpwrapper support in statd and mountd. * Upstream fixes from H.J. Lu and Neil Brown. + * Run exportfs first during startup (again). - -- Chip Salzenberg Wed, 25 Aug 2000 10:30:00 -0700 + -- Chip Salzenberg Sat, 26 Aug 2000 17:30:00 -0700 nfs-utils (1:0.1.9.1-1) frozen unstable; urgency=high -- 2.39.2 From ab54ee454b411b1eeedbb65ad0ae14d587c3b09d Mon Sep 17 00:00:00 2001 From: hjl Date: Wed, 30 Aug 2000 14:15:15 +0000 Subject: [PATCH 13/16] 2000-08-30 H.J. Lu * configure.in (VERSION): Set to "0.2". * configure: Regenerated. * nfs-utils.spec: Updated. --- ChangeLog | 6 ++++++ configure | 2 +- configure.in | 2 +- nfs-utils.spec | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a80a45e..0f30fc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2000-08-30 H.J. Lu + + * configure.in (VERSION): Set to "0.2". + * configure: Regenerated. + * nfs-utils.spec: Updated. + 2000-08-25 H.J. Lu * support/misc/tcpwrapper.c (logit): Modify the log output. diff --git a/configure b/configure index c624d88..6dabc03 100755 --- a/configure +++ b/configure @@ -533,7 +533,7 @@ fi # The nfs-utils version -VERSION="0.1.9.1" +VERSION="0.2" # Check whether --with-statedir or --without-statedir was given. diff --git a/configure.in b/configure.in index 3ca9f21..8db3b00 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ AC_INIT(rules.mk) AC_PREFIX_DEFAULT(/usr) # The nfs-utils version -VERSION="0.1.9.1" +VERSION="0.2" AC_SUBST(VERSION) dnl ************************************************************* diff --git a/nfs-utils.spec b/nfs-utils.spec index 5815978..cd03476 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -1,6 +1,6 @@ Summary: NFS utlilities and supporting daemons for the kernel NFS server. Name: nfs-utils -Version: 0.1.9.1 +Version: 0.2 Release: 1 Source0: ftp://nfs.sourceforge.net/pub/nfs/%{name}-%{version}.tar.gz Group: System Environment/Daemons -- 2.39.2 From 0f0769643d8e2876f99dc1dbd6ff374333d0a159 Mon Sep 17 00:00:00 2001 From: jweber Date: Fri, 1 Sep 2000 18:51:50 +0000 Subject: [PATCH 14/16] rpc.mountd nfs version detection --- ChangeLog | 6 ++++++ etc/redhat/nfs.init | 17 ++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0f30fc0..45e7d41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2000-09-01 Jay Weber + + * etc/redhat/nfs.init: Added ability for rpc.mountd to default to + supporting version 3 of nfs if available, else it will fall back to + version 2 support only. + 2000-08-30 H.J. Lu * configure.in (VERSION): Set to "0.2". diff --git a/etc/redhat/nfs.init b/etc/redhat/nfs.init index eb95a24..5a40f4f 100755 --- a/etc/redhat/nfs.init +++ b/etc/redhat/nfs.init @@ -29,8 +29,8 @@ fi # Number of servers to be started up by default RPCNFSDCOUNT=8 -# No NFS V3. -RPCMOUNTDOPTS="--no-nfs-version 3" +# Default to NFS version 3. +RPCMOUNTDOPTS="" # See how we were called. case "$1" in @@ -40,12 +40,19 @@ case "$1" in echo -n "Starting NFS quotas: " daemon rpc.rquotad echo - echo -n "Starting NFS mountd: " - daemon rpc.mountd $RPCMOUNTDOPTS - echo echo -n "Starting NFS daemon: " daemon rpc.nfsd $RPCNFSDCOUNT echo + + # Let's see if we support NFS version 3. + /usr/sbin/rpcinfo -u localhost nfs 3 &>/dev/null + if [ $? -ne 0 ]; then + RPCMOUNTDOPTS="--no-nfs-version 3" + fi + + echo -n "Starting NFS mountd: " + daemon rpc.mountd $RPCMOUNTDOPTS + echo touch /var/lock/subsys/nfs ;; stop) -- 2.39.2 From a9f0d056fde495ebca05dd6fbffca3af54c4aca4 Mon Sep 17 00:00:00 2001 From: hjl Date: Fri, 1 Sep 2000 19:48:11 +0000 Subject: [PATCH 15/16] 2000-09-01 H.J. Lu * README: Updated for 0.2. --- ChangeLog | 4 ++++ README | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 45e7d41..7f872c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2000-09-01 H.J. Lu + + * README: Updated for 0.2. + 2000-09-01 Jay Weber * etc/redhat/nfs.init: Added ability for rpc.mountd to default to diff --git a/README b/README index af42d00..0868bf0 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the Linux NFS utility package version 0.1.9.1. +This is the Linux NFS utility package version 0.2. There is a Linux NFS mailing list at @@ -14,8 +14,8 @@ will get the latest version. The files are -ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9.1.tar.gz -ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9-0.1.9.1.diff.gz +ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.2.tar.gz +ftp://nfs.sourceforge.net/pub/nfs/nfs-utils-0.1.9.1-0.2.diff.gz To compile, just do @@ -30,7 +30,7 @@ They are tested on RedHat 6.2. On RedHat 6.2, you can use -# rpm -ta nfs-utils-0.1.9.1.tar.gz +# rpm -ta nfs-utils-0.2.tar.gz to build the source and binary RPMs. @@ -48,4 +48,4 @@ Thanks. H.J. hjl@lucon.org -07/04/2000 +09/01/2000 -- 2.39.2 From 1c290a9551affd855cab3b246f9f893e2072f34b Mon Sep 17 00:00:00 2001 From: chip Date: Tue, 5 Sep 2000 18:33:32 +0000 Subject: [PATCH 16/16] Version 0.2. --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index b0d34f0..21c6777 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +nfs-utils (1:0.2-1) unstable; urgency=low + + * New upstream version number. + * Minor fixes. + + -- Chip Salzenberg Tue, 5 Sep 2000 11:30:00 -0700 + nfs-utils (1:0.1.9.1-2) unstable; urgency=medium * Upstream addition of tcpwrapper support in statd and mountd. -- 2.39.2