| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Prior to merge libnfsidmap leaked many private symbols that were
not defined in its API, creating an accidental ABI.
This patch renames and unhides symbols in order to match that ABI
until a cleaned up API can be established and released.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
To allow better reuse of the code we split conffile and xlog
into their own separate convenience library, then merge it
back so as to not create extra dependancies for everything
Signed-off-by: Justin Mitchell <jumitche@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cache.c:623:13: warning: In the GNU C Library, "major" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "major", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"major", you should undefine it after including <sys/types.h>.
if (parsed->major != major(stb.st_dev) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cache.c:624:13: warning: In the GNU C Library, "minor" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "minor", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"minor", you should undefine it after including <sys/types.h>.
parsed->minor != minor(stb.st_dev))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Working towards an nfs.conf library and API for system config tools,
first step, replace the conf_path global with a parameter to conf_init
Signed-off-by: Justin Mitchell <jumitche@rehat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reading etab may require hostname lookup, so it is not reliable
until the network is active.
But we want mountd to start before that so that it is ready
when the very first NFS request arrives.
So delay reading etab until that request arrives, by which time
the network must be online so hopefully hostname look will be reliable.
An alternate would be to delay starting mountd and nfsd until the
network is on-line, but that will often be an unnecessary delay.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The value is from the list general, call, auth, parse, all.
Most daemons recognise this in their dedicated section.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Some values are taken from the [nfsd] section
to ensure consistency.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
xstrdup() prints a messages and exits, except in statd where
is prints a message and fails. So there is no point printing
an extra message when xstrdup() fails, and except in statd,
no point calling exit() as well.
So remove some pointless code.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This systemcall was deprecated early in the 2.6 series
as it was replaced by an in-kernel cache which was refilled
using an upcall. All communication to kernel is now through
the nfsd filesystem.
The nfsctl systemcall itself was removed in 3.1.
It is unlikely to have been used for over a decade.
To remove all uses for the nfsctl systemcall, and call code that only
runs when "new_cache" is false. We now assume "new_cache" is always
true.
This allows the removal of several files as well as assorted functions.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/lib/nfs/xtab is only used to find out what has been exported to
the kernel. This is more reliably done by reading
/proc/fs/nfs{,d}/export and nfs-utils uses that file if is available.
So xtab is only need if you have an incredibly ancient kernel which
doesn't have /proc/fs/nfs/export (and so which only supports NFSv2) or
if /proc is not mounted.
Neither of these are credible contexts to run a modern nfs-utils,
so stop creating or reading the xtab file.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an export point should be mounted ("mountpoint" option set) but
isn't, then an attempt to mount using the MOUNT protocol for NFSv3
will fail and an attempt to access the filesystem using a pre-existing
filehandle will block because nfsd_fh wont tell the kernel about it.
However a lookup from the parent, as happens with an NFSv4 mount
request, will pass the name to nfsd_export(), and it doesn't check the
mointpoint option, and so exports the underlying (typically "/")
filesystem.
So change nfsd_export() to refused to export that exportpoint, but
instead to explictly say that it isn't exported.
This will cause an 'ls' in the parent pseudo-root directory to not show
the name and will cause a "mount" attempt which walks down through the
pseudo root to fail in the same way that it does with NFSv3.
An access from a pre-existing NFSv4 mount will still hang until the
filesystem is mounted, just like it does with NFSv3.
In order to be a bit more responsive to the filesystem getting mounted,
just a short timeout (1 minutes) on exports of missing "mountpoint"
exportpoints.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The default will not always be best.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If pseudofs_update failed, we weren't freeing 'path'.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
It is completely ineffective.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Fixed the -H and --ha-callout usage message
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux C libraries are moving away from implicitly including the header
sys/sysmacros.h via sys/types.h. We would like to do this for glibc
now, but others (musl/etc...) have been doing it already. This means
any code using major/minor/makedevs functions will fail to build when
they don't include that header.
Leverage the AC_HEADER_MAJOR macro that configure is already using to
pull in the right header.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
From: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The "-r | --reverse-lookup" arguments were missing
from the usage string.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Also, fixed erroneously closing file descriptor 0 at init time.
Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix mount issue due to comparison of uninitialized variable
u(uuid) with parsed->fhuuid when uuid_by_path return 0.
/tmp/usb
192.168.1.0/16(ro,no_root_squash,no_subtree_check,fsid=0)
/tmp/usb/sda1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
/tmp/usb/sdb1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sda1 /tmp/sda1
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sdb1 /tmp/sdb1
results in below mountd error:
mountd: /tmp/usb and /tmp/usb/sdb1 have same filehandle for
192.168.1.0/16, using first
when uuid_by_path returned 0, by chance, garbage value of u was same as
parsed->fhuuid(of sdb1), and comparison of these resulted in above
error.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Reviewed-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It's caused by commit 4a1ad4aa30,
"mountd: Enable all auth flavors on pseudofs exports"
This patch removes duplicate secinfo and invalid secinfo (zero).
Acked-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the current mountd code it's possible to craft exports in such a
manner that clients will be unable to mount exports that they *should*
be able to mount.
Consider the following example:
/foo *(rw,insecure,no_root_squash,sec=krb5p)
/bar client.example.com(rw,insecure,no_root_squash)
Initially, client.example.com will be able to mount the /foo export
using sec=krb5p, but attempts to mount /bar using sec=sys will return
EPERM. Once the nfsd.export cache entry expires, client.example.com
will then be able to mount /bar using sec=sys but attempts to mount /foo
using sec=krb5p will return EPERM.
The reason this happens is because the initial nfsd.export cache entry
is actually pre-populated by nfsd_fh(), which is the handler for the
nfsd.fh cache, while later cache requests (once the initial entry
expires) are handled by nfsd_export(). These functions have slightly
different logic in how they select a v4root export from the cache --
nfsd_fh() takes last matching v4root export it finds, while
nfsd_export() (actually lookup_export()) takes the first. Either way
it's wrong because the client should be able to mount both exports.
Both rfc3503bis and rfc5661 say:
A common and convenient practice, unless strong security requirements
dictate otherwise, is to make the entire pseudo file system
accessible by all of the valid security mechanisms.
...so lets do that.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the (exported) path passed to next_mnt() is simply "/", next_mnt()
will not report any children, as none start with "/" followed by a '/'.
So make a special case for strlen(p)==1. In that case, return all
children.
This gives correct handling if only "/" is exported.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add mention of new files, remove mention of old files,
and cause "make dist" to create something very similar to
the current distributions.
systemd files are not currently included in "make dist" and some
files generated by "rpcgen" are (though they aren't in official
distribution).
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The __dev_t is a GNU libc internal. Use the standard dev_t instead,
which is specified in POSIX.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Case insensitive filesystems support textually distinct names for the
same directory. i.e. you can access it with a name other than the
canonical name.
For example if you
mkdir /mnt/export
then add /mnt/EXPORT to /etc/exports, and on a client
mount server:/mnt/EXPORT /import
then the mount will work, but if the kernel on the server needs to
refresh the export information, it will ask about "/mnt/export", which
is not listed in /etc/exports and so will fail.
To fix this we need mountd to perform case-insensitive name
comparisons, but only when the filesystem would, and in exactly the
same way that the filesystem would.
So, when comparing paths for equality first try some simple heuristics
which will not be fooled by case and then ask the kernel if they are
the same.
By preference we use name_to_handle_at() as it reports the mntid which
can distinguish between bind mounts. If that is not available, use
lstat() and compare rdev and ino.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The standard for loading shared libraries is to identify them by their
"soname" (Which "objdump -x $BINARY | grep SONAME" will report).
However mountd currently loads using the "linker name" which should only
be used when building new code.
Future releases of fedfs-utils will define the soname in the include
file, so if that is defined, use it. If not, use the soname of the
first version: "libnfsjunct.so.0".
This is a slight behavioural change. However all distros known to
package fedfs-utils will install "libnfsjunct.so.0" whenever they
install the old name of "libnfsjunct.so", and "make install" will
install both. So it should not be a noticeable change.
Also only test the JP_API_VERSION if it is defined. As the version is
embedded in the soname, a secondary test is not needed.
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* use get_uuid_blkdev() only first time for the path (it means
that uuid_by_path() is called with type==0)
* don't use libblkid for btrfs, network or pseudo filesystems
Note that the patch defines the fs type ID rather than include
<linux/magic.h> as this file seems incomplete and libc specific).
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add the ability to turn off UDP listeners with the
new "-u | --no-udp" flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Convert the current code to used the NFSCTL_XXX macros
to turn off the TCP listener.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
parse_fsid() is currently truncating all inode numbers to
32bits, and assumes that 'int' is 32 bits (which it probably is,
but we shouldn't assume).
So make the 'inode' field in 'struct parsed_fsid' a 64 bit field.
and only memcpy into variables or fields that have been declared
to a specific bit size.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem was that is_subdirectory() would also succeed if the two
directories were the same. This is needed for path_matches() which
needs to see if the child is same-or-descendant.
So this patch rearranges path_matches() to do the "are they the same"
test itself and only bother with is_subdirectory() if it they are not
the same.
So now is_subdirectory() can be strict, and so can be usable for
subexport(), which needs a strong 'in subdirectory - not the same' test.
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 91bb95f2689e84856ecdf6fac365489d36709cf9
4set_root: force "fsid=0" for all exports of '/'
set NFSEXP_FSID for the export of "/" if nothing else had any fsid set,
however it didn't also set the flag for all security flavours. So the
kernel complains that the flags on the security flavours don't match and
it rejects the export.
So call fix_pseudoflavor_flags() in write_secinfo() to make sure that
any fiddling that has been done to e_flags gets copied to e_secinfo.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We found this problem because NFS clients to a RHEL6 NFS server were
experiencing periods of ESTALE errors after being mounted and initially
working successfully. Tests were run which snapshotted the nfs/sunrpc
caches before and after the issue, and it was found that the '$'
character
at the beginning of the ID strings, used when in use_ipaddr mode, was
getting
lost:
GOOD, while mount was working:
nfsd 1.2.3.4 $1.2.3.4
BAD, after mount started returning ESTALE:
nfsd 1.2.3.4 1.2.3.4
This would then cause the export checks to fail by passing '1.2.3.4'
instead of '$1.2.3.4' up to rpc.mountd.
The problem appears to be in the auth_unix_ip() function when renewing
the auth.unix.ip cache entry. It would fail to add the '$' character
back to the beginning of the string used for the domain string,
breaking the use_ipaddr mode.
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 8e2fb3fc cause a regression in mount export
that are on different local file system.
Exports like (all on different filesystems)
/home *(rw,fsid=0,crossmnt)
/home/fs1 *(rw,crossmnt)
/home/fs1/fs2/fs3 *(rw,nohide)
and then a mount of the root 'mount /home /mnt'
would end up mounting /home/fs1/fs2/fs3 not /home
Reverting the logic of commit 8e2fb3fc until
a better solution can be found for the original
problem.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Clean up. set_pseudofs_security() and pseudofs_update() have no
call sites outside of v4root.c, and there are no header declarations
for either function. Define both as static.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Making all in mountd
cache.c: In function 'subexport':
cache.c:374:9: warning: unused variable 'l2' [-Wunused-variable]
Commit 8e2fb3fc removed the last use of "l2" in the subexport()
function.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The is_subdirectory() function checks if a given 'child' is a
subdirectory of the given 'parent'. However it always fails
if 'parent' == "/" (because 'child' doesn't begin with 'parent'
followed by "/").
So change is_subdirectory() to special-case "/".
subexport() also tests if one directory is a subdirectory of the
other, and contains the same bug. So change it to use
is_subdirectory().
Finally, move is_subdirectory() and related path_matches() and
export_matches() earlier in the file to avoid a forward-reference.
This patch fixes a bug wherein if you export "/" with 'crossmnt', the
crossmnt flag is ineffective and you can only access the root
filesystem, not any descendants.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a debugging feature, report the absolute pathname of the plug-in
library that mountd loads to resolve junctions.
Since mountd passes a relative path to dlopen(3), dlopen(3) must
search for the right library. Displaying the absolute pathname of
the object that it found verifies that mountd loaded the correct
plug-in.
Note: dlinfo(3) is provided by libdl, but there doesn't seem to be a
man page on Fedora 16 for dlinfo(3). Instead, see:
http://www.unix.com/man-page/all/3/dlinfo/
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since bf6a4febaa78bf188896b7b5b02c46562dd08b70 "mountd: handle
allocation failures in auth_unix_ip upcall", a failure to map the
address of an incoming client to a name could result in a hang.
We should be responding with an error in the case, not just skipping the
downcall and leaving everybody hanging.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Fixed a number of -Wconversion warnings
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Removed a Wsign-conversion warning
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
