nfs-utils.git/support, branch gss-fixes NFS utils related patches nfsd: fix minorversion-choosing interface 2014-01-07T20:57:48+00:00 J. Bruce Fields bfields@redhat.com 2014-01-07T20:37:58+00:00 93648ecc10bae7ed542056abb55f4b8f10ddbbb9 From: "J. Bruce Fields" <bfields@redhat.com> By unconditionally adding ?4.2 to the version string written to the kernel we make nfs-utils incompatible with pre-4.2-supporting kernels. Ditto for 4.1. This problem was introduced by 12a590f8d556c00a9502eeebaa763d906222d521 "rpc.nfsd: Allow v4.2 server support with the -V option", which also change nfsd to unconditionally pass ?4.2. Instead, just don't mention 4.1 or 4.2 unless the commandline has specifically requested that one or the other be turned on or off. Tested-by: Joakim Tjernlund <joakim.tjernlund@transmode.se> Reported-by: Joakim Tjernlund <joakim.tjernlund@transmode.se> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
From: "J. Bruce Fields" <bfields@redhat.com>

By unconditionally adding ?4.2 to the version string written to the
kernel we make nfs-utils incompatible with pre-4.2-supporting kernels.

Ditto for 4.1.  This problem was introduced by
12a590f8d556c00a9502eeebaa763d906222d521 "rpc.nfsd: Allow v4.2 server
support with the -V option", which also change nfsd to unconditionally
pass ?4.2.

Instead, just don't mention 4.1 or 4.2 unless the commandline has
specifically requested that one or the other be turned on or off.

Tested-by: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Reported-by: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: consolidate mydaemon() and release_parent() implementations 2013-11-20T20:04:47+00:00 Jeff Layton jlayton@redhat.com 2013-11-20T20:00:41+00:00 6a46d870c61433c8dea0270d9c10702b7b4b3d99 We currently have 2 cut-and-paste versions of this code. One for idmapd and one for svcgssd.[1] The two are basically equivalent but there are some small differences, mostly related to how errors in that function are logged. svcgssd uses printerr() with a priority of 1, which only prints errors if -v was specified. That doesn't seem to be quite right. Daemonizing errors are necessarily fatal and should be logged as such. The one for idmapd uses err(), which always prints to stderr even though we have the xlog facility set up. Since both have xlog configured at this point, log the errors using xlog_err() instead. The only other significant difference I see is that the idmapd version will open "/" if it's unable to open "/dev/null". I believe that however was a holdover from an earlier version of that function that did not error out when we were unable to open a file descriptor. Since the function does that now, I don't believe we need that fallback anymore. [1]: technically, we have a third in statd too, but it's different enough that I don't want to touch it here. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
We currently have 2 cut-and-paste versions of this code. One for idmapd
and one for svcgssd.[1]

The two are basically equivalent but there are some small differences,
mostly related to how errors in that function are logged. svcgssd uses
printerr() with a priority of 1, which only prints errors if -v was
specified. That doesn't seem to be quite right. Daemonizing errors are
necessarily fatal and should be logged as such. The one for idmapd uses
err(), which always prints to stderr even though we have the xlog
facility set up. Since both have xlog configured at this point, log the
errors using xlog_err() instead.

The only other significant difference I see is that the idmapd version
will open "/" if it's unable to open "/dev/null". I believe that however
was a holdover from an earlier version of that function that did not
error out when we were unable to open a file descriptor. Since the
function does that now, I don't believe we need that fallback anymore.

[1]: technically, we have a third in statd too, but it's different
     enough that I don't want to touch it here.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: Add the ability to disable UDP listeners. 2013-11-05T19:11:44+00:00 Steve Dickson steved@redhat.com 2013-11-05T19:11:44+00:00 ff948a50ef1013d7caa5d66e5534f69a94ec1c88 Add the ability to turn off UDP listeners with the new "-u | --no-udp" flag. Signed-off-by: Steve Dickson <steved@redhat.com> 
Add the ability to turn off UDP listeners with the
new "-u | --no-udp" flag.

Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: Use protocol bit fields to turn protocols off. 2013-11-05T19:10:05+00:00 Steve Dickson steved@redhat.com 2013-11-05T19:10:05+00:00 a80482157632584ee03df58ed1eef3cefd95bbcb Convert the current code to used the NFSCTL_XXX macros to turn off the TCP listener. Signed-off-by: Steve Dickson <steved@redhat.com> 
Convert the current code to used the NFSCTL_XXX macros
to turn off the TCP listener.

Signed-off-by: Steve Dickson <steved@redhat.com>
exportfs: exit with error code if there was any error (take 2). 2013-11-05T19:03:53+00:00 NeilBrown neilb@suse.de 2013-11-05T19:03:53+00:00 d4a408776d611cd62235232d65d488d02fca78e4 exportfs currently exits with a non-zero error for some errors, but not for others. It does this by having various support routines set the global variable "export_errno". Change this to have 'xlog' set export_errno if an ERROR is reported. That way all errors will be caught. Note that the exit error code is changed from 22 (EINVAL) to the more traditional '1'. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
exportfs currently exits with a non-zero error for some errors,
but not for others.

It does this by having various support routines set the global
variable "export_errno".

Change this to have 'xlog' set export_errno if an ERROR is
reported.  That way all errors will be caught.

Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Stop Treat IP addresses a FQDN rather than SUBNETs. 2013-10-24T20:06:10+00:00 NeilBrown neilb@suse.de 2013-10-24T19:58:45+00:00 8a5da2b392bc25feb58a9de11cac411f5f8473bb I think there was a reason for this many years ago, but I can not find any evidence that it ever really did anything useful and it certainly doesn't seem to now. And the documentation suggests that IP address take precedence over SUBNETs, and that can only happen if they are treated as MCL_FQDN. So remove this apparently pointless code. Reported-and-tested-by: Wangminlan <wangminlan@huawei.com> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
I think there was a reason for this many years ago,
but I can not find any evidence that it ever really did
anything useful and it certainly doesn't seem to now.

And the documentation suggests that IP address take precedence over
SUBNETs, and that can only happen if they are treated as MCL_FQDN.

So remove this apparently pointless code.

Reported-and-tested-by: Wangminlan <wangminlan@huawei.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
exportfs: exit with error code if there was any error. 2013-10-22T08:36:54+00:00 NeilBrown neilb@suse.de 2013-10-22T08:36:54+00:00 232eb7ad09f9fd2ae4918699f850e4f8cadc2632 exportfs currently exits with a non-zero error for some errors, but not for others. It does this by having various support routines set the global variable "export_errno". Change this to have 'xlog' set export_errno if an ERROR is reported. That way all errors will be caught. Note that the exit error code is changed from 22 (EINVAL) to the more traditional '1'. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
exportfs currently exits with a non-zero error for some errors,
but not for others.

It does this by having various support routines set the global
variable "export_errno".

Change this to have 'xlog' set export_errno if an ERROR is
reported.  That way all errors will be caught.

Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Revert "exportfs: Return non-zero exit value on error" 2013-10-22T08:32:08+00:00 Steve Dickson steved@redhat.com 2013-10-22T08:32:08+00:00 efe3c8d6cb4fc35909a64c0535087676a189fa5f This reverts commit 956aeff2e24304e938846f81f4b9db34cbf18a32. 
This reverts commit 956aeff2e24304e938846f81f4b9db34cbf18a32.
exportfs: Return non-zero exit value on error 2013-10-22T08:28:48+00:00 Tony Asleson tasleson@redhat.com 2013-10-22T08:28:48+00:00 956aeff2e24304e938846f81f4b9db34cbf18a32 To improve error handling when scripting exportfs it's useful to have non-zero exit codes when the requested operation did not succeed. This patch also returns a non-zero exit code if you request to unexport a non-existant share. Signed-off-by: Tony Asleson <tasleson@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
To improve error handling when scripting exportfs it's useful
to have non-zero exit codes when the requested operation did not
succeed.

This patch also returns a non-zero exit code if you request to
unexport a non-existant share.

Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
exportfs: Fix the default authentication flavour setting 2013-09-24T19:12:01+00:00 Trond Myklebust Trond.Myklebust@netapp.com 2013-09-24T19:12:01+00:00 7004991526be90ec2647d28c503936dc91bc9100 Commit 11ba3b1e01b67b7d19f26fba94fabdb60878e809 (Add a default flavor to an export's e_secinfo list) breaks the ordering of security flavours in the secinfo list, by reordering 'sec=sys' to always be the first secinfo flavour if one fails to set a default 'sec' setting. An export of the form: /export -sync,no_subtree_check,mp \ 192.168.1.0/24(sec=krb5p:krb5i:krb5,rw,sec=sys,ro) ends up getting translated by exportfs into the following entry in /var/lib/nfs/etab: /export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\ secure,root_squash,no_all_squash,\ no_subtree_check,secure_locks,acl,\ mountpoint,anonuid=65534,anongid=65534,\ sec=sys,ro,root_squash,no_all_squash,\ sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash) Note how the 'sec=sys' is now listed first... The fix is to defer adding the default flavour until the call to secinfo_show, when we can see if it is even needed at all. With the patch, the above export is now correctly entered in /var/lib/nfs/etab as: /export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\ secure,root_squash,no_all_squash,\ no_subtree_check,secure_locks,acl,\ mountpoint,anonuid=65534,anongid=65534,\ sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash,\ sec=sys,ro,root_squash,no_all_squash) Cc: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Commit 11ba3b1e01b67b7d19f26fba94fabdb60878e809 (Add a default flavor
to an export's e_secinfo list) breaks the ordering of security flavours
in the secinfo list, by reordering 'sec=sys' to always be the first
secinfo flavour if one fails to set a default 'sec' setting.

An export of the form:

/export -sync,no_subtree_check,mp \
           192.168.1.0/24(sec=krb5p:krb5i:krb5,rw,sec=sys,ro)

ends up getting translated by exportfs into the following entry in
/var/lib/nfs/etab:

/export	192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
                       secure,root_squash,no_all_squash,\
		       no_subtree_check,secure_locks,acl,\
		       mountpoint,anonuid=65534,anongid=65534,\
		       sec=sys,ro,root_squash,no_all_squash,\
		       sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash)

Note how the 'sec=sys' is now listed first...

The fix is to defer adding the default flavour until the call to
secinfo_show, when we can see if it is even needed at all.
With the patch, the above export is now correctly entered in
/var/lib/nfs/etab as:

/export	192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
			secure,root_squash,no_all_squash,\
			no_subtree_check,secure_locks,acl,\
			mountpoint,anonuid=65534,anongid=65534,\
			sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash,\
			sec=sys,ro,root_squash,no_all_squash)

Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>