| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
FSID_PRESENT was missing, and LAYOUTGET and GETDEVICEINFO were switched.
Update all the client operations. Also, increase the output width a bit
and pull out a column for these longer new operation names.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The C and S flags were missing for the SYNOPSIS
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Show the correct arguments when invalid
arguments are used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to an empty
Certain name resolution misconfigurations (for example, a hosts file
entry with an ip address but no hostnames) can cause get_nameinfo() to
return an empty string in buf, which will lead to this cryptic failure:
Dec 7 09:37:44 hostname rpc.statd[8024]: Failed to insert: creating
/var/lib/nfs/statd/sm/: Is a directory
Dec 7 09:37:44 hostname rpc.statd[8024]: STAT_FAIL to
hostname.example.com for SM_MON of 192.168.1.2
Dec 7 09:37:44 hostname kernel: lockd: cannot monitor 192.168.1.2
It's better in that case to just go ahead and use the presentation
address instead.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When unexport directory, it's possible that the specified path ends with
a '/'. So we need to deal with it to find the matched entry.
If not, there will be error like "Could not find '*:/some_path/' to
unexport."
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In function nfs_parse_simple_hostname, hostname can be NULL,
dereferncing it while passing it to free(*hostname) may result in
segfault.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If file open failed, no need to issue close system call in
nsm_get_state and closeall.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the id_resolver keyring doesn't exist, the kernel has no cached
idmap information to expunge. AFAIK it's not an error.
If nfsidmap is run by a non-privileged user, the id_resolver keyring
is never visible. IMO that should be reported, but the error message
should report the privilege problem, not the missing keyring.
Reported-by: Amy Shi <amy.shi@oracle.com>
Fixes: 69aa69e7de80 ('nfsidmap: Allow keys to be cleared from the ')
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This prevents rpc.statd's in-memory (and on-disk) monitor lists from
winding up with multiple records for the same peer with outdated
cookie values. This happens in some HA-NFS configurations where
rpc.statd is always running.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the mountversion option is used, there should
not be any mount negotiations with the server.
Also, when the option is used, its know that the mount
is a v4 mount and a V_SPECFIC type.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
To help debug rpcbind failures, make sure all
errors are logged and log as much info about
the error as possible.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Trimmed down the number messages being logged
by moving them into level 3 or 4 of debugging
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
When gssd exist ensure a error message is logged.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Cleaned up first level of debugging. Only
errors and warnings are logged.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit b98f2af15 introduced a regression that cause the
starting and stop of rpcbind and the nfs-server to
be depended on each other
The starting of the NFS server should start rpcbind
but bring rpcbind down should not bring the NFS
server down.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
From: Jianhong Yin <jiyin@redhat.com>
The buf[] size in test_export() is not enough for NFS_MAXPATHLEN
+ prefix/suffix proto string. Fix it and same issue in dump().
And just to be on the safe side, %s/sprintf/snprintf/
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Commit 273b4647 introduced the following warning:
mydaemon.c:125:2: warning: implicit declaration of function 'closelog'
[-Wimplicit-function-declaration]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the kernel's IPv6 module isn't loaded:
rpc.nfsd: knfsd is currently down
rpc.nfsd: Writing version string to kernel: -2 +3 +4
rpc.nfsd: Creating AF_INET TCP socket.
rpc.nfsd: Creating AF_INET UDP socket.
rpc.nfsd: Creating AF_INET6 TCP socket.
rpc.nfsd: Creating AF_INET6 UDP socket.
The last two messages are misleading, since creation of AF_INET6
sockets now fails silently without kernel IPv6 support.
Fixes: c31fef7f4beb ('nfsd: ignore unsupported address types')
Signed-off-by: Juergen Daubert <jue@jue.il>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
No failure case if gssd doesn't recognize the kernel's requested
protocol. Caught with "protocol=rdma" upcall.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Commit d89e3fc7 removed the EAI_NONAME check altogether instead of just
moving the NULL check. This causes exportfs -u to incorrectly exit
with 1 whenever there's more than one MCL_FQDN export in the exportlist.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Also, fixed erroneously closing file descriptor 0 at init time.
Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a netgroup entry specifies an IP address, and that
IP address can be resolved to a name, mountd will
currently only test whether the canonical name and
any aliases are in the netgroup, and does not test
whether the IP address is in the netgroup (IP
addresses which do not resolve to a name are
already checked against the netgroup).
This patch adds the check to see whether the IP
addresses are in the netgroup.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If we build without rpc-svcgssd (the default), don't install matching
.service file.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find_keytab_entry() first looks for an entry of the form
<HOSTNAME>$@<DOMAIN>, which corresponds to the Active Directory machine
account. It assumes that <HOSTNAME> will be in uppercase because that's
how the entry is created if the machine is joined to the domain using
Samba.
But that's not necessarily the case if the another identity management
solution is used... for example a keytab entry for a machine account
created by Centrify will match the actual computer account in Active
Directory, whether that be in upper case, lower case, or mixed case.
So first look for an entry that matches the unmodified hostname and then
convert it to uppercase and try again only if that failed.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The interface for controlling the debug level in libtirpc was added
over a year ago, but nothing's taking advantage of it.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 7addf9d (cleanup daemonization code) added the following line to
mydaemon_init():
dup2(pipefds[1], 3);
If we've already called vsyslog() before the fork(), then chances are fd
3 was being used for the syslog socket. In that case the next vsyslog()
call will cause the data to appear on the read end of the pipe, causing
the parent to exit with a nonzero status. If systemd is running, it
will see the parent's nonzero exit status and will terminate the child
as well.
So just call closelog() to close the fd. The next call to vsyslog()
will open a new one if need be.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a hack which uses the bottom-level RPC improperly as below
in the current statd implementation: insert a socket in the
svc_fdset without a corresponding transport handle
and passes the socket to the svc_getreqset subroutine,
this usage causes a segfault of statd on a huge amount of sm-notifications.
Fix the issue by separating the non-RPC-server socket from RPC
dispatcher.
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Just continue and try a different record returned from getaddrinfo
if the kernel does not support an address family. This fixes nfsd
startup on kernels without IPv6 support.
Suggested-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer fork for uid 0, gssd_atexit()
is only called when uid != 0, and fails as permissions
on the /tmp/krb5ccmachine_REALM file prohibit the
clean up of machine credentials (as it should).
Move the reaping of machine credentials back into a
SIGINT sighandler so that <Ctrl-C> destroyes
machine credentials.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit f9cac65972da588d5218236de60a7be11247a8aa
added the fork to process_krb5_upcall so that the
child assumes the uid of the principal requesting
service.
When machine credentials are used, a gssd_k5_kt_princ
entry is added to a global list and used by future
upcalls to note when valid machine credentials have
been obtained. When a child process performs this task,
the entry to the global list is lost upon exit, and
all upcalls for machine credentials re-fetch a TGT,
even when a valid TGT is in the machine kerberos
credential cache.
Since forking is not necessary when the principal has
uid=0, solve the gssd_k5_kt_princ_list issue by only
forking when the uid != 0.
Acked-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
These have no effect on the rendering of the man page, but they do cause
the following error if you try to pipe or redirect the output:
`R' is a string (producing the registered sign), not a macro.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tastky <tastky@gmail.com> reports:
> There appears to be a bug in nfs-utils exposed by musl, which
> makes rpc.statd loop with:
>
> my_svc_run() - select: Bad file descriptor
OpenGroup says getservbyport(3) is supposed to return NULL when
no entry exists for the specified port. But musl's getservbyport(3)
never returns NULL (likely a bug).
Thus statd_get_socket() tries bindresvport(3) 100 times, then gives
up and returns the last socket it created. This should work fine,
but there's a bug in the retry loop:
Rich Felker <dalias@libc.org> says:
> The logic bug is the count-down loop that closes all the temp
> sockets. In the case where the loop terminates via break, it
> leaves the last one open and only closes the extras. But in the
> case where where the loop terminates via the end condition in the
> for statement, the close loop closes all the sockets _including_
> the one it intends to use.
(emphasis mine). The closed socket fd is then passed to select(2).
See also: http://www.openwall.com/lists/musl/2015/08
The fix is to perform the loop termination test before adding sockfd
to the set of fds to be closed. As additional clean ups, remove the
use of the variable-length stack array, and switch to variable names
that better document the purpose of this logic.
Reported-by: Tastky <tastky@gmail.com>
Fixes: eb8229338f06 ("rpc.statd: Fix socket binding loop.")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix mount issue due to comparison of uninitialized variable
u(uuid) with parsed->fhuuid when uuid_by_path return 0.
/tmp/usb
192.168.1.0/16(ro,no_root_squash,no_subtree_check,fsid=0)
/tmp/usb/sda1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
/tmp/usb/sdb1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sda1 /tmp/sda1
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sdb1 /tmp/sdb1
results in below mountd error:
mountd: /tmp/usb and /tmp/usb/sdb1 have same filehandle for
192.168.1.0/16, using first
when uuid_by_path returned 0, by chance, garbage value of u was same as
parsed->fhuuid(of sdb1), and comparison of these resulted in above
error.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Reviewed-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Make it unambiguous where 0 or 1 represent an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of name_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of id_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
User space can see the keys, but not their contents.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Recent versions of libkeyutils have find_key_by_type_and_desc()
which replaces the open-coded keyring search in keyring_clear().
I don't quite understand what's going on in key_invalidate(),
so I didn't touch it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Sorry for the extensive man page changes. I added the description
for the new "-d" option, then realized there was no explanation
about what an "NFSv4 domain name" is.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The with-systemd config flag was not using the
default directory when a directory was not given
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Aurelien Chabot <aurelien@chabot.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
This reverts commit 21f10369965bb183d1a72df1da0c2811cd2b1d5c
due to child processes not exiting on upcalls.
|
| |
|
|
|
|
|
|
|
|
|
| |
From: Andy Adamson <andros@netapp.com>
exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In gssd_search_krb5_keytab() an error code can be
cleared by blindly setting retval to zero.
Reported-by: Jianhong Yin <jiyin@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
