| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
atomicio.c:43:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Re-implement include file functionality as documented.
Existing implementation had various issues, one of which was it allowed
a subordinate file to inadvertently change which section the subsequent
tags back in the master config file got assigned to.
Acked-by: NeilBrown <neilb@suse.com>
Signed-off-by: Justin Mitchell <jumitche@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Remove the line length parameter and associated code which
led to buffer overruns in the line parsing code.
Also drops the undocumented 'include' directive.
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Part of a sequence of attempts to tidy up the nfs.conf code and prepare
it for use as part of a configuration API.
Remove static vars that prevented memory cleanup and potentially lead to
parsing errors if conf_init was called again.
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Working towards an nfs.conf library and API for system config tools,
first step, replace the conf_path global with a parameter to conf_init
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conf_set() already refuses to set an empty value, so if
foo=
appears in the config file, it will be ignored.
This patch extends the policy to environment variables, so empty
environment variables are treated as though they didn't exist.
This means that a separate environment file (e.g. /etc/sysconfig/nfs)
will be treated the same way whether it is:
- included in the [environment] section of /etc/nfs.conf
- sourced by the shell before running code
- sourced by the systemd EnvironmentFile directive.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
On recent kernels only exports with NFSEXP_SECURITY_LABEL set will
export security labels.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The value is from the list general, call, auth, parse, all.
Most daemons recognise this in their dedicated section.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
There were being stripped from the name instead!
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code that said "Skip trailing spaces" actually skipped everything
after the first space.
Change to to only skip trailing spaces, or comments that start after
a space.
This is useful for lists:
Foo: a, b, c
The list handling already allows for internal spaces.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the value for a tag starts with '$', then the remainder
of the value is treated as an environment variable name.
It is looked up in the environment (getenv) and if not found,
it is looked for in the [environment] section of the config file.
This lookup is formed as access time e.g. by conf_get_str(), not at
parse time.
The expected usage is that the config file can contain something like
[environment]
include = /etc/sysconfig/nfs
[other-section]
tag = $NAME
and conf_get_str("other-section","tag") will report the value of "NAME"
in the given file.
As different distributions used different environment files, and
different
variable names with-in them, a distro could provide a static config file
which maps from names in that environment file to config tags requires
by NFS daemons.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A value setting like
foo =
is now equivalent to not setting "foo" at all.
This is likely to be least confusing.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When "include = " is used to read and "environment" file such as
/etc/sysconfig/nfs, there might be quotes around values.
Stripe those off, just like a 'shell' reading the file would.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A tag
include = filename
will be replaced by the content of the file.
This must appear after a section heading, and any assignments
not in their own section will be included in the section that this
directive is in.
e.g
[environment]
include = /etc/sysconfig/nfs
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
This will make support of include files easier.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conffile allocates memory and reads in the config file.
It then parses the file, using strdup() to take a copy of
any string that it uses, so after conf_parse() there are no
references in to the allocated file image.
conffile does not free this image. It keeps a pointer, but never uses
it in an interesing way, and never frees it. This is a little clumsy
and interfers with a future patch which will support the inclusion of
subordinate config files.
So free 'new_conf_addr' when finished with it, and discard the
'conf_addr' variable that stored it.
This has an insignificant performance consequence in that we node
always free everything in the hash table, even when we know it must
be empty.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
conf_get_bool() interprets various strings as 'true' or 'false'.
If no suitable value is found, the default is returned.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This systemcall was deprecated early in the 2.6 series
as it was replaced by an in-kernel cache which was refilled
using an upcall. All communication to kernel is now through
the nfsd filesystem.
The nfsctl systemcall itself was removed in 3.1.
It is unlikely to have been used for over a decade.
To remove all uses for the nfsctl systemcall, and call code that only
runs when "new_cache" is false. We now assume "new_cache" is always
true.
This allows the removal of several files as well as assorted functions.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
before this commit, run 'exportfs -s' will output some
options more than one time. for example:
/path *(rw,no_root_squash,rw,secure,no_root_squash,no_all_squash)
the options rw,no_root_squash,etc will be print twice.
the reason is secinfo_show() will show these security options again
this patch remove these redundant outputs.
Signed-off-by: Jianhong Yin <yin-jianhong@163.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux C libraries are moving away from implicitly including the header
sys/sysmacros.h via sys/types.h. We would like to do this for glibc
now, but others (musl/etc...) have been doing it already. This means
any code using major/minor/makedevs functions will fail to build when
they don't include that header.
Leverage the AC_HEADER_MAJOR macro that configure is already using to
pull in the right header.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
both connect() and select() can receive EINTR signals that we need to
recover from.
In Unix Network Programming, volume 1, section 5.9, W. Richard Stevens
states:
What we are doing [?] is restarting the interrupted system call ourself.
This is fine for accept, along with the functions such as read, write,
select and open. But there is one function that we cannot restart ourself:
connect. If this function returns EINTR, we cannot call it again, as doing
so will return an immediate error. When connect is interrupted by a caught
signal and is not automatically restarted, we must call select to wait for
the connection to complete,
Thus for connect() treat both EINPROGRESS and EINTR the same -- call
select().
For select(), it should be re-tried again upon receiving EINTR.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If file open failed, no need to issue close system call in
nsm_get_state and closeall.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
To help debug rpcbind failures, make sure all
errors are logged and log as much info about
the error as possible.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Commit 273b4647 introduced the following warning:
mydaemon.c:125:2: warning: implicit declaration of function 'closelog'
[-Wimplicit-function-declaration]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 7addf9d (cleanup daemonization code) added the following line to
mydaemon_init():
dup2(pipefds[1], 3);
If we've already called vsyslog() before the fork(), then chances are fd
3 was being used for the syslog socket. In that case the next vsyslog()
call will cause the data to appear on the read end of the pipe, causing
the parent to exit with a nonzero status. If systemd is running, it
will see the parent's nonzero exit status and will terminate the child
as well.
So just call closelog() to close the fd. The next call to vsyslog()
will open a new one if need be.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It's caused by commit 4a1ad4aa30,
"mountd: Enable all auth flavors on pseudofs exports"
This patch removes duplicate secinfo and invalid secinfo (zero).
Acked-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using pnfs with "fsid=0", exportfs prints error as,
$ exportfs -a
exportfs: /var/lib/nfs/etab:1: unknown keyword "no_pnfsfsid=0"
Commit cdd16bef98 ("nfs-utils: add support for the "pnfs" export option")
miss the comma after "pnfs"/"on_pnfs" operation.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This goes along with the patch just sent to Bruce to make pnfs
support conditional.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Valgrind shows that the memory allocated for ee.e_hostname in
getexportent() is being leaked. While there _is_ a call to xfree(), by
the time it gets called the leak's already happened. Moving the xfree()
call so that it occurs before the assignment that overwrites ee fixes
this.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The daemonization init/ready functions have parameters that are never used,
require the caller to keep track of some pipefds that it has no interest in
and which might not be used in some scenarios. Cleanup both functions a bit.
The idea here is also that these two functions might be good points to
insert more systemd init code later (sd_notify()).
Also, statd had a private copy of the daemonization code for unknown
reasons...so make it use the generic version instead.
Signed-off-by: David H?rdeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
All access to kernel is now done using file descriptors.
Signed-off-by: Timo Ter?s <timo.teras@iki.fi>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is experimental. In works fine in that it removes the
vulnerability against a DOS attack. rpc.mountd can be blocked by
a bad client, that sends many RPC requests but never reads the
responses. This might happen intentionally or caused by a wrong
network config (MTU). The patch switches on the nonblocking
mode of libtirpc. In that mode writes can block for a max of 2 seconds.
Attackers are forced to send requests slower, as libtirpc will close
a connection if it finds two requests to read at the same time.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If mountd is built with libtirpc the tcp listeners and the sockets
waiting for UDP messages are not in non-blocking mode. Thus if running
with multiple threads (-t XX), all threads will wake up from select on
a connection request or a UDP message, but only one thread will succeed.
All others will wait on accept() or read() for the next event.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If mountd is built without libtirpc and it is started using "-p XXX"
option, the tcp listeners and the sockets waiting for UDP messages
are not in non-blocking mode. Thus if running with multiple threads (-t XX),
all threads will wake up from select on a connection request or a UDP
message, but only one thread will succeed. All others will wait on
accept() or read() for the next event.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to establish a local ephemeral endpoint for a TCP or UDP
socket, do not explicitly call bind(2), instead let it happen implicilty
when the socket is first used.
The main motivating factor for this change is when TCP runs out of unique
ephemeral ports (i.e. cannot find any ephemeral ports which are not a
part of *any* TCP connection). In this situation if you explicitly call
bind(2), then the call will fail with EADDRINUSE. However, if you allow the
allocation of an ephemeral port to happen implicitly as part of connect(2)
(or other functions), then ephemeral ports can be reused, so long as
the combination of (local_ip, local_port, remote_ip, remote_port)
is unique for TCP sockets on the system.
This doesn't matter for UDP sockets, but it seemed easiest to treat TCP
and UDP sockets the same.
This can allow mount.nfs(8) to continue to function successfully, even
in the face of misbehaving applications which are creating a large number of
TCP connections.
Signed-off-by: Chris Perl <chris.perl@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Use the standard integer types. This fixes compiling errors with musl libc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of our customer's application only needs file names, not file
attributes. With directories having 10K+ inodes (assuming buffer cache
has directory blocks cached having file names, but inode cache is
limited and hence need eviction of older cached inodes), older inodes
are evicted periodically. So if they keep on doing readdir(2) from NSF
client on multiple directories, some directory's files are periodically
removed from inode cache and hence new readdir(2) on same directory
requires disk access to bring back inodes again to inode cache.
As READDIRPLUS request fetches attributes also, doing getattr on each
file on server, it causes unnecessary disk accesses. If READDIRPLUS on
NFS client is returned with -ENOTSUPP, NFS client uses READDIR request
which just gets the names of the files in a directory, not attributes,
hence avoiding disk accesses on server.
There's already a corresponding client-side mount option, but an export
option reduces the need for configuration across multiple clients.
This flag affects NFSv3 only. If it turns out it's needed for NFSv4 as
well then we may have to figure out how to extend the behavior to NFSv4,
but it's not currently obvious how to do that.
Signed-off-by: Rajesh Ghanekar <rajesh_ghanekar@symantec.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Errors were logged with xlog_err function relying on errno, but these
functions don't set it.
Fix the problem by introducing xlog_errno which set errno
Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently have 2 cut-and-paste versions of this code. One for idmapd
and one for svcgssd.[1]
The two are basically equivalent but there are some small differences,
mostly related to how errors in that function are logged. svcgssd uses
printerr() with a priority of 1, which only prints errors if -v was
specified. That doesn't seem to be quite right. Daemonizing errors are
necessarily fatal and should be logged as such. The one for idmapd uses
err(), which always prints to stderr even though we have the xlog
facility set up. Since both have xlog configured at this point, log the
errors using xlog_err() instead.
The only other significant difference I see is that the idmapd version
will open "/" if it's unable to open "/dev/null". I believe that however
was a holdover from an earlier version of that function that did not
error out when we were unable to open a file descriptor. Since the
function does that now, I don't believe we need that fallback anymore.
[1]: technically, we have a third in statd too, but it's different
enough that I don't want to touch it here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add the ability to turn off UDP listeners with the
new "-u | --no-udp" flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Convert the current code to used the NFSCTL_XXX macros
to turn off the TCP listener.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 11ba3b1e01b67b7d19f26fba94fabdb60878e809 (Add a default flavor
to an export's e_secinfo list) breaks the ordering of security flavours
in the secinfo list, by reordering 'sec=sys' to always be the first
secinfo flavour if one fails to set a default 'sec' setting.
An export of the form:
/export -sync,no_subtree_check,mp \
192.168.1.0/24(sec=krb5p:krb5i:krb5,rw,sec=sys,ro)
ends up getting translated by exportfs into the following entry in
/var/lib/nfs/etab:
/export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
secure,root_squash,no_all_squash,\
no_subtree_check,secure_locks,acl,\
mountpoint,anonuid=65534,anongid=65534,\
sec=sys,ro,root_squash,no_all_squash,\
sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash)
Note how the 'sec=sys' is now listed first...
The fix is to defer adding the default flavour until the call to
secinfo_show, when we can see if it is even needed at all.
With the patch, the above export is now correctly entered in
/var/lib/nfs/etab as:
/export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
secure,root_squash,no_all_squash,\
no_subtree_check,secure_locks,acl,\
mountpoint,anonuid=65534,anongid=65534,\
sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash,\
sec=sys,ro,root_squash,no_all_squash)
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
