diff options
| -rw-r--r-- | ChangeLog | 37 | ||||
| -rw-r--r-- | debian/nfs-common.conffiles | 1 | ||||
| -rw-r--r-- | debian/nfs-common.install | 1 | ||||
| -rw-r--r-- | support/gssapi/Makefile | 24 | ||||
| -rw-r--r-- | utils/gssd/Makefile | 2 | ||||
| -rw-r--r-- | utils/gssd/gssd.c | 10 | ||||
| -rw-r--r-- | utils/mountd/cache.c | 17 | ||||
| -rw-r--r-- | utils/mountd/mountd.c | 19 | ||||
| -rw-r--r-- | utils/svcgssd/Makefile | 2 | ||||
| -rw-r--r-- | utils/svcgssd/svcgssd.c | 10 |
10 files changed, 82 insertions, 41 deletions
@@ -1,4 +1,41 @@ 2005-08-26 Kevin Coffman <kwc@citi.umich.edu> + *utils/mountd/mountd.c: + mountd currently always returns AUTH_NULL and AUTH_SYS as the + allowable flavors in mount replies. We want it to also return gss + flavors when appropriate. For now as a hack we just have it always + return the KRB5 flavors as well. + + *utils/mountd/cache.c: + + When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the + actual exported directory does not exist on the server, rpc.mountd + doesn't check the directory exists (when fsidtype=1, i.e. using fsid, + but does check for fsidtype=0, i.e. using dev/ino). The non-existent + exported directory path with fsid=0 is written to the kernel via + /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to + return ENOENT (seems appropriate). Unfortunately, the new_cache + approach ignores errors returned when writing via the channel file so + that particular error is lost and the mount request is silently ignored. + + Assuming it doesn't make sense to revamp the new_cache/up-call method to + not ignore returned errors, it seems appropriate to fix the case where + rpc.mountd doesn't check for the existence of an exported directory with + fsid= semantics. The following patch does this by moving the stat() up + so it is done for both fsidtype's. I'm not certain whether the other + tests need to be executed for fsidtype=1, but it doesn't appear to hurt + [Not exactly true: the comparison of inode numbers caused problems so + now it's kept for fsidtype=0 only]. + + Would it be also desirable to log a warning for every error, if any, + returned by a write to any of the /proc/net/rpc/*/channel files which + would otherwise be ignored (maybe under a debug flag)? + + * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a + SIGHUP rather than dying. + + * many: Remove the gssapi code and rely on an external library instead. + +2005-08-26 Kevin Coffman <kwc@citi.umich.edu> * utils/exportfs/exports.man: Document the "crossmnt" export export option * utils/gssd/krb5_util.c: Add better debugging and partially revert the function diff --git a/debian/nfs-common.conffiles b/debian/nfs-common.conffiles index 70e74f5..9e5647c 100644 --- a/debian/nfs-common.conffiles +++ b/debian/nfs-common.conffiles @@ -1,4 +1,3 @@ /etc/default/nfs-common /etc/init.d/nfs-common /etc/idmapd.conf -/etc/gssapi_mech.conf diff --git a/debian/nfs-common.install b/debian/nfs-common.install index 8d81caa..72c8f3b 100644 --- a/debian/nfs-common.install +++ b/debian/nfs-common.install @@ -1,2 +1 @@ debian/idmapd.conf etc -debian/gssapi_mech.conf etc diff --git a/support/gssapi/Makefile b/support/gssapi/Makefile index bc14647..e69de29 100644 --- a/support/gssapi/Makefile +++ b/support/gssapi/Makefile @@ -1,24 +0,0 @@ -# -# libgssapi.a -# gssapi mechanism-switching layer -# -TOP = ../../ -LIBNAME = libgssapi.a -SRCS = g_accept_sec_context.c g_acquire_cred.c g_compare_name.c \ - g_context_time.c g_delete_sec_context.c g_dsp_name.c g_dsp_status.c \ - g_dup_name.c gen_oids.c g_exp_sec_context.c g_glue.c g_imp_name.c \ - g_imp_sec_context.c g_indicate_mechs.c g_initialize.c \ - g_init_sec_context.c g_inq_context.c g_inq_cred.c g_inq_names.c \ - g_mechname.c g_mit_krb5_mech.c g_oid_ops.c g_process_context.c \ - g_rel_buffer.c g_rel_cred.c g_rel_name.c g_rel_oid_set.c g_seal.c \ - g_sign.c gssd_pname_to_uid.c g_unseal.c g_verify.c oid_ops.c \ - g_set_allowable_enctypes.c - -OBJS = $(SRCS:.c=.o) - -include $(TOP)rules.mk - -CFLAGS += -DKRB5_VERSION=$(KRB5_VERSION) -I$(TOP)/support/include - -install:: - @: diff --git a/utils/gssd/Makefile b/utils/gssd/Makefile index 55c8516..a8ff867 100644 --- a/utils/gssd/Makefile +++ b/utils/gssd/Makefile @@ -7,7 +7,7 @@ PROGRAM = gssd PREFIX = rpc. OBJS = gssd.o gssd_main_loop.o gssd_proc.o err_util.o gss_util.o \ gss_oids.o context.o context_heimdal.o krb5_util.o -LIBDEPS = $(TOP)support/lib/librpc.a $(TOP)support/lib/libgssapi.a +LIBDEPS = $(TOP)support/lib/librpc.a LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB) MAN8 = gssd diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c index 0f7a7e5..7f28320 100644 --- a/utils/gssd/gssd.c +++ b/utils/gssd/gssd.c @@ -63,6 +63,14 @@ sig_die(int signal) exit(1); } +void +sig_hup(int signal) +{ + /* don't exit on SIGHUP */ + printerr(1, "Received SIGHUP... Ignoring.\n"); + return; +} + static void usage(char *progname) { @@ -123,7 +131,7 @@ main(int argc, char *argv[]) signal(SIGINT, sig_die); signal(SIGTERM, sig_die); - signal(SIGHUP, sig_die); + signal(SIGHUP, sig_hup); /* Process keytab file and get machine credentials */ gssd_refresh_krb5_machine_creds(); diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index 77029f4..e8bb991 100644 --- a/utils/mountd/cache.c +++ b/utils/mountd/cache.c @@ -145,21 +145,22 @@ void nfsd_fh(FILE *f) /* Now determine export point for this fsid/domain */ for (i=0 ; i < MCL_MAXTYPES; i++) { for (exp = exportlist[i]; exp; exp = exp->m_next) { + struct stat stb; + if (!client_member(dom, exp->m_client->m_hostname)) continue; + if (exp->m_export.e_mountpoint && + !is_mountpoint(exp->m_export.e_mountpoint[0]? + exp->m_export.e_mountpoint: + exp->m_export.e_path)) + dev_missing ++; + if (stat(exp->m_export.e_path, &stb) != 0) + continue; if (fsidtype == 1 && ((exp->m_export.e_flags & NFSEXP_FSID) == 0 || exp->m_export.e_fsid != fsidnum)) continue; if (fsidtype == 0) { - struct stat stb; - if (exp->m_export.e_mountpoint && - !is_mountpoint(exp->m_export.e_mountpoint[0]? - exp->m_export.e_mountpoint: - exp->m_export.e_path)) - dev_missing ++; - if (stat(exp->m_export.e_path, &stb) != 0) - continue; if (stb.st_ino != inode) continue; if (major != major(stb.st_dev) || diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 14dac41..7325b25 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -74,6 +74,14 @@ killer (int sig) xlog (L_FATAL, "Caught signal %d, un-registering and exiting.", sig); } +static void +sig_hup (int sig) +{ + /* don't exit on SIGHUP */ + xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig); + return; +} + bool_t mount_null_1_svc(struct svc_req *rqstp, void *argp, void *resp) { @@ -234,7 +242,10 @@ mount_pathconf_2_svc(struct svc_req *rqstp, dirpath *path, ppathcnf *res) bool_t mount_mnt_3_svc(struct svc_req *rqstp, dirpath *path, mountres3 *res) { - static int flavors[] = { AUTH_NULL, AUTH_UNIX }; +#define AUTH_GSS_KRB5 390003 +#define AUTH_GSS_KRB5I 390004 +#define AUTH_GSS_KRB5P 390005 + static int flavors[] = { AUTH_NULL, AUTH_UNIX, AUTH_GSS_KRB5, AUTH_GSS_KRB5I, AUTH_GSS_KRB5P}; struct nfs_fh_len *fh; xlog(D_CALL, "MNT3(%s) called", *path); @@ -243,7 +254,8 @@ mount_mnt_3_svc(struct svc_req *rqstp, dirpath *path, mountres3 *res) ok->fhandle.fhandle3_len = fh->fh_size; ok->fhandle.fhandle3_val = fh->fh_handle; - ok->auth_flavors.auth_flavors_len = 2; + ok->auth_flavors.auth_flavors_len + = sizeof(flavors)/sizeof(flavors[0]); ok->auth_flavors.auth_flavors_val = flavors; } return 1; @@ -566,9 +578,10 @@ main(int argc, char **argv) mount_dispatch, port); sa.sa_handler = killer; - sigaction(SIGHUP, &sa, NULL); sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + sa.sa_handler = sig_hup; + sigaction(SIGHUP, &sa, NULL); auth_init(export_file); diff --git a/utils/svcgssd/Makefile b/utils/svcgssd/Makefile index 6d1405b..b09e194 100644 --- a/utils/svcgssd/Makefile +++ b/utils/svcgssd/Makefile @@ -7,7 +7,7 @@ PROGRAM = svcgssd PREFIX = rpc. OBJS = svcgssd.o svcgssd_main_loop.o svcgssd_proc.o err_util.o gss_util.o \ gss_oids.o context.o context_heimdal.o cacheio.o svcgssd_mech2file.o -LIBDEPS = $(TOP)support/lib/librpc.a $(TOP)support/lib/libgssapi.a +LIBDEPS = $(TOP)support/lib/librpc.a LIBS = -Wl,-rpath=$(KRBDIR)/lib -lrpc -lgssapi -ldl $(KRBLIB) -lnfsidmap MAN8 = svcgssd diff --git a/utils/svcgssd/svcgssd.c b/utils/svcgssd/svcgssd.c index 9dd5a3a..8e5cc99 100644 --- a/utils/svcgssd/svcgssd.c +++ b/utils/svcgssd/svcgssd.c @@ -143,6 +143,14 @@ sig_die(int signal) exit(1); } +void +sig_hup(int signal) +{ + /* don't exit on SIGHUP */ + printerr(1, "Received SIGHUP... Ignoring.\n"); + return; +} + static void usage(char *progname) { @@ -190,7 +198,7 @@ main(int argc, char *argv[]) signal(SIGINT, sig_die); signal(SIGTERM, sig_die); - signal(SIGHUP, sig_die); + signal(SIGHUP, sig_hup); if (get_creds && !gssd_acquire_cred(GSSD_SERVICE_NAME)) { printerr(0, "unable to obtain root (machine) credentials\n"); |