| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
When nfs4 mount fail because the exported directory does
not exist, the mount command claims the local mount point
does not exist which is wrong. This patch fixes that problem
as well as makes the v4 mount failures look like v3/v2 failures.
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
In client_compose(), free() the hostent structure returned before
exiting. Normally, gethostbyaddr() returns a pointer to a static
struct, but this hostent comes from either get_reliable_hostbyaddr() or
get_hostent(), both which return a pointer they privately xmalloc()ed,
which thus can and should be free()d.
Signed-Off-By: Steinar H. Gunderson <sesse@debian.org>
|
| |
|
|
| |
Update verison numbers(s) and make sure NEWS is uptodate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes mountd to hold the etab file open so that when it's
changed by exportfs, the inode number should change. We then change
auth_reload to reload the file based on whether st_ino is different
from the last time it was checked. It also changes auth_reload to
maintain a static counter value and return it instead of a timestamp
and fixes up get_exportlist accordingly. Finally, it adds some
comments to xtab_write to warn people about editing the etab in place.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
|
| |
|
|
|
|
| |
While it is nice to have the checks, nothing in this package
creates the files that are checked, so we shouldn't check them
yet.
|
| |
|
|
|
|
|
|
| |
rquotad isn't really used by anyone - as you can tell by the fact that
it only works for ext2 and ext3 (if those).
The 'quota' package contains a working and maintained rquota and all
distros appear to use that one. So remove rquotad from this package
to avoid confusion.
|
| |
|
|
|
|
|
|
| |
This patch updates the manpages for showmount and mountd. It adds a
description of the new mountd -r option, and a caveat about the unreliability
of showmount -a.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
| |
libblkid earlier than 1.40 has a memory leak bug that make it unsuitable
for use in mountd.
So detect the version and default to not using it if too old. Give appropriate
warnings in various cases.
|
| |
|
|
|
|
|
|
| |
Make sure we get addressless tickets so we can function behind a NAT.
(Must use a different function to accomplish this with Heimdal.)
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
| |
Also free dns_name when freeing an 'nlist', so do the unlink before the free.
|
| | |
|
| |
|
|
|
| |
statd now passes the 'my_name' from the SM_MON call faithfully to the
ha-callout and records it in the sm/ files.
|
| | |
|
| |
|
|
|
|
|
| |
Update the required version of libgssapi from 0.9 to 0.11.
(Working with Heimdal requires 0.11. Symbol versioning was
introduced in 0.10 and should be used everywhere, although
not absolutely required.)
|
| |
|
|
|
|
|
|
|
|
| |
Use a common function that factors out differences between MIT
and Heimdal in getting the right error message printed.
Add an autoconf check to see if the newer error message function
is available.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
|
| |
|
|
|
| |
Always use the gss_krb5_ccache_name() function to tell Heimdal
which credentials to use.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ports < 1024 are a scarce resource and should not be used
carelessly. Technically they should be not used at all without
registration with IANA, but sometimes we need them despite that.
So: for the socket that RPC services listen on, don't use a <1024 port
by default. There is no need.
For sockets that we send messages on, that are long-lived, and that might
need to appear 'privileged', avoid using a number that is registered in
/etc/services if possible.
|
| | |
|
| | |
|
| |
|
|
| |
Particularly details of daemon startup order have been added to README.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When exporting a filesystem test to see if the kernel is likely
to accept the export and print suitable warning message if not.
Don't actually fail the 'exportfs' as by the time a MOUNT request
arrives, the filesystem might be exportable.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
If an attempt is made to export a non-(dir|file), just ignore it.
This should get caught by exportfs.
If an attempt is made to export a non-exportable filesystem, report
an error. Hopefully exportfs can trap some these as well, but
catching them in mountd as well is good.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both SM_STAT and SM_MON can return the state of an NSM, but it is
unclear which NSM they return the state of, so the value cannot be
used, and lockd doesn't use it.
Document this confusion, and give the current state to the kernel
via a sysctl if that sysctl is available (since about 2.6.19).
This should make is possible for the NFS server to detect a small
class of bad SM_NOTIFY packets and not flush locks in that case.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Add a debug message indicating that gssd is ready to process requests
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
| |
Remove functions that are no longer used when when obtaining
machine credentials.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Clean up gssd_get_single_krb5_cred and its debugging messages
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the new functions added in the previous patch.
Obtain machine credentials in a pre-determined order
Look for appropriate machine credentials in the following order:
root/<fqdn>@REALM
nfs/<fqdn>@REALM
host/<fqdn>@REALM
root/<any-name>@REALM
nfs/<any-name>@REALM
host/<any-name>@REALM
The first matching credential will be used.
Also, the machine credentials to be used are now determined
"on-demand" rather than at gssd startup. This allows keytab
additions to be noticed and used without requiring a restart of gssd.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new functions that will be used in the next patch. The new behavior
is to search for particular keytab entries in a specified order:
root/<fqdn>@<REALM>
nfs/<fqdn>@<REALM>
host/<fqdn>@<REALM>
root/<any-name>@<REALM>
nfs/<any-name>@<REALM>
host/<any-name>@<REALM>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
| |
Clean up a lot of #ifdef'd code using macros, masking
the differences between MIT and Heimdal implementations.
The currently unused macros will be used in later patches.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Return credential on error path of limit_krb5_enctypes()
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Add missing newlines to error messages.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| | |
|
| | |
|
| |
|
|
|
| |
This script is used by mount.nfs to run statd if needed.
It can be locally modified to change arguements if required.
|
| |
|
|
| |
It is a more standard name...
|
| |
|
|
|
|
|
|
|
|
| |
If system-installed rpcgen if such exists.
If none is found, build our own.
Override with
./configure --with-rpcgen=internal
for internal rpcgen or
./configure --with-rpcgen=/local/rpcgen
for a non-standard location.
|
| |
|
|
|
|
|
| |
When sending an SM_NOTIFY to multi-homed host, try all the addresses
in rotation. After 4 failures on one address, try the next.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When lockd asks to monitor a host, we find the FQDN from the DNS
and remember that, both internally and in the /var/lib/nfs/sm/*
file.
When we receive an SM_NOTIFY request, we compare both the
mon_name and the source IP address against that DNS name to find
a match.
If a DNS name is not available, we fall back to the name provided by
lockd, which at least is known to map to an IP address via
gethostbyname.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
| |
From the point of view of the client (lockd), the 'priv' blob is probably
the most important key, so make sure to not throw away requests with
new 'priv' information.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
| |
The if contains a while with essentially the same condition.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
From: Steve Dickson <steved@redhat.com>
Adds the -o nordirplus mount option that will disable
NFS clients from using the READDIRPLUS RPC.
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Make it clear in manpage for mount.nfs that using nolock is
appropriate for /, /usr and /var.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
| |
If we are mounting nfsv2 or nfsv3 and statd isn't running and we
cannot start statd, then fail the mount request.
Also use an RPC ping to check on statd.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The for loop that restarts on SIGUSR or simu_reboot currently includes
several once-only things, that are probably best taken out of the loop.
We also take the unregister/register out of the loop as if statd does
drop privileges, then the second register won't use a privileged port
properly.
On the whole, cleaner code.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
If the kernel rejects an attempt to export a filesystem - e.g. because
it is not exportable, we shouldn't just ignore the error, but rather
should tell the kernel that the relevant filehandle or path cannot be supported.
We should really print out some error messages too.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
| |
Make sure that sm-notify really runs only once per reboot.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If statd dies and is restarted, it forgets what peers the kernel
is interested in monitoring, and so will not forward NOTIFY
requests properly.
With this patch the required information is recorded in the files
in /var/lib/nfs/sm/* so that a kill/restart does what you might
hope.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
We need to call statd_get_socket before dropping privileges so that we
have a privileged port. We use to do that when initialising
notification as the same socket was used for reboot notication as for
callbacks to the kernel. Now it is a different socket..
|
