| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
daemon_init() calls closeall() to close any "unneeded" file descriptors.
This causes the following issue with idmapd on systems that are
configured to have SSSD handle local users and groups:
1. During startup, rpc.idmapd calls getpwnam("nobody") and
getgrnam("nobody")
2. sss_nss_mc_get{pw,gr}nam from libnss_sss open the cache files for
users and groups and store the fd's in a struct sss_cli_mc_ctx. The
passwd cache is fd 3 and the group cache is fd 4.
3. idmapd calls daemon_init() which sets fd's 0, 1, and 2 to /dev/null
and fd 3 to the write end of the pipe that the child uses to report
it's startup status. It then closes all fd's >= 4.
4. idmapd then calls event_init() which leads to epoll_create1() which
returns 4 as the epoll fd.
6. An NFSv4 mount request comes in from a client, triggering an nfsdcb
callback.
7. idmapd calls getgrgid_r() which leads to a call to
sss_nss_check_header() which determines that the cache needs to be
reinitialized. sss_nss_mc_destroy_ctx() is called, which closes the
ctx->fd which now corresponds to the epoll file rather than the group
cache file.
8. event_dispatch() calls epoll_wait() with epfd=4, and -EBADF is
returned. idmapd logs the following error and exits with a nonzero
status:
rpc.idmapd[650]: main: event_dispatch returns errno 9 (Bad file descriptor)
Moving the deamon_init() call so that it happens before get{pw,gr}nam()
fixes this.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs-utils and libnfsidmap have similar configuration parsing routines.
They were the same up until nfs-utils commit 7b33590f (config: Remove
the conf_path global), where conf_init() was changed to take a path as
an argument. With the current idmap_LDADD ordering in Makefile.am, the
conf_init() from libnfsidmap is called, resulting in the following error
along with the failure to parse idmapd.conf:
rpc.idmapd[391]: rpc.idmapd: conf_reinit: open ("(null)", O_RDONLY) failed
Placing libnfs.a first in idmap_LDADD ensures that idmapd uses the config
parsing routines from nfs-utils instead of libnfsidmap.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
There might be an issue that the script is executed with unwanted
version of <lang>.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is helpful for users that have a krb5.keytab but do not want to use
secure NFS. Also fixed a typo that appears earlier on the page.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1/ minorversion=0 is not recognized, as errors from
strtol() are not correctly detected.
2/ when there is an error in the minorversion= value,
no message is presented.
3/ Current code recognizes "minorversion" and sets V_SPECIFIC,
but then because *cptr == '\0', the v_mode is reset to V_GENERAL.
This results in minorversion negotiation, which is not wanted.
This patch addresses all of these.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Current "-t nfs4" causes other mount options to be ignored
and an NFSv4 version to be negotiated.
This is even true when "-o vers=4.1" is given.
To address this, we need to move the handled of "-t nfs4"
into nfs_nfs_version, which means passing in the filesystem type.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All kernels which support NFSv4.2 understand "vers=4.2".
Some kernels which support NFSv4.1 only understand "vers=4,minorversion=1".
All later kernels also support this.
Some kernels which support NFSv4.0 only understand "vers=4".
All later kernels also support this.
So use the string that is most appropriate for each version.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
With glibc older than 2.24, it is always possible to include
both linux/in6.h and netinet/in.h.
So if the glibc is older, just hard-code the two values we need
from linux/in6.h
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
nfsdcltrack.c:581:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
nfs4mount.c:445:8: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
nfsmount.c:684:8: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
network.c:1234:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
network.c:1382:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
network.c:1477:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
network.c:1508:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
network.c:1574:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
device-discovery.c:171:13: warning: In the GNU C Library, "major" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "major", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"major", you should undefine it after including <sys/types.h>.
} else if (dm_is_dm_major(major(dev)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
device-inq.c:216:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
device-inq.c:223:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
nfsd.c:187:8: warning: this statement may fall through [-Wimplicit-fallthrough=]
nfsd.c:213:8: warning: this statement may fall through [-Wimplicit-fallthrough=]nfsd.c:263:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cache.c:623:13: warning: In the GNU C Library, "major" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "major", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"major", you should undefine it after including <sys/types.h>.
if (parsed->major != major(stb.st_dev) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cache.c:624:13: warning: In the GNU C Library, "minor" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "minor", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"minor", you should undefine it after including <sys/types.h>.
parsed->minor != minor(stb.st_dev))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
atomicio.c:43:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
When inet_ntop fails do not fall into the AF_INET6
case, instead break out and take the error path out.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
rpcdebug.c:77:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
When v4 is specified on the command line the
default minor version needs to be used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
When the nfs4 filesystem specified, the default major
and minor versions should be used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Re-implement include file functionality as documented.
Existing implementation had various issues, one of which was it allowed
a subordinate file to inadvertently change which section the subsequent
tags back in the master config file got assigned to.
Acked-by: NeilBrown <neilb@suse.com>
Signed-off-by: Justin Mitchell <jumitche@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/usr/bin/umount will always pass a canonical name
to umount.nfs, so it is safe to disable canonicalization.
When umounting an NFS filesystem, it is generally safest to
not "stat" the mountpoint at all as that can block
indefinitely. umount() will not block, but lstat() etc can.
By disabling canonicalization in libmount, we discourage it
from ever calling 'stat' family operations, and thus reduce
the chance of a hang.
Note that to be fully effective, this requires changes to
util-linux which have not yet been accepted.
When both that change and this are in effect, automounters
can use "umount -c $PATH" to safely unmount a filesystem
without blocking.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Remove the line length parameter and associated code which
led to buffer overruns in the line parsing code.
Also drops the undocumented 'include' directive.
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Part of a sequence of attempts to tidy up the nfs.conf code and prepare
it for use as part of a configuration API.
Remove static vars that prevented memory cleanup and potentially lead to
parsing errors if conf_init was called again.
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451568
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If NFSv4, in general, is requested (possibly by -t nfs4 or -o v4 or -o
vers=4 etc) then we need to negotiate the best minor version, but must
not fallback to v3 or v2. Internally, this state is reflected in v_mode
== V_GENERAL. This means that a major version was given, but the minor
version still needs to be negotiated.
This is handled by nfs_autonegotiate(). It currently does the right
thing for EPROTONOSUPPORT and EINVAL, but not for other errors.
In particular, ENOENT can cause problems as NFSv4 might export
a different namespace than NFSv3 (e.g. by using fsid=0 in the Linux
NFS server). Currently a mount request for NFSv4 and a particular path
can result if an NFSv3 mount if the path is available with v3 but
not v4.
So move the special handling of V_GENERAL into the common fall_back:
code, and add extra checking in the ENCONNREFUSED case, which does
not use fall_back:.
Tested-by: Steve Dickson <steved@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 65ac59cd introduced code that tries v3 mounts
when the the v4 mount fails with ECONNREFUSED. This
code allows failing back to v3 to work correctly.
When the v3 mount fails the original errno value has
been over rewritten. In these case the errno value
needs to be restored to ECONNREFUSED.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Working towards an nfs.conf library and API for system config tools,
first step, replace the conf_path global with a parameter to conf_init
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
On a new install, we're unable to select from the parameters table, as
it doesn't exist yet. The code is set up to log that fact at L_ERROR
now, but it's an expected situation. Change it to log that at D_GENERAL
instead.
Reported-and-Tested-by: ChunYu Wang <chunwang@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit 9d4fc3fb added Wants=network-online.target which
is not enough to ensure the network is completely up
before the NFS server is started. After=network-online.target
is also needed.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1419351
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There has been an number startup problems where parts of
the NFS server fails to start due to DNS and other
parts of the network not be up.
Reading the systemd.special it seems network.target is
a passive unit which does not wait for the entire
network to come up and network-online.target is an
active unit which does wait.
So this adds Wants=network-online.target to all of
the NFS server services
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nfs.conf has config options for the rpc_pipefs mountpoint.
Currently, changing these from the default also requires manually
overriding the systemd unit files that are hard-coded to mount the
filesystem on /var/lib/nfs/rpc_pipefs.
This patch adds a generator that creates a mount unit file for the
rpc_pipefs when a non-default value is specified in /etc/nfs.conf, as
well as a target unit file to override the dependencies for the systemd
units using the rpc_pipefs. The blkmapd, idmapd, and gssd service unit
files have been modified to define their dependencies on the rpc_pipefs
mountpoint indirectly via the rpc_pipefs target unit file. Since both
rpc-pipefs-generator.c and nfs-server-generator.c need to convert path
names to unit file names, that functionality has been moved to
systemd.c.
This patch also removes the dependency on the rpc_pipefs from the
rpc-svcgssd.service unit file. rpc.svcgssd uses the sunrpc cache
mechanism to exchange data with the kernel, not the rpc_pipefs.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Allow the rpc_pipefs mountpoint to be overriden via the pipefs-directory
variable in the [general] section of /etc/nfs.conf.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
All the daemons should use the same rpc_pipefs, so pipefs-directory
should be specified in the [general] section.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changed idmapd to read its value for the pipefs-directory from
/etc/nfs.conf rather than /etc/idmapd.conf. All other configurations
related to id mapping still reside in /etc/idmapd.conf for now.
Added a warning to indicate that idmapd's -c option is deprecated.
Corrected a misspelling of 'configuration' in nfs.conf.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There has been an number startup problem where parts of
the NFS server fail to start due to DNS and other
parts of the network not be up.
Reading the systemd.special it seems network.target is
a passive unit which does not wait and network-online.target
is an active unit which does not wait so that
should be used.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1419351
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most major NFS clients have supported TCP for at least a decade now,
and v4-only shops are becoming more prevalent. It seems reasonable that
serving over UDP should be something that is "opt-in".
I've always hesitated to do this in the past, but now that we have
nfs.conf, it seems like the time may be right to disable UDP in default
configurations. In particular, it would be good to try this in the more
bleeding edge distros (Fedora, Ubuntu, SuSE, etc...) and see how
problematic it is.
Change the default in rpc.nfsd to just open TCP ports by default. Add
new -u and -t options that allow users to explicitly override what's
in the config file, and update the usage message and manpage.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The new semantic is that '-N4' turns off all NFSv4 minor versions, while
'-V4' turns them all on. In order to turn off just minor version x (x >= 0),
use -N4.x, and to turn it back on. '-V4.x'.
Note that on older kernels, attempting to use -N4.0 and -V4.0 is
equivalent to specifying -N4 or -V4.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sm-notify's early ending of the grace period when it has no hosts to
notify can cause problems in some high availability configurations,
which may be running one sm-notify per floating IP address in the
cluster. This commit makes that behavior configurable via the
nfs.conf (I don't think having a corresponding command line option
would be particularly useful, hence none was added).
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Here is a patch that deletes the mention of auth.domain and changes the
wording around 'flush' files. I'm not attached to the revised wording;
it's just the best I could manage in something that felt that it was
within the same style and space as the current wording.
Acked-by: NeilBrown <neilb@suse.com>
Signed-off-by: Chris Siebenmann <cks.nfs01@cs.toronto.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
strsep() modifies the input string, so error messages
may output only part of the upcall string.
Make a copy of the upcall string, and use that in any
error messages.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
gssd uses the non-thread-safe strtok() function, which
can lead to incorrect program behavior.
Replace strtok() with the thread-safe strsep().
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When this code was written, the systemd documentation stated
that "RequiresMountsFor" ignored mountpoints marked as "noauto".
Unfortunately this is incorrect. Consquently a filesystem marked
as noauto that is also NFS exported will currently be mounted when
the NFS server is started. This is not what people expect.
So add a check for the noauto flag. If any ancestor of a given
export point has the noauto flag, no RequiresMountsFor will be
generated for that point.
Also skip RequiresMountsFor for exports marked 'mountpoint', as their
absence is, theoretically, already handled by mountd.
URL: https://github.com/systemd/systemd/issues/5249
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is generally wise to call setgroups() (and setgid()) before calling
setuid() to ensure no unexpected permission leaks happen.
SUSE's build system checks all binaries for conformance with this
and generates a warning for mountd.
As we are setting the uid to 0, there is no risk that the group list
will provide extra permissions, so there is no real risk here.
But it is nice to silence warnings, and including a setgroups()
call is probably a good practice to encourage.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conf_set() already refuses to set an empty value, so if
foo=
appears in the config file, it will be ignored.
This patch extends the policy to environment variables, so empty
environment variables are treated as though they didn't exist.
This means that a separate environment file (e.g. /etc/sysconfig/nfs)
will be treated the same way whether it is:
- included in the [environment] section of /etc/nfs.conf
- sourced by the shell before running code
- sourced by the systemd EnvironmentFile directive.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following commit 91da135f - it replaced "rpcbind.target" by "rpcbind.socket" in
some unit files - "rpcbind.socket" should also be added to "nfs-mountd.service"
as a dependency to avoid race conditions.
Usually "rpcbind.socket" is either started as a "sockets.target" dependency, or
as a dependency for "nfs-server.service", when unit files include it in
"BindsTo" or "After". Unfortunately there is a possilibility to have
"nfs-mountd.service" started when the rpcbind socket is not yet created:
systemd[1]: Starting NFS Mount Daemon...
systemd[1]: nfs-mountd.service: Control process exited, code=exited status=1
systemd[1]: Failed to start NFS Mount Daemon.
systemd[1]: nfs-mountd.service: Unit entered failed state.
systemd[1]: nfs-mountd.service: Failed with result 'exit-code'.
Nowadays "nfs-mountd.service" uses "BindTo" directive to "nfs-server.service".
That, per se, doesn't guarantee ordering for NFS server to start rpcbind and for
nfs-mountd to depend on it.
https://bugs.launchpad.net/bugs/1590799
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Rafael David Tinoco <rafael.tinoco@canonical.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
