nfs-utils.git/support/nfs, branch gss-proxy-mods NFS utils related patches Add a default flavor to an export's e_secinfo list 2013-03-25T14:09:11+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:25:39+00:00 11ba3b1e01b67b7d19f26fba94fabdb60878e809 The list of security flavors that mountd allows for the NFSv4 pseudo-fs is constructed from the union of flavors of all current exports. exports(5) documents that the default security flavor for an export, if "sec=" is not specified, is "sys". Suppose /etc/exports contains: /a *(rw) /b *(rw,sec=krb5:krb5i:krb5p) The resulting security flavor list for the pseudo-fs is missing "sec=sys". /proc/net/rpc/nfsd.export/content contains: /a *(rw,root_squash,sync,wdelay,no_subtree_check, uuid=095c95bc:08e4407a:91ab8601:05fe0bbf) /b *(rw,root_squash,sync,wdelay,no_subtree_check, uuid=2a6fe811:0cf044a7:8fc75ebe:65180068, sec=390003:390004:390005) / *(ro,root_squash,sync,no_wdelay,v4root,fsid=0, uuid=2a6fe811:0cf044a7:8fc75ebe:65180068, sec=390003:390004:390005) The root entry is not correct, as there does exist an export whose unspecified default security flavor is "sys". The security settings on the root cause sec=sys mount attempts to be incorrectly rejected. The reason is that when the line in /etc/exports for "/a" is parsed, the e_secinfo list for that exportent is left empty. Thus the union of e_secinfo lists created by set_pseudofs_security() is "krb5:krb5i:krb5p". I fixed this by ensuring that if no "sec=" option is specified for an export, its e_secinfo list gets at least an entry for AUTH_UNIX. [ Yes, we could make the security flavors allowed for the pseudo-fs a fixed list of all flavors the server supports. That becomes complicated by the special meaning of AUTH_NULL, and we still have to check /etc/exports for whether Kerberos flavors should be listed. I opted for a simple approach for now. ] Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
The list of security flavors that mountd allows for the NFSv4
pseudo-fs is constructed from the union of flavors of all current
exports.

exports(5) documents that the default security flavor for an
export, if "sec=" is not specified, is "sys".  Suppose
/etc/exports contains:

/a  *(rw)
/b  *(rw,sec=krb5:krb5i:krb5p)

The resulting security flavor list for the pseudo-fs is missing
"sec=sys".  /proc/net/rpc/nfsd.export/content contains:

/a  *(rw,root_squash,sync,wdelay,no_subtree_check,
        uuid=095c95bc:08e4407a:91ab8601:05fe0bbf)
/b  *(rw,root_squash,sync,wdelay,no_subtree_check,
        uuid=2a6fe811:0cf044a7:8fc75ebe:65180068,
        sec=390003:390004:390005)
/   *(ro,root_squash,sync,no_wdelay,v4root,fsid=0,
        uuid=2a6fe811:0cf044a7:8fc75ebe:65180068,
        sec=390003:390004:390005)

The root entry is not correct, as there does exist an export whose
unspecified default security flavor is "sys".  The security settings
on the root cause sec=sys mount attempts to be incorrectly rejected.

The reason is that when the line in /etc/exports for "/a" is parsed,
the e_secinfo list for that exportent is left empty.  Thus the union
of e_secinfo lists created by set_pseudofs_security() is
"krb5:krb5i:krb5p".

I fixed this by ensuring that if no "sec=" option is specified for
an export, its e_secinfo list gets at least an entry for AUTH_UNIX.

[ Yes, we could make the security flavors allowed for the pseudo-fs
a fixed list of all flavors the server supports.  That becomes
complicated by the special meaning of AUTH_NULL, and we still have
to check /etc/exports for whether Kerberos flavors should be listed.
I opted for a simple approach for now. ]

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: fix checking for errors when exporting filesystems 2012-12-17T21:33:17+00:00 NeilBrown neilb@suse.de 2012-12-17T21:19:09+00:00 ffe1b3f8483c96e85409e5ea5ed69ab98128a3a1 commit 5604b35a61e22930873ffc4e9971002f578e7978 nfs-utils: Increase the stdio file buffer size for procfs files changed writes to some sysfs files to be line buffered (_IOLBF) where they weren't before. While this probably makes sense, it introduced a bug. With fully buffered streams, you don't expect to get an error until you call fflush(). With line buffered streams you can get the error from fprintf() et al. qword_eol() only tests the return from fflush(), not from fprintf(). Consequently errors were not noticed. One result of this is that if you export, with crossmnt, a filesystem underneath which are mounted non-exportable filesystems (e.g. /proc) then an 'ls -l' on the client will block indefinitely waiting for a meaningful 'yes' or 'no' from the server, but will never get one. This patch changes qword_eol to test both fprintf and fflush. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
commit 5604b35a61e22930873ffc4e9971002f578e7978
  nfs-utils: Increase the stdio file buffer size for procfs files

changed writes to some sysfs files to be line buffered (_IOLBF) where
they weren't before.  While this probably makes sense, it introduced a
bug.

With fully buffered streams, you don't expect to get an error until you
call fflush(). With line buffered streams you can get the error
from fprintf() et al.

qword_eol() only tests the return from fflush(), not from fprintf().
Consequently errors were not noticed.

One result of this is that if you export, with crossmnt, a filesystem
underneath which are mounted non-exportable filesystems (e.g. /proc)
then an 'ls -l' on the client will block indefinitely waiting for a
meaningful 'yes' or 'no' from the server, but will never get one.

This patch changes qword_eol to test both fprintf and fflush.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: Avoid unnecessary type conversions 2012-10-30T19:30:08+00:00 Chuck Lever chuck.lever@oracle.com 2012-10-30T18:02:24+00:00 7df8ca883bfd668eb559ea1b8da7c7b6e41d5b1a Removed a number of Wconversion warnings in the mountd code. Took the opportunity to eliminate some code duplication. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Removed a number of Wconversion warnings in the mountd code.

Took the opportunity to eliminate some code duplication.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
rpc.idmap: Hide global symbols from libidmap plugins 2012-03-16T13:52:47+00:00 Noah Friedman friedman@splode.com 2012-03-15T16:52:50+00:00 3ce15aeaa66a2f523c6fa92bfe818734bdedfcea This patch limits the visibility of the symbols in the nfs-utils conffile.c so that they are only visible to programs linked directly to it. This forces the objects dynamically loaded via libnfsidmap to use the functions defined in that shared library instead. Signed-off-by: Steve Dickson <steved@redhat.com> 
This patch limits the visibility of the symbols in the nfs-utils
conffile.c so that they are only visible to programs linked directly to
it.  This forces the objects dynamically loaded via libnfsidmap to use
the functions defined in that shared library instead.

Signed-off-by: Steve Dickson <steved@redhat.com>
Kill SPKM3: Remove also the dependent lipkey mechanism 2012-03-12T21:09:41+00:00 Simo Sorce simo@redhat.com 2012-03-12T21:06:41+00:00 c72bf12bd81bc782cbcfada5cabd3200c042ae25 Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Kill SPKM3: Remove spkm3 support from exports 2012-03-12T19:56:07+00:00 Simo Sorce simo@redhat.com 2012-03-12T19:49:50+00:00 e18d56286b81d61c58ea1d4cb2539530695226e3 signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
nfsmount: Fixed parsing error in the nfsmount.conf code. 2012-03-06T16:04:43+00:00 Steve Dickson steved@redhat.com 2012-03-06T16:03:38+00:00 bc3c8b3496598b6f7a2d0692f3351c3704cb4b9d When the options where prefixed with spaces (instead of tabs) the second option in the list was missed to so a miscalculation the the nfsmount.conf parsing code. Signed-off-by: Steve Dickson <steved@redhat.com> 
When the options where prefixed with spaces (instead of tabs)
the second option in the list was missed to so a miscalculation
the the nfsmount.conf parsing code.

Signed-off-by: Steve Dickson <steved@redhat.com>
nfsctl: fix building with newer arches 2012-01-05T20:42:40+00:00 Mike Frysinger vapier@gentoo.org 2012-01-05T18:21:24+00:00 47e159ae88f03077a4746eb335d278399272f0ac Newer arches omitting both nfsctl and nfsservctl which breaks nfsctl. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Steve Dickson <steved@redhat.com> 
Newer arches omitting both nfsctl and nfsservctl which breaks nfsctl.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
rpc.idmapd: Sections in idmapd.conf are ignored. 2011-11-14T21:08:31+00:00 Steve Dickson steved@redhat.com 2011-11-14T14:54:47+00:00 d22ef3f525d71b565fcc688557273a6cabeeb71a In the parsing routine, conf_parse_line(), a string is not being null terminated which is causing section of the config file to be ignored. https://bugzilla.linux-nfs.org/show_bug.cgi?id=205 Signed-off-by: Steve Dickson <steved@redhat.com> 
In the parsing routine, conf_parse_line(), a string
is not being null terminated which is causing
section of the config file to be ignored.

https://bugzilla.linux-nfs.org/show_bug.cgi?id=205

Signed-off-by: Steve Dickson <steved@redhat.com>
pdate addres for Free Software Foundation 2011-08-29T16:57:07+00:00 NeilBrown neilb@suse.de 2011-08-29T16:56:17+00:00 12544486ef2de86e4f2dfc920cd2860fb81658d1 License texts contain multiple address for FSF, some wrong. So update them and replace COPYING file with http://www.gnu.org/licenses/gpl-2.0.txt which has a few changes to preamble and commentary. Also remove extra COPYING file from utils/statd/ Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
License texts contain multiple address for FSF, some wrong.
So update them and  replace COPYING file with
http://www.gnu.org/licenses/gpl-2.0.txt
which has a few changes to preamble and commentary.

Also remove extra COPYING file from utils/statd/

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>