| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This systemcall was deprecated early in the 2.6 series
as it was replaced by an in-kernel cache which was refilled
using an upcall. All communication to kernel is now through
the nfsd filesystem.
The nfsctl systemcall itself was removed in 3.1.
It is unlikely to have been used for over a decade.
To remove all uses for the nfsctl systemcall, and call code that only
runs when "new_cache" is false. We now assume "new_cache" is always
true.
This allows the removal of several files as well as assorted functions.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/lib/nfs/xtab is only used to find out what has been exported to
the kernel. This is more reliably done by reading
/proc/fs/nfs{,d}/export and nfs-utils uses that file if is available.
So xtab is only need if you have an incredibly ancient kernel which
doesn't have /proc/fs/nfs/export (and so which only supports NFSv2) or
if /proc is not mounted.
Neither of these are credible contexts to run a modern nfs-utils,
so stop creating or reading the xtab file.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs-server-generator is run very early when a lot of services are not
yet started, so it mustn't depend on them. Currently it can try to
use hostname lookup and syslog. Using hostname lookup can cause
errors and when these are logged via syslog, it can cause the
generator to block indefinitely
Hostname-lookup is not needed, as we don't use the host issue,
and sending message to stderr is sufficient for the generator.
Disabling syslog is easy - call a function that sets a static variable.
Disabling hostname lookup requires adding an "ignore_hosts" flags to
export_read and export_d_read().
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This places it in the same place as the similar export_read(),
and allows it to be called from other programs.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
If we fall back to using the numeric host then we shouldn't call
xlog with D_GENERAL. That can cause 'exportfs -u' to exit with a 1
if, for example, you have exports using ip addresses that can't be
resolved to hostnames. Use D_PARSE instead.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
An if statement has been missing a brace since host_ntop() was added in
commit 94ce1eb94babb4c587b2826452fb053cba745098 ("libexport.a: Add
helpers to manage DNS lookups").
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1287468
Signed-off-by: Rinku Kothiya <rkothiya@redhat.com>
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 9a92ef6f to add netgroup lookup of resolvable
IP addresses inadvertently broke the netgroup
check for short hostnames.
This patch fixes that breakage by changing the IP address
lookup to use a separate variable.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Commit d89e3fc7 removed the EAI_NONAME check altogether instead of just
moving the NULL check. This causes exportfs -u to incorrectly exit
with 1 whenever there's more than one MCL_FQDN export in the exportlist.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a netgroup entry specifies an IP address, and that
IP address can be resolved to a name, mountd will
currently only test whether the canonical name and
any aliases are in the netgroup, and does not test
whether the IP address is in the netgroup (IP
addresses which do not resolve to a name are
already checked against the netgroup).
This patch adds the check to see whether the IP
addresses are in the netgroup.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Throw 'No file systems exported!' iff no volume is exported rather
then if some exports file is empty. Typically this can happen if
the default /etc/exports file is empty and admin installed
configuration into /etc/exports.d directory.
This is follow-up for e725def62c73b4 commit.
Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Commit 076dd80 introduced a regression that causes
exportfs to fail when there is an empty /etc/exports
file. A empty /etc/exports file is valid and should
not cause exportfs to fail.
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The patch to nfs/exportfs to allow nfsd to start when
there are some, but not all, unresolvable entries in
/etc/exports.
Signed-off-by: Henrique Martins <linux@martins.cc>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1083018
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I hit a segfault in add_name with a mountd built with gcc-4.9.0. Some
NULL pointer checks got reordered such that a pointer was dereferenced
before checking to see whether it was NULL. The problem was due to
nfs-utils relying on undefined behavior, which tricked gcc into assuming
that the pointer would never be NULL.
At first I assumed that this was a compiler bug, but Jakub Jelinek and
Jeff Law pointed out:
"If old is NULL, then:
strncpy(new, old, cp-old);
is undefined behavior (even when cp == old == NULL in that case),
therefore gcc assumes that old is never NULL, as otherwise it would be
invalid.
Just guard
strncpy(new, old, cp-old);
new[cp-old] = 0;
with if (old) { ... }."
This patch does that. If old is NULL though, then we still need to
ensure that new is NULL terminated, lest the subsequent strcats walk off
the end of it.
Cc: Jeff Law <law@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I think there was a reason for this many years ago,
but I can not find any evidence that it ever really did
anything useful and it certainly doesn't seem to now.
And the documentation suggests that IP address take precedence over
SUBNETs, and that can only happen if they are treated as MCL_FQDN.
So remove this apparently pointless code.
Reported-and-tested-by: Wangminlan <wangminlan@huawei.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
This reverts commit 956aeff2e24304e938846f81f4b9db34cbf18a32.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To improve error handling when scripting exportfs it's useful
to have non-zero exit codes when the requested operation did not
succeed.
This patch also returns a non-zero exit code if you request to
unexport a non-existant share.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Split out the logic that releases dynamically allocated data in an
exportent. The junction resolution code will invoke this to clean
up the junction exportent once it has been dumped to the kernel.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Acked-by: Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In cltsetup(), when checking the address, use clp's naddr for index,
instead of cltarg's naddr, which it's always zero there.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to Neil Brown:
The point of the word 'reliable' is to check that the name we get
really does belong to the host in question - ie that both the
forward and reverse maps agree.
But the new code doesn't do that check at all. Rather it simply
maps the address to a name, then discards the address and maps the
name back to a list of addresses and uses that list of addresses as
"where the request came from" for permission checking.
This bug is exploitable via the following scenario and could allow an
attacker access to data that they shouldn't be able to access.
Suppose you export a filesystem to some subnet or FQDN and also to a
wildcard or netgroup, and I know the details of this (maybe
showmount -e tells me) Suppose further that I can get IP packets to
your server..
Then I create a reverse mapping for my ipaddress to a domain that I
own, say "black.hat.org", and a forward mapping from that domain to
my IP address, and one of your IP addresses.
Then I try to mount your filesystem. The IP address gets correctly
mapped to "black.hat.org" and then mapped to both my IP address and
your IP address.
Then you search through all of your exports and find that one of the
addresses: yours - is allowed to access the filesystem.
So you create an export based on the addrinfo you have which allows
my IP address the same access as your IP address.
Fix this by instead using the forward lookup of the hostname just to
verify that the original address is in the list. Then do a numeric
lookup using the address and stick the hostname in the ai_canonname.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was reported that, if only "lo" is up,
mount.nfs 127.0.0.1:/export /mount
fails with "Name or service not known".
"man 3 getaddrinfo" says this:
If hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4
addresses are returned in the list pointed to by res only if the
local system has at least one IPv4 address configured, and IPv6
addresses are only returned if the local system has at least
one IPv6 address configured.
The man page oversimplifies here. A review of glibc shows that
getaddrinfo(3) explicitly ignores loopback addresses when deciding
whether an IPv4 or IPv6 address is configured.
This behavior around loopback is a problem not just for mount.nfs,
but also for RPC daemons that have to start up before a system's
networking is fully configured and started. Given the history of
other problems with AI_ADDRCONFIG and the unpredictable behavior it
introduces, let's just remove it everywhere in nfs-utils.
This fix addresses:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=191
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client.c: In function 'init_netmask6':
client.c:181:1: warning: no return statement in function returning
non-void
and Suse' build system complained
I: Program returns random data in a function
E: nfs-utils no-return-in-nonvoid-function client.c:181
when I built without --enable-ipv6
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the exportent->e_uuid is initialised in
support/nfs/exports.c:parseopts(), but it is never freed.
Also ensure that exportent->e_uuid is duplicated correctly in
dupexportent().
Adjusted to account for the new export_free() helper.
Also, e_uuid points to memory that is always allocated with strdup(3),
not with xstrdup(). Thus it must be freed via free(3) and not via
xfree().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If --enable-ipv6 is specified when building nfs-utils, libexport's
host_foo() helpers can now return both IPv4 and IPv6 addresses.
This means IPv6 presentation addresses and IPv6 DNS resolution
results are handled properly in the mountd cache and /etc/exports,
but does not yet enable IPv6 mountd listeners.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of a single function that can handle both AF_INET and AF_INET6
addresses, two separate functions might be cleaner.
The original plan was to keep code redundancy at a minimum, but the
resulting code was cumbersome at best. I think I've traded a little
extra code for something that will be much easier to read, understand,
and maintain.
I've also eliminated the "#if / #endif" instances inside the functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Introduce support for IPv6 in client_check()'s helpers. The local
addrs_match() twins are no longer needed since we can use
nfs_compare_addrs() now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To parse and store an IPv6 host or subnet address, init_netmask()
needs to handle 128 bit subnet masks.
Unfortunately what once was a pretty simple little function has grown
much larger. This logic must now not only parse IPv6 addresses
correctly, but must also distinguish between IPv4 and IPv6.
To avoid code duplication, I'm "bending" the cardinal rule of not
using "#ifdef" inside functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Retire the slash32 logic in inet_netmask() in favor of a more generic
netmask parser that can support IPv6 addresses.
If an invalid IP address string is given to inet_addr(3), it returns
INADDR_NONE, which is actually a "valid" address (255.255.255.255).
We're none the wiser to the substitution until something breaks later.
This patch provides better sanity checking of the parsed address, now
that such an error can be reported to client_init()'s callers.
We can also check the prefixlen value a little more carefully as well.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Take the first step towards making it possible to parse either IPv4 or
IPv6 addresses in client_init(). It won't handle IPv6 until
host_pton() has IPv6 support enabled, and it still doesn't deal with
IPv6 netmasks yet.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current open-coded parsing logic in client_gettype() will be hard
to modify to recognize IPv6 addresses. Use a more generic mechanism
for detecting IP presentation addresses.
IPv6 will be enabled automatically in client_gettype() when host_pton()
is changed to support IPv6 addresses.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Neil Brown reports that recent changes to replace
gethostby{addr,name}(3) with get{addr,info}name(3) may have
inadvertently broken netgroup support.
There used to be a gethostbyaddr(3) call in the third paragraph in
check_netgroup(). The reason for that gethostbyaddr(3) call was that
the first innetgr(3) call has already confirmed that hname is not a
member of the netgroup. We also need to confirm that, if hname
happens to be an IP address, the hostname bound to that IP address is
not a member of the netgroup, either.
Fix this by restoring appropriate address to hostname mapping of hname
before retrying the innetgr(3) call.
See http://marc.info/?l=linux-nfs&m=128084830214653&w=2 .
Introduced by commit 0509d3428f523776ddd9d6e9fa318587d3ec7d84.
Reviewed-by: Neil Brown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
check_netgroup() is going to be changed to free dynamically
allocated resources before it returns, so a common
exit point is needed.
Reviewed-by: Neil Brown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
nfsctl.c: In function 'expsetup':
nfsctl.c:112: warning: signed and unsigned type in conditional expression
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Clean up: Get rid of hostent-based DNS helper functions in
libexport.a that have been replaced by addrinfo-based DNS helpers.
None of the original code remains, so replace the copyright notice as
well.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up. Add a few additional documenting comments for globally
visible functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: export_add() is not called from outside of export.c, so make
it a static helper.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: export_read()'s return value is always zero, and its only
caller never checks it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct hostent can store either IPv4 or IPv6 addresses, but it can't
store both address families concurrently for the same host. Neither
can hostent deal with parts of socket addresses that are outside of
the sin{,6}_addr field.
Replace the use of "struct hostent" everywhere in libexport.a, mountd,
and exportfs with "struct addrinfo". This is a large change, but
there are so many strong dependencies on struct hostent that this
can't easily be broken into smaller pieces.
One benefit of this change is that hostent_dup() is no longer
required, since the results of getaddrinfo(3) are already dynamically
allocated.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce DNS query helpers based on getaddrinfo(3) and
getnameinfo(3). These will eventually replace the existing
hostent-based functions in support/export/hostname.c.
Put some of these new helpers to immediate use, where convenient.
As they are part of libexport.a, I've added the forward declarations
for these new functions in exportfs.h rather than misc.h, where the
hostent-based forward declarations are currently.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: Make it easier to add IPv6 support by refactoring part of
rmtab_read() into a helper function.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To store non-AF_INET addresses in the nfs_client structure, we need to
use more than in_addr for the m_addrlist field. Make m_addrlist
larger, then add a few helper functions to handle type casting and
array indexing cleanly.
We could treat the nfs_client address list as if all the addresses
in the list were the same family. This might work for MCL_SUBNETWORK
type nfs_clients. However, during the transition to IPv6, most hosts
will have at least one IPv4 and one IPv6 address. For MCL_FQDN, I
think we need to have the ability to store addresses from both
families in one nfs_client.
Additionally, IPv6 scope IDs are not part of struct sin6_addr. To
support link-local IPv6 addresses and the like, a scope ID must be
stored.
Thus, each slot in the address list needs to be capable of storing an
entire socket address, and not simply the network address part.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Clean up: client_add()'s current callers never set unknown m_type
values, so the m_type check is unnecessary.
All of client_add()'s callers are in the same source file where it is
defined, so make it a static helper function.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
