| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This patch replaces a hard-coded list with a function to obtain
the Kerberos encryption types that the kernel's rpcsec_gss code
can support. Defaults to old behavior if kernel does not supply
information.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
cleanup: Move function limit_krb5_enctypes() from the section
containing static functions into the section containing
externally visible functions.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An address mask parsing error can cause client_init(), and therefore
client_dup(), to make our process exit suddenly. Soon we want to add
more complex address parsing in client_init(), so we need this
interface to be a little more robust.
Since export_find() can return NULL in some cases, it can handle NULL
returns from its subroutines if an address parsing error occurs, or if
memory is exhausted. Allow for client_dup() to return NULL instead of
exiting sideways.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Clean up: Introduce a helper to free an nfs_export record.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Clean up: Move common code that populates an nfs_client record's
m_addrlist to a helper function. This eliminates a little code
duplication, and makes it simpler to add IPv6 support later.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Clean up: Most cases in client_init() set clp->m_naddr to zero. Move
it to the common part of the function, and simplify the logic. This
will make adding IPv6 support here more straightforward.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The test framework tries to exec this script, but it fails because it
lacks the +x bit.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Clean up: Prevent the process from exiting in client_check(). Report
bad m_type values, but return 0.
This removes another site where a mountd or exportfs process can exit
sideways.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Clean up: refactor wildcard logic out of client_check() to make it
easier to introduce IPv6 support.
Match the style used for client_check_{fqdn,subnetwork,netgroup}.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: refactor netgroup logic out of client_check() to make it
easier to introduce IPv6 support.
+ Use preferred style of keeping #ifdef out of the middle of
function definitions. Squelch compiler warnings for "#ifndef
HAVE_INNETGR" by using __attribute__((unused)).
+ Use preferred style of not using curly braces around switch cases.
+ Match style used for check_{fqdn,subnetwork}.
+ Clarify comment documenting use of h_aliases
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Clean up.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Factor the MCL_SUBNETWORK case out of check_client() and
client_checkaddr(). This will make it easier to add IPv6 support
eventually.
The logic in the new helper function will get a little more tangled
once IPv6 support is introduced. Each slot in the clp address list
eventually may contain an address from either address family.
Note that the switch statement in client_checkaddr() is redundant,
since clp->cl_mtype is loop invariant. This change makes SUBNETWORK
client checking more computationally efficient, at the cost of a few
extra lines of code.
This commit should not change code behavior in any way.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Factor the MCL_FQDN case out of check_client() and
client_checkaddr(). This will make it easier to add IPv6 support
eventually.
The logic in the new helper function will get a little more tangled
once IPv6 support is introduced. Each slot in the clp address list
eventually may contain an address from either address family.
Note that the switch statement in client_checkaddr() is redundant,
since clp->cl_mtype is loop invariant. This change makes FQDN client
checking more computationally efficient, at the cost of a few extra
lines of code.
This commit should not change code behavior in any way.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: Since e_fslocdata is allocated with strdup(3), and not
xstrdup(), it should be freed with free(3), and not xfree().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Clean up whitespace damage introduced by commit 4cacc965.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: Replace outdated comments, and fix some function
declarations. Use proper type for a couple of automatic variables.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: I can't find any call sites for client_find() or
client_match().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if a server is up but not responding (ie, it answers ARP
requests, but not NFS or RPC requests), mount retries or backgrounds
itself waiting for the server.
If the server is not responding on the network at all, mount fails
the mount request immediately.
Users might find it more useful if mount retried in both cases.
Note that this change means attempting to mount using a misspelled
server name will "hang" for the retry amount. I suppose the error
message isn't very helpful whether it fails immediately or waits
a couple of minutes, though I imagine that an unreachable server is a
much more common occurrence than a misspelling.
Reported-by: Daniel Goering <g_daniel@gmx.net>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During any file locking interaction between an NFS client and server,
the client tells the server what hostname it will use as the mon_name
argument of the SM_NOTIFY request sent by the client when it reboots.
This is the "caller_name" argument of an NLMPROC_LOCK request.
The server, however, never tells the client what mon_name argument
it will use when sending an SM_NOTIFY request. In order to recognize
the server, clients usually guess what mon_name the server might
send, by using the server hostname provided by the user on the mount
command line.
Frequently, the user provides an unqualified server name on the mount
command. The server might then call the client back with a fully
qualified domain name, which might not match in some cases.
Solaris, and perhaps other implementations, attempt to mitigate this
problem by sending two SM_NOTIFY requests to each peer: one with an
unqualified mon_name argument, and one with a fully qualified mon_name.
Implement such a scheme for sm-notify.
Since my_name is almost always the fully-qualified hostname associated
with the local system, just wiping the left-most '.' in the my_name
argument and sending another SM_NOTIFY is nearly always sufficient.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mon_name argument of an SM_NOTIFY request is a string that
identifies the rebooting host.
sm-notify should send the my_name provided by the local lockd at the
time the remote was monitored, rather than cocking up a mon_name
argument based on the present return value of gethostname(3). If the
local system's hostname happened to change after the last reboot, then
the string returned by gethostname(3) will not be recognized by the
remote. Thus the remote will never initiate lock recovery for the
original named host, possibly leaving stale locks.
The existing behavior of using the -v command line option as the
mon_name argument is preserved, but we now prevent sending an IP
presentation address, as some non-Linux implementations don't
recognize addresses as valid mon_names.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Part of the reason for the previous bug was confusion between "subpath"
and "path"; which is the shorter path, and which the longer?
"child" and "parent" seem less ambiguous.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This was obviously wrong, since path[strlen(path)] == '\0'
should always be true.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A uid or gid should be represented as unsigned, not signed.
The conversion to signed here could cause a hang on access by an unknown
user to a server running mountd with --manage-gids; such a user is
likely to be mapped to 232-1, which may be converted to 231-1 when
represented as an int, resulting in a downcall for uid 231-1, hence the
original rpc hanging forever waiting for a cache downcall for 232-1.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 409b8 introduced a regression when the --disable-tirpc
configuration flag is set. The authsys_create() interface, which
was introduced, does not exist in the legacy glibc library.
Since the authsys_create() interface is a redefined of the
authunix_create() interface, which is defined in glibc, using
authunix_create() resolves the regression,
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current mount, umount and showmount code uses
authunix_create_default to get an auth handle. The one provided by glibc
returned a truncated list of groups when there were more than 16 groups.
libtirpc however currently does an abort() in this case, which causes
the program to crash and dump core.
nfs-utils just uses these auth handles for the MNT protocol, so the
group list doesn't make a lot of difference here. Add a new function
that creates an auth handle with a supplemental gids list that consists
only of the primary gid. Have nfs-utils use that function anywhere that
it currently uses authunix_create_default. Also, have the caller
properly check for a NULL return from that function.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
default).
We did not really intend to make NFSv4.0 support conditional on NFSv4.1
being enabled.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In nfs_nfs_proto_family(), *family is never set if the legacy
"udp" or "tcp" mount options are specified. The result is an error
message at umount time, for example:
umount.nfs: DNS resolution failed for
2001:5c0:1101:2f00:250:8dff:fe95:5c61: ai_family not supported
even if mount was built with IPv6 support.
The man page says that "udp" is a synonym for "proto=udp", and
likewise for "tcp". Thus, we don't look at config_default_family
here, but always use AF_INET explicitly, to be consistent with the
meaning of proto=.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Due to the fact the current kernel code do not completely
conform to the NFS 4.1 RFC, this patch disable the 4.1 support
on the server.
To control this 41 functionality, the NFS41_SUPPORTED
configuration variable now exist that will allow us to
re enable the functionality without any code changes.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Have nfs_nfs_proto and nfs_mount_proto set errno to EPROTONOSUPPORT on
error. This helps default_value to display sane warning messages.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
supported
Right now, there's nothing that expressly forbids someone from
specifying proto=tcp6 for instance, even when nfs-utils it built without
IPv6 support. This may not work well if (for instance) they are using
NFSv3, since statd won't support IPv6. Explicitly return an error if
someone specifies an IPv6 proto= or mountproto= option and IPv6 isn't
supported.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SM_SIMU_CRASH isn't used, so this warning is never seen today.
However, if we ever wanted to use SM_SIMU_CRASH, this warning
is unnecessarily alarming, and serves no real purpose.
At some point in the near future I'd like us to consider using
SM_SIMU_CRASH, so let's get rid of this message now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is that this one has default_value call nfs_nfs_proto_family regardless
of whether IPV6_SUPPORTED is set.
When IPv6 is enabled, the Proto= config file option is treated as a
netid, and the address family for lookups is selected based on that
setting. The Defaultproto= option however still only affects the
protocol setting for the sockets (IPPROTO_*) and not the address family.
This patch makes it so that if someone sets the "Defaultproto=" option
in the nfsmount.conf, it's used to determine the default address family
for lookups as well as the protocol type.
This gives users a way to force a particular address family to be used
universally for mounts and brings the behavior of the Defaultproto=
option in line with the Proto= option.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
If we're using the new caching interface the rmtab will be ignored by
exportfs so there is no need to fdatasync. This improves mountd performance.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Don't leak this file descriptor if stat should fail.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Remove this 10 second timeout which can cause unexpected behavior and
corruption in the rmtab when hit.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Jeff Layton pointed out that the current negotiation logic in
stropts.c simply doesn't handle the case where a server may have an
IPv6 address and an IPv4 address, but only NFS/IPv4 is supported.
This is typical of all currently deployed Linux servers.
Add support for trying all addresses returned from DNS when
"proto=" is not specified on the command line.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When retrying a mount request with a different server address, the
addr= option may change each time through the fg/bg loop.
Instead of setting the addr= option in nfs_validate_options(), set it
in nfs_try_mount_v2v3() and nfs_try_mount_v4(). This is much the
same thing we did recently with the version-specific mount options
which might change each time through the fg/bg retry loop.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally I thought it would be best to share the DNS query code
between the legacy mount code and the new text-based code, hence
the introduction of nfs_lookup(). However, it now appears we want
the text-based code to do a little more than take the first address
returned by the query.
So, let's invoke getaddrinfo(3) directly in stropts.c, and save
the returned addrinfo struct until the end of processing.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want new default behavior from mount.nfs when the server refuses a
connection. Since connection refusal can be spurious (for example,
if the server is rebooting), mount.nfs should retry.
NFS shares that are automatically mounted by /etc/fstab at boot
time may be problematic. The new behavior can be disabled by
specifying the "retry=0" mount option, or these mounts can be changed
to background mounts by specifying the "bg" option.
A kernel code change is still required for the mount(2) system call to
return ECONNREFUSED for NFSv4 mounts (see 2.6.33). For v2/v3, the
version and transport negotiation logic in mount.nfs should drive a
retry if the server's rpcbind can't be reached.
Note that if a v2/v3 mount request encounters an unregistered NFS
service, it will still fail immediately. That wouldn't be too hard
to change as well, but there are many more corner cases there where
failing immediately is appropriate.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/proc/fs/nfsd/versions was extended to allow turning on/off minor
versions by echoing "+4.1" or "-4.1" to /proc/fs/nsfd/versions.
Unfortunately, pre-2.6.30 kernels just stop parsing at first non-digit,
so "-4.1" is interpreted as "-4". If new nfs-utils (on old kernel)
writes "+2", "+3", "+4", then "-4.1", result therefore is to turn off
4.1.
Given that historical behavior, it may have been a mistake to extend the
interface the way we did; but at this point we're probably stuck with
it. So, just reverse the order we write versions in.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
files which ensure the S_ISDIR() macro is defined.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
libnfsidmap library git tree
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the protocol version is set on the command line,
none of the variables set in the configuration file
are passed down to the kernel due to a bug in the
parsing routine.
Tested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Assuming the tcp_wrappers library can actually support IPv6 addresses,
here's a crack at IPv6 support in nfs-utils' TCP wrapper shim.
Some reorganization is done to limit the number of times that @sap
is converted to a presentation address string.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: the use of identifiers called "access" and "daemon" shadow
function declarations in unistd.h. Seen with "-Wextra -pedantic".
tcpwrapper.c: In function haccess_add:
tcpwrapper.c:112: warning: declaration of access shadows a global
declaration /usr/include/unistd.h:288: warning: shadowed declaration is here
tcpwrapper.c: In function good_client:
tcpwrapper.c:161: warning: declaration of daemon shadows a global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
tcpwrapper.c: In function check_default:
tcpwrapper.c:212: warning: declaration of daemon shadows a
global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
good_client() is used only in support/misc/tcpwrapper.c, so make it
static (and update its prototype to c99 standard form).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
