nfs-utils.git/utils, branch master NFS utils related patches Provide macros for non-standard gss symbols 2013-03-26T16:20:45+00:00 Simo Sorce simo@redhat.com 2013-03-26T16:04:06+00:00 1f7c862d24da1328d53ed0980fd9abd19ad550ae libgsglue uses non standard name for mechanism specific extensions to gssapi which normally have gss_krb5_* names. Provide symbol substitution headers so that nfs-utils can be compiled both against libgssglue and the native GSSAPI implementation. Signed-off-by: Simo Sorce <simo@redhat.com> 
libgsglue uses non standard name for mechanism specific extensions to gssapi
which normally have gss_krb5_* names.
Provide symbol substitution headers so that nfs-utils can be compiled both
against libgssglue and the native GSSAPI implementation.

Signed-off-by: Simo Sorce <simo@redhat.com>
Switch to use standard GSSAPI by default 2013-03-26T16:15:19+00:00 Simo Sorce simo@redhat.com 2013-03-26T15:11:41+00:00 df16cc255bf2d208a61c7d9810e3be6685b697a6 Make libgssglue configurable still but disabled by default. There is no reason to use libgssglue anymore, and modern gssapi supports all needed features for nfs-utils. Signed-off-by: Simo Sorce <simo@redhat.com> 
Make libgssglue configurable still but disabled by default.
There is no reason to use libgssglue anymore, and modern gssapi
supports all needed features for nfs-utils.

Signed-off-by: Simo Sorce <simo@redhat.com>
nfsd: Add support for the -V and --nfs-version optional arguments 2013-03-25T20:07:59+00:00 Trond Myklebust Trond.Myklebust@netapp.com 2013-03-25T20:07:59+00:00 e79baddaa1d8cf24cce929e14f6f91ac0d5e15d0 Add command line options to enable those NFS versions that are currently disabled by default. We choose to use the options '-V' and '--nfs-version' for compatibility with rpc.mountd. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Add command line options to enable those NFS versions that are
currently disabled by default. We choose to use the options '-V'
and '--nfs-version' for compatibility with rpc.mountd.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
mountd: regression in crossmounts 2013-03-25T14:09:11+00:00 Steve Dickson steved@redhat.com 2013-03-23T14:30:17+00:00 ebe2826ca571a3959c3b5c8e29686c621f2775cf commit 8e2fb3fc cause a regression in mount export that are on different local file system. Exports like (all on different filesystems) /home *(rw,fsid=0,crossmnt) /home/fs1 *(rw,crossmnt) /home/fs1/fs2/fs3 *(rw,nohide) and then a mount of the root 'mount /home /mnt' would end up mounting /home/fs1/fs2/fs3 not /home Reverting the logic of commit 8e2fb3fc until a better solution can be found for the original problem. Signed-off-by: Steve Dickson <steved@redhat.com> 
commit 8e2fb3fc cause a regression in mount export
that are on different local file system.
Exports like (all on different filesystems)

/home *(rw,fsid=0,crossmnt)
/home/fs1 *(rw,crossmnt)
/home/fs1/fs2/fs3 *(rw,nohide)

and then a mount of the root 'mount /home /mnt'
would end up mounting /home/fs1/fs2/fs3 not /home

Reverting the logic of commit 8e2fb3fc until
a better solution can be found for the original
problem.

Signed-off-by: Steve Dickson <steved@redhat.com>
NFS man page patch that moves nordirplus/rdirplus 2013-03-25T14:09:11+00:00 Chris Vogan cvogan@us.ibm.com 2013-03-23T12:22:41+00:00 fb6e382f9eae38883cfed151fe5e80c021c8b961 NFS man page patch that moves nordirplus/rdirplus from "Options for NFS versions 2 and 3 only" to "Options supported by all versions". Its a better fit here since this option is also needed for some NFSv4 servers. Signed-off-by: Chris Vogan <cvogan@gmail.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
NFS man page patch that moves nordirplus/rdirplus from "Options for NFS
versions 2 and 3 only" to "Options supported by all versions".  Its a
better fit here since this option is also needed for some NFSv4 servers.

Signed-off-by: Chris Vogan <cvogan@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: gethostname(3) returns zero or -1, not an errno 2013-03-25T14:09:11+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:13:22+00:00 128bca853fc6df20a87d4d3dfe12c1b77204d673 According to "man gethostname," gssd is handling the return value of gethostname(3) incorrectly. It looks like other gethostname(3) call sites in nfs-utils are already correct. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
According to "man gethostname," gssd is handling the return value of
gethostname(3) incorrectly.  It looks like other gethostname(3) call
sites in nfs-utils are already correct.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: Fix whitespace nits 2013-03-25T14:09:11+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:12:16+00:00 8239ec6587ce103d7bcb4b37c680c0c10ef5b37c Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: Clean up gssd_setup_krb5_user_gss_ccache() 2013-03-25T14:09:10+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:11:28+00:00 f1e171dcbe6fa182ff6d8ccf0ab9aff620106889 Remove a contradictory portion of the block comment documenting gssd_find_existing_krb5_ccache(). This should have been removed by commit 289ad31e, which reversed the meaning of the function's return values. Note that, in user space, typically errno's are positive. But here we follow the kernel convention of using negative values to return error codes. Make the documenting comments explicit about the sign of an error return -- it will never be positive in the case of an error. And a nit: At the last return statement in gssd_setup_krb5_user_gss_ccache(), "err" always contains zero, as far as I can tell. Make it explicit (to human readers) that when execution reaches this point, gssd_setup_krb5_user_gss_ccache() is going to return "success." Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Remove a contradictory portion of the block comment documenting
gssd_find_existing_krb5_ccache().  This should have been removed by
commit 289ad31e, which reversed the meaning of the function's return
values.

Note that, in user space, typically errno's are positive.  But here
we follow the kernel convention of using negative values to return
error codes.  Make the documenting comments explicit about the sign
of an error return -- it will never be positive in the case of an
error.

And a nit: At the last return statement in
gssd_setup_krb5_user_gss_ccache(), "err" always contains zero, as
far as I can tell.  Make it explicit (to human readers) that when
execution reaches this point, gssd_setup_krb5_user_gss_ccache() is
going to return "success."

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: Update description of "-l" option 2013-03-25T14:09:10+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:09:42+00:00 020fc9855c69f74361a416be357fb882e80dcdd8 Move most of the text in the description of the "-l" option up to the DESCRIPTION section, to match what was done for "-n" and "-k". The discussion is then less restricted by formatting, and we can take the space to introduce a few concepts before describing the behavior of rpc.gssd. Fix a few misspellings and grammar issues while here. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Move most of the text in the description of the "-l" option up to
the DESCRIPTION section, to match what was done for "-n" and "-k".

The discussion is then less restricted by formatting, and we can
take the space to introduce a few concepts before describing the
behavior of rpc.gssd.

Fix a few misspellings and grammar issues while here.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: Clarify use of the term "machine credentials" in rpc.gssd(8) 2013-03-25T14:09:10+00:00 Chuck Lever chuck.lever@oracle.com 2013-03-23T12:08:36+00:00 6888d305d8683d178239170794ce8debdaaaacd8 Our NFSv4 implementation uses machine credentials for operations that manage state on behalf of the whole client (for example, SETCLIENTID or RENEW). The rpc.gssd man page is missing a description of this usage, especially in the discussion of the "-n" option. The issue is that rpc.gssd's "-n" option requires root to acquire a user credential. In the absense of a system keytab (for instance, if the system is diskless) root's credential is not to be used as the machine credential that manages NFSv4 state. Group the discussion of machine credentials and UID 0 in one place to help clarify the discussion and simplify the description of several of these options. Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Our NFSv4 implementation uses machine credentials for operations
that manage state on behalf of the whole client (for example,
SETCLIENTID or RENEW).  The rpc.gssd man page is missing a
description of this usage, especially in the discussion of the "-n"
option.

The issue is that rpc.gssd's "-n" option requires root to acquire a
user credential.  In the absense of a system keytab (for instance,
if the system is diskless) root's credential is not to be used as
the machine credential that manages NFSv4 state.

Group the discussion of machine credentials and UID 0 in one place
to help clarify the discussion and simplify the description of
several of these options.

Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>