| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Harald Hoyer <harald@redhat.com>
PR_CAPBSET_DROP can return EINVAL, if an older kernel does support
some capabilities, which are defined by CAP_LAST_CAP, which results in
a failure of the service.
For example kernel 3.4 errors on CAP_EPOLLWAKEUP, which was newly
introduced in 3.5.
So, for future capabilities, we clear until we get an EINVAL for
PR_CAPBSET_READ.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Kernel 3.5 adds a debugging flag for showing NFS client debugging
messages having to do with NFSv4 state operations.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
statd drops all capabilities except for CAP_NET_BIND when it starts.
It's possible though that if it ever had a compromise that an attacker would
be able to invoke a setuid process (or something with file capabilities) in
order to reinstate some caps.
This could happen as a result of the daemon becoming compromised, or
possibly as a result of the ha-callout program becoming compromised.
In order to prevent that, have statd also prune the capability bounding
set to nothing prior to dropping capabilities. That ensures that the
process won't be able to reacquire capabilities via any means --
including exec'ing a setuid program.
We do however need to be cognizant of the fact that PR_CAPBSET_DROP was
only added in 2.6.25, so check to make sure that #define exists via
autoconf before we rely on it. In order to do that, we must add
ax_check_define.m4 from the GNU autoconf macro archive.
Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound
exists before attempting to clear the bounding set. If it does, then
don't bother trying since it won't work. In that event though, do
throw a warning however since the presence of that file indicates that
there is a disconnect between the build and runtime environments.
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This program opens and "listens" on the new nfsd/cld rpc_pipefs pipe.
The code here doesn't actually do anything on stable storage yet. That
will be added in a later patch.
The patch also adds a autoconf enable switch for the new daemon that
defaults to "no", and a test for the upcall description header file.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This patch limits the visibility of the symbols in the nfs-utils
conffile.c so that they are only visible to programs linked directly to
it. This forces the objects dynamically loaded via libnfsidmap to use
the functions defined in that shared library instead.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This problem can occur when multiple cluster services fail over
at the same time, causing missing high-available exports.
Having a lot of nfs-exports will trigger this issue easier.
https://bugzilla.linux-nfs.org/show_bug.cgi?id=224
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
When the options where prefixed with spaces (instead of tabs)
the second option in the list was missed to so a miscalculation
the the nfsmount.conf parsing code.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Newer arches omitting both nfsctl and nfsservctl which breaks nfsctl.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
In the parsing routine, conf_parse_line(), a string
is not being null terminated which is causing
section of the config file to be ignored.
https://bugzilla.linux-nfs.org/show_bug.cgi?id=205
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch added the following debug flags:
fscache - enable FSCache debugging
pnfs - enable general pNFS debugging
pnfs_ld - enable pNFS layout debugging
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To allow greater flexibility to where statd's state is kept,
statd's state path can now be decoupled from the normal
NFS state directory.
In configure.ac, the NSM_DEFAULT_STATEDIR definition will now define
the path to where the state information is kept. The default
value, /var/lib/nfs, can be redefined with the --with-statdpath
flag.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where -N 4.1 is left off the commandline, the current code
explicitly turns it on or off anyway, depending on configure options.
Instead, just leave 4.1 support alone. This allows a user to add an
"echo +4.1 >/proc/fs/nfsd/versions" to their init scripts, if they want.
Otherwise they will get the kernel's default (currently to leave 4.1
off, as long as 4.1 support is experimental).
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
License texts contain multiple address for FSF, some wrong.
So update them and replace COPYING file with
http://www.gnu.org/licenses/gpl-2.0.txt
which has a few changes to preamble and commentary.
Also remove extra COPYING file from utils/statd/
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
At RHEL, if user set port for mountd at /etc/services as
"mount 12345/tcp", mountd should be bind to 12345, but the
latest nfs-utils, mountd get a rand port, not 12345.
This patch make sure mountd be bind to the port which was set
at /etc/service.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
s statd can be started by 'mount' which can sometimes be run by a
normal user, the current-working-directory could be anything. In
partcular it could be in a mounted filesystem. As 'statd' continues
running as a daemon it could keep prevent that filesystem from being
unmounted.
statd does currently 'chdir' to the state directory, but only if the
state directory is not owned by root. This is wrong - it should check
for root after the chdir, not before.
So swap the two if statements around.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The fd associated with /proc/fs/nfsd/export_features opened in
get_export_features is not closed.
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
In cltsetup(), when checking the address, use clp's naddr for index,
instead of cltarg's naddr, which it's always zero there.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to Neil Brown:
The point of the word 'reliable' is to check that the name we get
really does belong to the host in question - ie that both the
forward and reverse maps agree.
But the new code doesn't do that check at all. Rather it simply
maps the address to a name, then discards the address and maps the
name back to a list of addresses and uses that list of addresses as
"where the request came from" for permission checking.
This bug is exploitable via the following scenario and could allow an
attacker access to data that they shouldn't be able to access.
Suppose you export a filesystem to some subnet or FQDN and also to a
wildcard or netgroup, and I know the details of this (maybe
showmount -e tells me) Suppose further that I can get IP packets to
your server..
Then I create a reverse mapping for my ipaddress to a domain that I
own, say "black.hat.org", and a forward mapping from that domain to
my IP address, and one of your IP addresses.
Then I try to mount your filesystem. The IP address gets correctly
mapped to "black.hat.org" and then mapped to both my IP address and
your IP address.
Then you search through all of your exports and find that one of the
addresses: yours - is allowed to access the filesystem.
So you create an export based on the addrinfo you have which allows
my IP address the same access as your IP address.
Fix this by instead using the forward lookup of the hostname just to
verify that the original address is in the list. Then do a numeric
lookup using the address and stick the hostname in the ai_canonname.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.
See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With commit 1374c3861abdc66f3a1410e26cc85f86760b51dd Neil added a
-test-client- export to test the exportability of filesystems when exportfs
is run. When using the old cache controls (i.e. /proc/fs/nfsd is not
mounted) exportfs will read /proc/fs/nfs/exports to process existing
exports and find these test client entries. The dash at the beginning of
-test-client- will be cause getexportent to look for default options in the
rest of the string, which test-client- will not match:
exportfs: /proc/fs/nfs/exports:1: unknown keyword "test-client-(rw"
This patch resolves that problem (as Steve suggested) by not processing any
default options if we are reading the list of existing exports from the
kernel. Default options are converted to individual exports by exportfs so
the kernel won't have any regardless.
Signed-off-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, when writing to /proc/net/rpc/*/channel, if a cache line
were larger than the default buffer size (likely 1024 bytes), mountd
and svcgssd would split writes into a number of buffer-sized writes.
Each of these writes would get an EINVAL error back from the kernel
procfs handle (it expects line-oriented input and does not account for
multiple/split writes), and no cache update would occur.
When such behavior occurs, NFS clients depending on mountd to finish
the cache operation would block/hang, or receive EPERM, depending on
the context of the operation. This is likely to happen if a user is a
member of a large (~100-200) number of groups.
Instead, every fopen() on the procfs files in question is followed by
a call to setvbuf(), using a per-file dedicated buffer of
RPC_CHAN_BUF_SIZE length.
Really, mountd should not be using stdio-style buffered file operations
on files in /proc to begin with. A better solution would be to use
internally managed buffers and calls to write() instead of these stdio
calls, but that would be a more extensive change; so this is proposed
as a quick and not-so-dirty fix in the meantime.
Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Trond Myklebust <Trond.Myklebust@netapp.com>
The fedfs ldap server will specify a ttl for its entries.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This is a refactoring change only. There should be no change in
behavior.
Original patch had updates to utils/mountd/junctions.c, which no
longer exists. These are not included here.
Create a macro for the default cache TTL, which is used in several
places besides the export cache.
Make e_ttl unsigned.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
conffile.c:258:19: warning: 'j' may be used uninitialized in this function
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adding a capability to read /etc/exports.d/*.exports as
extra export files to exportfs.
If one wants to add or remove an export entry in a script, currently
one may have to use sed or something tool for adding or removing the
line for the entry in /etc/exports file.
With the patch, adding and removing an entry from a script is much
easier.
cat<<EOF... or mv can be used for adding. rm can be used for removing.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
rpcdispatch.c:40:20: warning: comparison between signed and unsigned
integer expressions
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
At nsm_drop_privileges(), for improving readability, unify
the return value.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Monitored host information is stored in files under /var/lib/nfs.
When visiting entries in the monitored hosts directory, libnsm.a
examines the value of dirent.d_type to determine if an entry is a
regular file.
According to readdir(3), the d_type field is not supported by all
file system types. My root file system happens to be one where d_type
isn't supported. Typical installations that use an ext-derived root
file system are not exposed to this issue, but those who use xfs, for
instance, are.
On such file systems, not only are remote peers not notified of
reboots, but the NSM state number is never incremented. A statd warm
restart would not re-monitor any hosts that were monitored before
the restart.
When writing support/nsm/file.c, I copied the use of d_type from the
original statd code, so this has likely been an issue for some time.
Replace the use of d_type in support/nsm/file.c with a call to
lstat(2). It's extra code, but is guaranteed to work on all file
system types.
Note there is a usage of d_type in gssd. I'll let gssd and rpcpipefs
experts decide whether that's worth changing.
Fix for:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=193
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the __attribute_noinline__ form with
__attribute__((__noinline__)).
Even though the compiler didn't complain about __attribute_malloc__,
also replace those in order to maintain consistent style throughout the
source file.
Fix for:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=194
Reported-by: "Gabor Z. Papp" <gzp@papp.hu>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
When parsing section's arg at configure file, the pointer
should stop when fetch ']', and give the warning message.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was reported that, if only "lo" is up,
mount.nfs 127.0.0.1:/export /mount
fails with "Name or service not known".
"man 3 getaddrinfo" says this:
If hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4
addresses are returned in the list pointed to by res only if the
local system has at least one IPv4 address configured, and IPv6
addresses are only returned if the local system has at least
one IPv6 address configured.
The man page oversimplifies here. A review of glibc shows that
getaddrinfo(3) explicitly ignores loopback addresses when deciding
whether an IPv4 or IPv6 address is configured.
This behavior around loopback is a problem not just for mount.nfs,
but also for RPC daemons that have to start up before a system's
networking is fully configured and started. Given the history of
other problems with AI_ADDRCONFIG and the unpredictable behavior it
introduces, let's just remove it everywhere in nfs-utils.
This fix addresses:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=191
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client.c: In function 'init_netmask6':
client.c:181:1: warning: no return statement in function returning
non-void
and Suse' build system complained
I: Program returns random data in a function
E: nfs-utils no-return-in-nonvoid-function client.c:181
when I built without --enable-ipv6
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the exportent->e_uuid is initialised in
support/nfs/exports.c:parseopts(), but it is never freed.
Also ensure that exportent->e_uuid is duplicated correctly in
dupexportent().
Adjusted to account for the new export_free() helper.
Also, e_uuid points to memory that is always allocated with strdup(3),
not with xstrdup(). Thus it must be freed via free(3) and not via
xfree().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally, when "-p" is not specified on the mountd command line, the
TI-RPC library chooses random port numbers for each listener. If a
port number _is_ specified on the command line, all the listeners
will get the same port number, so SO_REUSEADDR needs to be set on
each socket.
Thus we can't let TI-RPC create the listener sockets for us in this
case; we must create them ourselves and then set SO_REUSEADDR (and
other socket options) by hand.
Different versions of the same RPC program have to share the same
listener and SVCXPRT, so we have to cache xprts we create, and re-use
them when additional requests for registration come from the
application.
Though it doesn't look like it, this fix was "copied" from the legacy
rpc_init() function. It's more complicated for TI-RPC, of course,
since a TI-RPC application can set up listeners with a nearly
arbitrary number of address families and socket types, not just the
two listeners that legacy RPC applications can set up (one for AF_INET
UDP and one for AF_INET TCP).
See:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=190
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
There are several source files and headers present in the ./utils/idmapd
directory which are also usable in a doimapd daemon. Because of this we
move that support into the support directory such that it can be shared by
both daemons.
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minor clean up.
Most modern Linux distributions set UTF-8 locales. Standardize the
character encoding of source files on UTF-8, to squelch vim com-
plaints.
I probably missed a few spots.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If --enable-ipv6 is specified when building nfs-utils, libexport's
host_foo() helpers can now return both IPv4 and IPv6 addresses.
This means IPv6 presentation addresses and IPv6 DNS resolution
results are handled properly in the mountd cache and /etc/exports,
but does not yet enable IPv6 mountd listeners.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is more of a clean-up than a behavioral change.
POSIX requires that a "struct sockaddr" is the same size as a "struct
sockaddr_in". Therefore, a variable or field of type "struct sockaddr"
cannot contain an AF_INET6 address. However, "struct sockaddr *" is
often used to reference a generic (ie non-address family specific)
socket address, generating some confusion about this.
The nfsctl_arg struct uses a struct sockaddr (not a pointer) to pass
the client's IP address to the kernel. This means the legacy nfsctl()
kernel API can never support IPv6. Fortunately for us, this legacy
interface was replaced by a text-based cache interface a few years
back. We don't need to support non-AF_INET addresses here.
The getfh() functions in nfs-utils provide a handy C API for the
kernel's nfsctl interface. The getfh() functions still take a struct
sockaddr *, though, and that can imply that a non-IPv4 address can be
passed via this API. To make it abundantly clear that only IPv4
addresses can be used with this interface, change the synopses of
getfh() and friends to take a struct sockaddr_in * instead of a struct
sockaddr * .
This makes these functions conform with other places in mountd and
exportfs that already grok the difference between a struct sockaddr
and a struct sockaddr_in.
While we're here...
Introduce some nice documenting comments for the get_fh() functions,
and...
Since mountd will support IPv6 in the near future, assert that the
family of client addresses passed to this API is indeed AF_INET, in
order to prevent non-AF_INET addresses from ever being passed to the
legacy nfsctl() interface.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mount.nfs command must recognize the values of "rdma" and "rdma6"
with the "proto=" mount option. Typically the mount.nfs command
relies on libtirpc or getprotobyname(3) to recognize netids and
translate them to protocol numbers.
RFCs 5665 and 5666 define the "rdma" and "rdma6" netids. IANA defines
a specific port number for NFS over RDMA (20049), but has not provided
a protocol name and number for RDMA transports, and is not expected
to. The best we can do is translate these by hand, as needed, to get
RDMA mount requests to the kernel without erroring out.
Only the forward translation is needed until such time that "rdma" and
"rdma6" start to appear in rpcbind registries. For now, the version
and transport negotiation logic is skipped, avoiding rpcbind queries
for RDMA mounts.
Note: As of kernel 2.6.36, the kernel's NFS over RDMA transport
capability does not support IPv6.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of a single function that can handle both AF_INET and AF_INET6
addresses, two separate functions might be cleaner.
The original plan was to keep code redundancy at a minimum, but the
resulting code was cumbersome at best. I think I've traded a little
extra code for something that will be much easier to read, understand,
and maintain.
I've also eliminated the "#if / #endif" instances inside the functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Introduce support for IPv6 in client_check()'s helpers. The local
addrs_match() twins are no longer needed since we can use
nfs_compare_addrs() now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To parse and store an IPv6 host or subnet address, init_netmask()
needs to handle 128 bit subnet masks.
Unfortunately what once was a pretty simple little function has grown
much larger. This logic must now not only parse IPv6 addresses
correctly, but must also distinguish between IPv4 and IPv6.
To avoid code duplication, I'm "bending" the cardinal rule of not
using "#ifdef" inside functions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Retire the slash32 logic in inet_netmask() in favor of a more generic
netmask parser that can support IPv6 addresses.
If an invalid IP address string is given to inet_addr(3), it returns
INADDR_NONE, which is actually a "valid" address (255.255.255.255).
We're none the wiser to the substitution until something breaks later.
This patch provides better sanity checking of the parsed address, now
that such an error can be reported to client_init()'s callers.
We can also check the prefixlen value a little more carefully as well.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Take the first step towards making it possible to parse either IPv4 or
IPv6 addresses in client_init(). It won't handle IPv6 until
host_pton() has IPv6 support enabled, and it still doesn't deal with
IPv6 netmasks yet.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current open-coded parsing logic in client_gettype() will be hard
to modify to recognize IPv6 addresses. Use a more generic mechanism
for detecting IP presentation addresses.
IPv6 will be enabled automatically in client_gettype() when host_pton()
is changed to support IPv6 addresses.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Neil Brown reports that recent changes to replace
gethostby{addr,name}(3) with get{addr,info}name(3) may have
inadvertently broken netgroup support.
There used to be a gethostbyaddr(3) call in the third paragraph in
check_netgroup(). The reason for that gethostbyaddr(3) call was that
the first innetgr(3) call has already confirmed that hname is not a
member of the netgroup. We also need to confirm that, if hname
happens to be an IP address, the hostname bound to that IP address is
not a member of the netgroup, either.
Fix this by restoring appropriate address to hostname mapping of hname
before retrying the innetgr(3) call.
See http://marc.info/?l=linux-nfs&m=128084830214653&w=2 .
Introduced by commit 0509d3428f523776ddd9d6e9fa318587d3ec7d84.
Reviewed-by: Neil Brown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|