| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
check.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
librpcsecgss provides authgss_free_private_data() as a pair to
authgss_get_private_data(). libtirpc does not - until recently.
This ommision results in authgss_destroy_context() sending an
incorrect RPCSEC_GSS_DESTROY request when gssd calls AUTH_DESTROY().
The call has been added to libtirpc, so this patch updates nfs-utils
to check for the presense of the function in libtirpc and to set
HAVE_AUTHGSS_FREE_PRIVATE_DATA if it is present.
This is also set unconditionally if librpcsecgss is used.
gssd is changed to test this value rather than HAVE_LIBTIRPC when
chosing whether to call authgss_free_private_data().
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
From: Hemmo Nieminen <hemmo.nieminen@iki.fi>
Instead of closing the sockets before requesting a new one, keep them
open until a suitable one is found. Otherwise bindresvport will return
the same port over and over again.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From: David Jeffery <djeffery@redhat.com>
The daemon "rpc.idmapd" scans the /var/lib/nfs/rpc_pipefs/nfs/ directory
periodically looking for NFS client mounts to communicate to. The daemon
tried to open communication with a client mount but it disappeared in
between looking for directory entries and opening them. NFS mount was
umounted just before rpc.idmapd tried to communicate with it. This
behavior is usually seen when autofs is configured on the system.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The validateascii() check in imconv() maps NFSv4 domain names with
non-ASCII characters to 'nobody'. In setups where Active directory
or LDAP is used this causes names with UTF-8 characters to being
mapped to 'nobody' because of this check.
As Bruce Fields puts it:
"idmapd doesn't seem like the right place to enforce restrictions on
names. Once the system has allowed a name it's too late to be
complaining about it here."
Replace the validateascii() call in imconv() with a check for
null-termination just to be extra-careful and remove the validateascii()
function itself as the only user of that function is being
removed by this patch.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The is_subdirectory() function checks if a given 'child' is a
subdirectory of the given 'parent'. However it always fails
if 'parent' == "/" (because 'child' doesn't begin with 'parent'
followed by "/").
So change is_subdirectory() to special-case "/".
subexport() also tests if one directory is a subdirectory of the
other, and contains the same bug. So change it to use
is_subdirectory().
Finally, move is_subdirectory() and related path_matches() and
export_matches() earlier in the file to avoid a forward-reference.
This patch fixes a bug wherein if you export "/" with 'crossmnt', the
crossmnt flag is ineffective and you can only access the root
filesystem, not any descendants.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 5604b35a61e22930873ffc4e9971002f578e7978
nfs-utils: Increase the stdio file buffer size for procfs files
changed writes to some sysfs files to be line buffered (_IOLBF) where
they weren't before. While this probably makes sense, it introduced a
bug.
With fully buffered streams, you don't expect to get an error until you
call fflush(). With line buffered streams you can get the error
from fprintf() et al.
qword_eol() only tests the return from fflush(), not from fprintf().
Consequently errors were not noticed.
One result of this is that if you export, with crossmnt, a filesystem
underneath which are mounted non-exportable filesystems (e.g. /proc)
then an 'ls -l' on the client will block indefinitely waiting for a
meaningful 'yes' or 'no' from the server, but will never get one.
This patch changes qword_eol to test both fprintf and fflush.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a debugging feature, report the absolute pathname of the plug-in
library that mountd loads to resolve junctions.
Since mountd passes a relative path to dlopen(3), dlopen(3) must
search for the right library. Displaying the absolute pathname of
the object that it found verifies that mountd loaded the correct
plug-in.
Note: dlinfo(3) is provided by libdl, but there doesn't seem to be a
man page on Fedora 16 for dlinfo(3). Instead, see:
http://www.unix.com/man-page/all/3/dlinfo/
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We have previously raised the size of the 'pollarray' once (32 -> 256)
and I have had another request to make it bigger.
Rather than changing the hard-coded value, make it depend on
RLIMIT_NOFILE. This is an upper limit on the size of the array
that can be passed to poll() anyway.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
I can see no possible point for this test against FD_ALLOC_BLOCK,
so just remove the test.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
get_poll_index wants to walk the entire "pollarray", but uses
the constant FD_ALLOC_BLOCK, rather than the variable
pollsize (which has the same value). If we want to make the
size of the array variable, it is best not to use the constant.
As pollsize is 'unsigned long', 'i' should be too.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The target name contains a hostname in the realm that we are
authenticating
to. Since we may be authenticating to a different realm than the default
realm for the server, we should not assume that the target name and host
name point to the same string.
In fact, the kernel NFS client will always use its own hostname as the
target name, since it is always authenticating to its own default realm.
On the other hand, the NFS server's callback channel will pass the
hostname
of the NFS client that it is authenticating too (Section 3.4, RFC3530).
This patch fixes the handling of the target name in process_krb5_upcall,
and ensures that it gets passed to find_keytab_entry().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Either we trust the info file, or we don't. The current
'checks' only work for the combination 'nfs', '100003' and
a version number between 2 and 4.
The problem is that the callback channel also wants to use
'nfs' in combination with a different program number and
version number.
This patch throws the bogus checks out altogether and lets the
kernel use whatever combination it wants....
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
readdir picks up these two entries as "normal" dentries, but rmdir'ing
them won't work (and we wouldn't want to remove them anyway).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Remove a unnecessary newline in an error message.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With recent changes to the /etc/hosts file, the 'localhost'
host name is now multiply defined as both an IPv4 address (127.0.01)
and an IPv6 address (::1). This causes first address returned
by getaddrinfo('localhost') to be the IPv6 address instead of
the IPv4 address.
The change in the default 'localhost' address type causes
existing exports using '127.0.0.1' to fail, because the
'::1' address is tried first and fails. The problem is
not all the addresses in the address list are being tried.
So this patch allows that address list to continue to be
process when a 'EACCES' error is returned by the server.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since bf6a4febaa78bf188896b7b5b02c46562dd08b70 "mountd: handle
allocation failures in auth_unix_ip upcall", a failure to map the
address of an incoming client to a name could result in a hang.
We should be responding with an error in the case, not just skipping the
downcall and leaving everybody hanging.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
When svcgssd reads the supported encrytion types from the
kernel, they are prefixed with a 'enctypes='. That prefix
has to be ignored to correctly parse the rest of the types.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
When '--disable-nfsv4' is in the configure options, then
the building of nfsdcltrack need to be disabled as well.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Now that nfsdcld is gone, remove the section about starting it up.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since we want to move to using the usermodehelper upcall
unconditionally, just remove nfsdcld. The kernel code to handle
this will be formally deprecated in 3.10 as well.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the kernel passes the legacy recdir path in the environment, then we
can use that to transition from the old legacy tracker to the new one.
On a "check" operation, if there is no record of the client in the
database, check to see if there is a matching recoverydir. If there
isn't then just refuse the reclaim. If there is, then insert a new
record for this client into the db, and remove the legacy recoverydir.
If either of those operations fail, then refuse the reclaim.
On a "gracedone" operation, clean out the entire legacy recoverydir
after purging any unreclaimed records from the db. There's not much
we can do if this fails, so just log a warning if it does.
Note that this is a one-way conversion. If the user later boots back
into an older kernel, it will have no knowledge of the new database.
In principle, we could create a tool that would walk the clients
table, md5 hash the clientids and create directories in the
v4recovery dir. Doing that automatically would be pretty difficult
however.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tracking db
Usermode helper upcalls are all the rage these days for infrequent
upcalls, since they make it rather idiot-proof. No running daemon is
required, so there's really no setup beyond ensuring that the callout
exists and is runnable.
This program adds a callout program to nfs-utils for that purpose. The
storage engine on the backend is identical to the one used by nfsdcld.
This just adds a new frontend for it.
For now, building with --enable-nfsdcltrack gives you both nfsdcld and
nfsdcltrack programs. A later patch will remove nfsdcld altogether.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we add a new usermodehelper upcall program to do the database
access, the existing "init" function will be overkill every time
we start up the program.
Break out the database handle establishment routine into a separate
function that we can call from each upcall command in the one-shot
program.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is holdover from an earlier version of the code and doesn't really
provide any benefit. Also, mark the topdir and dirname arguments const
since they should never be changed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We'll soon be adding a new nfsdcltrack program, at which point it won't
make much sense to call this directory and the config option "nfsdcld".
Rename it to be a bit more generic.
While we're at it, change the default for --enable-cltrack to "yes".
When we introduce the one-shot program, we're going to want to build
it by default anyway.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
One too few arguments...
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
gssd_proc.c: In function handle_krb5_upcall:
gssd_proc.c:1117:2: warning: ISO C forbids return with expression, in
function returning void [-pedantic]
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
gssd_proc.c: At top level:
gssd_proc.c:782:5: warning: no previous prototype for create_auth_rpc_client [-Wmissing-prototypes]
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
gss_util.c: At top level:
gss_util.c:98:36: warning: ISO C does not allow extra ; outside of a
function [-pedantic]
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Fixed a number of -Wconversion warnings
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Removed a Wsign-conversion warning
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
