| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The daemonization init/ready functions have parameters that are never used,
require the caller to keep track of some pipefds that it has no interest in
and which might not be used in some scenarios. Cleanup both functions a bit.
The idea here is also that these two functions might be good points to
insert more systemd init code later (sd_notify()).
Also, statd had a private copy of the daemonization code for unknown
reasons...so make it use the generic version instead.
Signed-off-by: David H?rdeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently have 2 cut-and-paste versions of this code. One for idmapd
and one for svcgssd.[1]
The two are basically equivalent but there are some small differences,
mostly related to how errors in that function are logged. svcgssd uses
printerr() with a priority of 1, which only prints errors if -v was
specified. That doesn't seem to be quite right. Daemonizing errors are
necessarily fatal and should be logged as such. The one for idmapd uses
err(), which always prints to stderr even though we have the xlog
facility set up. Since both have xlog configured at this point, log the
errors using xlog_err() instead.
The only other significant difference I see is that the idmapd version
will open "/" if it's unable to open "/dev/null". I believe that however
was a holdover from an earlier version of that function that did not
error out when we were unable to open a file descriptor. Since the
function does that now, I don't believe we need that fallback anymore.
[1]: technically, we have a third in statd too, but it's different
enough that I don't want to touch it here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Some init systems actually expect daemons to return 0 on success.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of Kerberos libraries negotiate and use
an "acceptor subkey". This negotiation does not consider
that a service may have limited the encryption keys in its
keytab. A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603)
has been added to the MIT Kerberos code to allow an application
to indicate that it wants to limit the encryption types negotiated.
(This functionality has been available on the client/initiator
side for a while. The new patch adds this support to the
server/acceptor side.)
This patch adds support to read a recently added nfsd
proc file to determine the encryption types supported by
the kernel and calls the function to limit encryption
types negotiated for the acceptor subkey.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added in gss_display_error() which translates the GSS error into the
actual GSS macro name. Currently only the translation of these errors
are logged. Since those translations are buried deep in the kerberos
library code, having the actual GSS macro name makes it easier to
follow the code.
Moved the nfs4_init_name_mapping() call into main() so if debug is
enabled the DNS name and realms will be logged during start up.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Allow the principal that is used to get the machines creds definable
on the command like with the new '-p <principal>'. This is useful
in cluster environments.
Signed-off-by: Eberhard Kuemmerle <E.Kuemmerle@fz-juelich.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
svcgssd.c: In function 'sig_hup':
svcgssd.c:160: warning: unused parameter 'signal'
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
idmapd and svcgssd have a mydaemon() routine that uses closeall() to
close file descriptors. Unfortunately, they aren't using it correctly
and it ends up closing the pipe that the child process uses to talk to
its parent.
Fix this by not using closeall() in this routine and instead, just close
the file descriptors that we know need to be closed. If /dev/null can't
be opened for some reason, then just have the child exit with a non-zero
error.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
libnfsidmapd libraries when verbosity level is set
by the '-v' flag it on either daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
flag has been set. This cause warnings to be generated when
return values from reads/writes (and other calls) are not
checked. The patch address those warnings.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Clean up.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix function declaration to eliminate compiler warning about it
not being a prototype after -Wstrict-prototypes was added.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Glenn Machin <GMachin@sandia.gov>. Allow svcgssd
to turn on libnfsidmap debugging. This uses a new command-line
parameter so that it can be enabled independently from other
debugging.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured. We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.
|
| |
|
