| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fixed a number of -Wconversion warnings
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Removed a Wsign-conversion warning
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up compiler warnings:
cache.c: In function get_uuid:
cache.c:249:2: warning: conversion to size_t from int may change
the sign of the result [-Wsign-conversion]
And the like.
signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed a couple Wmissing-prototypes warnings in the mountd code.
Once the parse_fsid() function was made static, the compiler
detected execution paths through it that did not initialize some
fields in *parsed.
[ I'm pretty sure these problems are currently harmless, since each
path is taken depending on the value of the .fsidtype field. Each
path accesses only the fields in *parsed that it cares about. ]
This is because parsed_fsid isn't a union type. parse_fsid() leaves
uninitialized fields that are not used by a particular fsidtype. To
prevent an accidental dereference of stack garbage (.fhuuid being an
example of a pointer that is left uninitialized sometimes), have
parse_fsid() defensively pre-initialize *parsed to zero.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Removed a copule Wsign-conversion in the mountd code.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Removed a number of Wconversion warnings in the mountd code.
Took the opportunity to eliminate some code duplication.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
We've added logic in the "not an export" case in nfsd_export(), so it's
no longer a simple function call. Clean up this code by splitting
it into a new function, and make plain what happens when junction
support is compiled out.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're now duplicating a real exportent with arbitrary export options
to create a junction exportent. After a dupexportent() call,
several of the structure's fields can point to dynamically allocated
memory. We have to be careful about not orphaning that memory.
What's more, returning a pointer to a static structure is as 90's as
a bad mullet. It's more straightforward to allocate the exportent
dynamically and release it when we are through with it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attempting to access junctions on a Linux NFS server from an NFS
client connected via an ephemeral source port fails with a "client
insecure" error on the server. This happens even when the
"insecure" export option is specified on the junction's parent
export.
As a test, via a mountd code change, I added "insecure" to the fixed
export options that mountd sets up for each junction, and the error
disappeared.
It's simple enough for old-school referrals configured directly in
/etc/exports ("refer=") to have the needed options specified there.
Cache entries for junctions, however, are created on the fly by
mountd, and don't ever appear in /etc/exports. So there's nowhere
obvious that export options for junctions can be specified.
Bruce suggested that in order to specify unique export options for
junctions, they should inherit the export options of their parent
export. The junction's parent's exportent is duplicated in order
to create an exportent for the junction itself.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a moment I will be adding some logic that needs to know an
junction's parent export.
Here's a function that can discover an export's parent. It takes
the target export's pathname, chops off the rightmost component, and
tries a lookup_export(). If that succeeds, we have our answer.
If not, it chops off the next rightmost component and tries again,
until the root is reached.
At the same time, infrastructure is added to pass the parent export
down into the functions that convert locations into a new junction
export entry. For now the parent export remains unused.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To create an export entry for a junction, an options string is
constructed from the set of locations in the junction. This options
string is then passed to mkexportent() where it is parsed and
converted into an exportent.
There is only one export option that is used to create a junction's
exportent: "refer=". When that option is parsed, it's value is
simply copied to a fresh string and planted in the new export's
e_fslocdata field.
Let's avoid the option parsing and extra string copy. Construct
a string for the new e_fslocdata field and plant it in the exportent
directly.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Simplify locations_to_export() by constructing a junction's
export options in a static buffer.
We can do this because all of this code is called serially, in one
thread, and the result is thrown away immediately after the caller
is finished. The returned exportent itself is static.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
A broken junction is a problem that administrators will want to
know about and correct.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Some init systems actually expect daemons to return 0 on success.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
If root squashing is turned off on a export that
has multiple directories, the parent directories
of the pseudo exports that's built, also needs to
have root squashing turned off.
Tested-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
Mountd is responsible for filling three interrelated kernel caches:
- auth_unix_ip maps an incoming ip addresses to a "domain".
- nfsd_fh maps (domain, filehandle-fragment) pairs to paths.
- nfsd_export maps (domain, path) pairs to export options.
Note that each export is assocated with a "client" string--the part
before the parentheses in an /etc/export line--which may be a domain
name, a netgroup, etc.
The "domain" string in the above three caches may be either:
- in the !use_ipaddr case, a comma-separated list of client
strings.
- in the use_ipaddr case, an ip address.
In the former case, mountd does the hard work of matching an ip address
to the clients when doing the auth_unix_ip mapping. In the latter case,
it delays that until the nfsd_fh or nfsd_export upcall.
We're currently depending on being able to flush the kernel caches
completely when switching between the use_ipaddr and !use_ipaddr cases.
However, the kernel's cache-flushing doesn't really provide reliable
guarantees on return; it's still possible we could see nfsd_fh or
nfsd_export upcalls with the old domain-type after flushing.
So, instead, make the two domain types self-describing by prepending a
"$" in the use_ipaddr case.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
Pull out a tiny bit of common logic from three functions.
Possibly minor overkill, but simplifies the next patch.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't see the point of waiting to the last minute to parse the ip
address. If the client name isn't a legal ip address then this will
fail fairly quickly, so there's not much of a performance penalty.
Also, note the previous code incorrectly assumed client_resolve would
always return non-NULL.
Also factor out some common code.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After 0509d3428f523 "mountd: Replace "struct hostent" with "struct
addinfo"", the export upcall fails in the use_ipaddr case.
I think we never noticed because a) the use_ipaddr case is rarer than
the !use_ipaddr case, and b) the nfsd_fh upcall does a preemptive export
downcall that renders the nfsd export call unnecessary in some cases.
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The loop in v4root_add_parents() is a little odd.
The first time through, 'ptr' points immediately "beyond"
a '/' character (the first). For every other iterration it points
directly "at" a '/' character.
Such inconsistency is error prone and infact there is an error.
If "path" is precisely "/", then the first call to
ptr = strchr(ptr, '/')
will be given a 'ptr' which is beyond the '\0' at the end of
"path". This could potentially contain anything and the strchr()
could search well beyond a buffer (though this depends on exactly how
the string is set up which depends on separate code).
So change the loop to have 'ptr' always point at a '/', and
handle the special case of "/" explicitly.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
e_ttl is set to the default in init_exportent().
However V4ROOT exports never see init_exportent() as they are created
with dupexportent from a template. So e_ttl does not get set and
export entries expire immediately.
This results in an upcall to mountd every time a V4ROOT directory
in accessed.
So set e_ttl in the template.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When "fsid=0" is not explicitly given in /etc/exports,
v4set_root creates a pseudo (NFSEXP_V4ROOT) export for '/'
with fsid 0 so that an NFSv4 client can find the root.
However if '/' is explicitly exported to the client, then that
explicit export must be used, and it will not have fsid=0.
So we must impose fsid=0 on all exports of '/'.
Without this, if '/' is exported to a client, that client will
not be able to mount '/' with NFSv4.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When nfsd_fh it looking for an export for a particular
client and file-handle, it might find two exports for the same path:
one with NFSEXP_V4ROOT, one with out.
As nfsd_fh calls cache_export_ent to give the export information to
the kernel it much choose the same export that auth_authenticate
chooses for get_rootfh which it also passes cache_export_ent (via
cache_export).
i.e. it must choose the non-V4ROOT on where possible.
Also change
strcmp(foo, bar)
to
strcmp(foo, bar) == 0
because I have a pathological fear of the former.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently auth_authenticate_internal finds an export and if it
is a V4ROOT export, it reports that there is no match. Unlike
lookup_export() it doesn't keep looking for an acceptable export.
So remove the test from auth_authenticate_internal(), and add it to
auth_authenticate_newcache(), where the search can be allowed to
continue.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
lookup_export() claims to "Always prefer non-V4ROOT mounts" (meaning
"exports") but actually prefers V4ROOT exports - once it has 'found'
one it will never replace it.
So fix that inversion, and add code so that it proactively prefers a
non-V4ROOT whether it is found before or after a V4ROOT.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mountd uses colons to split fsloc hosts, but this doesn't work with IPv6
addresses (they contain ':').
To fix this, mountd is changed to expect all IPv6 addresses to be escaped
by '[' and ']' so colons that are part of the address may be skipped.
To fix IPv6 referrals, this patch must be used with the nfsd patch that
properly parses escaped IPv6 addresses in fs_location->hosts.
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is essentially the same as the previous version, but has
been respun to fix up some merge conflicts with some of Chuck's
recent changes.
When we first added tirpc support, we took a "big hammer" approach, and
had it add libtirpc to $LIBS. That had the effect of making it so that
that library was linked into every binary. That's unnecessary, and
wasteful with memory.
Don't let AC_CHECK_LIB add -ltirpc to $LIBS. Instead, have the autoconf
tests set $(LIBTIRPC) in the makefiles, and have the programs that
need it explicitly include that library. In the event that we're not
using libtirpc, then set $LIBTIRPC to a blank string.
This necessitates a change to the bindresvport_sa check too. Since that
library is no longer included in $LIBS, we need to convert that check
to use AC_CHECK_LIB instead of AC_CHECK_FUNCS.
This patch also fixes a subtle bug. If the library was usable, but the
includes were not, the test would set $enable_tirpc to "no", but
HAVE_LIBTIRPC would still be true. That configuration would likely
fail to build.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support FedFS and NFS junctions without introducing additional
build-time or run-time dependencies on nfs-utils, the community has
chosen to use a dynamically loadable library to handle junction
resolution.
There is one plug-in library for mountd that will handle any NFS-
related junction type. Currently there are two types:
o nfs-basic locally stored file set location data, and
o nfs-fedfs file set location data stored on an LDAP server
mountd's support for this library is enabled at build time by the
presence of the junction API definition header:
/usr/include/nfs-plugin.h
If this header is not found on the build system, mountd will build
without junction support, and will operate as before.
Note that mountd does not cache junction resolution results. NFSD
already caches these results in its exports cache. Thus each time
NFSD calls up to mountd, it is, in essence, requesting a fresh
junction resolution operation, not a cached response.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Clean up: xlog() already adds a newline to the end of each line of
output. Remove the superfluous newline from a number of xlog()
call sites in mountd.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Valgrind reports that the memory allocated for eep's e_hostname field
was not being freed. eep is not visible outside of v4root_create(),
so we don't need to strdup() that string.
Introduced by commit 3b777b0 "exports: NFSv4 pseudoroot support
routines" (Dec 1, 2009).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Fixed the usage of strcmp in the duplicate check in insert groups.
Fixes an issue with showmount and other commands that required
the group information.
Signed-off-by: Matthew Treinish <treinish@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
At RHEL, if user set port for mountd at /etc/services as
"mount 12345/tcp", mountd should be bind to 12345, but the
latest nfs-utils, mountd get a rand port, not 12345.
This patch make sure mountd be bind to the port which was set
at /etc/service.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Now we can move these big switch statements into helper functions.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A large part of nfsd_fh() is concerned with extracting
fsid-type-specific information from the fsid, then matching that
information with information from the export list and the filesystem.
Moving all that information into one struct will allow some further
simplifications.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a parent is exported with crossmnt, and if a child is also explicitly
exported, then both exports could potentially produce matches in this
loop; that isn't a bug.
Instead of warning and ignoring the second match we find, we should
instead prefer whichever export is deeper in the tree, so that
children's options can override those of their parents.
Reported-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When we get into auth_unix_gid at the second time, groups_len
is not 0 and ngroups variable leave as 0. Then we use ngroups
in getgrouplist that fails in this case. This patch fixes it.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Commit 5604b35a6 introduced a number of missing initializer
warnings that were missed. This patch removes those warnings.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, when writing to /proc/net/rpc/*/channel, if a cache line
were larger than the default buffer size (likely 1024 bytes), mountd
and svcgssd would split writes into a number of buffer-sized writes.
Each of these writes would get an EINVAL error back from the kernel
procfs handle (it expects line-oriented input and does not account for
multiple/split writes), and no cache update would occur.
When such behavior occurs, NFS clients depending on mountd to finish
the cache operation would block/hang, or receive EPERM, depending on
the context of the operation. This is likely to happen if a user is a
member of a large (~100-200) number of groups.
Instead, every fopen() on the procfs files in question is followed by
a call to setvbuf(), using a per-file dedicated buffer of
RPC_CHAN_BUF_SIZE length.
Really, mountd should not be using stdio-style buffered file operations
on files in /proc to begin with. A better solution would be to use
internally managed buffers and calls to write() instead of these stdio
calls, but that would be a more extensive change; so this is proposed
as a quick and not-so-dirty fix in the meantime.
Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, in auth_unix_gid, group lists were stored in an array of
hard-coded length 100, and in the situation that the group lists for a
particular call were too large, the array was swapped with a dynamically
allocated/freed buffer. For environments where users are commonly in
a large number of groups, this isn't an ideal approach.
Instead, use malloc/realloc to grow the list on an as-needed basis.
Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Trond Myklebust <Trond.Myklebust@netapp.com>
The fedfs ldap server will specify a ttl for its entries.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This is a refactoring change only. There should be no change in
behavior.
Original patch had updates to utils/mountd/junctions.c, which no
longer exists. These are not included here.
Create a macro for the default cache TTL, which is used in several
places besides the export cache.
Make e_ttl unsigned.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
v4root.c:176:9: warning: variable 'ret' set but not used
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
A unallocated piece of memory, instead of a NULL point, was being
used to initialize a ->next point in the mount link list which
caused a segfault after a few remote accesses via the showmount
command.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Updated the rpc.mountd man page to no longer reference
v3 as the "newer" version and also mentioned v4 as
a supported version.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Clear stale MNT registrations before mountd tries to create fresh
listeners, to ensure that mountd starts. This is also what statd does.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document IPv6 support in rpc.mountd and exportfs, and clarify existing
language in the man page.
Clean up: Use bold consistently for program names, and italics
consistently for file names. Use "rpc.mountd" consistently as the
name of the mountd daemon.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Clean up: The MNT protocol has its own enum type defining error
status values. While the values can be the same as the NFSERR enum
type on some systems, it's not guaranteed to be true everywhere.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Clean up: rpc.mountd is no longer known as kmountd. Use the program's
basename rather than the full pathname for the usage message. Display
a version message at start up similar to statd's.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a long standing bug: when my_svc_run() returns, mountd should
unregister itself with the local rpcbind so that it can subsequently
start cleanly.
Log a more helpful error message in this case.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If TI-RPC is available, use it to create mountd's svc listener. If
not, use the old function, rpc_init(), to create mountd's listener.
IPv6 can be supported if TI-RPC is available. In this case,
/etc/netconfig is searched to determine which transports to advertise.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|