| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The name variable is always set to NULL now in all callers, so just
sto passing it around needlessly.
The uid_t variable is not used at all, so chuck it out too.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since now rpc.gssd is swithing uid before attempting to acquire
credentials, we do not need to pass in the special uid-as-a-string name
to gssapi, because the process is already running under the user's
credentials.
By removing this code we can fix a class of false negatives where the
user name does not match the actual ccache credentials and the ccache
type used is not one of the only 2 supported explicitly by rpc.gssd by the
fallback trolling done later.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* use get_uuid_blkdev() only first time for the path (it means
that uuid_by_path() is called with type==0)
* don't use libblkid for btrfs, network or pseudo filesystems
Note that the patch defines the fs type ID rather than include
<linux/magic.h> as this file seems incomplete and libc specific).
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
When outputing the paths and the user has specified the
option -s, escape the path.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Verbatim patch proposal from J. Bruce Fields except calling
snprintf instead of sprintf.
Tested and appears to work with path names that have a space.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
By unconditionally adding ?4.2 to the version string written to the
kernel we make nfs-utils incompatible with pre-4.2-supporting kernels.
Ditto for 4.1. This problem was introduced by
12a590f8d556c00a9502eeebaa763d906222d521 "rpc.nfsd: Allow v4.2 server
support with the -V option", which also change nfsd to unconditionally
pass ?4.2.
Instead, just don't mention 4.1 or 4.2 unless the commandline has
specifically requested that one or the other be turned on or off.
Tested-by: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Reported-by: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is the nfs-utils patch corresponding to the kernel patch
commit 2f74f972 "sunrpc: prepare NFS for 2038". The kernel sunrpc
code needs to handle seconds since epoch greater than 2147483647.
This means functions that parse time as an int need to
handle it as time_t."
When appropriate exportfs should use LONG_MAX in can_test()
instead of INT_MAX.
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I was reminded recently that NFS treats file atime time stamps
differently than other filesystems. It also ignores the generic
*atime mount options because it cannot support the atime semantics
of local filesystems.
We should document that somewhere. nfs(5) seems like a logical
place for it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With some proposed kernel changes, it won't even attempt to upcall
sometimes if it doesn't appear that gssd is running. This means that
we have a theoretical race between gssd starting up at boot time and
the init process attempting to mount kerberized filesystems.
Fix this by switching gssd to use mydaemon() and having the child
only release the parent after it has processed the directory once.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently have 2 cut-and-paste versions of this code. One for idmapd
and one for svcgssd.[1]
The two are basically equivalent but there are some small differences,
mostly related to how errors in that function are logged. svcgssd uses
printerr() with a priority of 1, which only prints errors if -v was
specified. That doesn't seem to be quite right. Daemonizing errors are
necessarily fatal and should be logged as such. The one for idmapd uses
err(), which always prints to stderr even though we have the xlog
facility set up. Since both have xlog configured at this point, log the
errors using xlog_err() instead.
The only other significant difference I see is that the idmapd version
will open "/" if it's unable to open "/dev/null". I believe that however
was a holdover from an earlier version of that function that did not
error out when we were unable to open a file descriptor. Since the
function does that now, I don't believe we need that fallback anymore.
[1]: technically, we have a third in statd too, but it's different
enough that I don't want to touch it here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Because gssd uses dnotify under the hood, it's easily possible that the
parent process can catch a signal while processing an upcall. If that
happens, then we'll currently exit the wait for the child task to exit,
and it'll end up as a zombie.
Fix this by ensuring that we only wait for the child to actually exit.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Support for NFSv4 migration was merged in 3.13.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel understands text options of the form "v4.x" (ie "v4.1"), but
mount.nfs does not and this leads to weird errors when the requested
mount fails: a line in dmesg about version 3 not supporting
minorversions
and mount.nfs returning EINVAL no matter what the real error was.
This happens because mount.nfs thinks no version was specified so it
starts
probing other versions which conflicts with the v4.X option once it gets
parsed by the kernel.
$ sudo mount -v -o v4.1 zero:/invalid_export /mnt
mount.nfs: timeout set for Wed Nov 13 10:09:48 2013
mount.nfs: trying text-based options
'v4.1,vers=4,addr=192.168.100.10,clientaddr=192.168.100.11'
mount.nfs: mount(2): No such file or directory
mount.nfs: trying text-based options 'v4.1,addr=192.168.100.10'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.100.10 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.100.10 prog 100005 vers 3 prot UDP port 20048
mount.nfs: mount(2): Invalid argument
mount.nfs: an incorrect mount option was specified
And you get this in dmesg:
NFS: mount option vers=3 does not support minorversion=1
but if you use another form of the same options, this doesn't happen:
$ sudo mount -v -o vers=4,minorversion=1 zero:/invalid_export /mnt
mount.nfs: timeout set for Wed Nov 13 10:10:28 2013
mount.nfs: trying text-based options
'vers=4,minorversion=1,addr=192.168.100.10,clientaddr=192.168.100.11'
mount.nfs: mount(2): No such file or directory
mount.nfs: mounting zero:/invalid_export failed, reason given by server:
No such file or directory
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gssd doesn't properly clean up internal state for old pipes and never
closes the (since deleted) clnt_info directory. This leads to eventual
fd exhaustion.
To reproduce, run a lot of mount / umounts in a loop and watch the
output of 'ls /proc/$PID/fdinfo | wc -l' (where PID is the pid of gssd)
steadily grow until gssd eventually crashes with "Too many open files".
This regression was introduced by 841e83c1, which was trying to fix a
similar bug in the skip matching logic of update_old_clients. The
problem with that patch is that pdir will never match dirname,
because dirname is "<pname>/clntXXX".
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes gssd will open a new rpc-pipe but never read requests from it
or reply to them. This causes the kernel to wait forever for a reply.
In particular, if a filesystem is mounted by IP, and the IP has no
hostname recorded in /etc/hosts or DNS, then gssd will not listen to
requests and the mount will hang indefinitely.
The comment in process_clnt_dir() for the "fail_keep_client:" branch
suggests that it is for the case where we couldn't open some
subdirectories. However it is currently also taken if reverse DNS
lookup fails (as well as some other lookup failures). Those failures
should not be treated the same as failure-to-open directories.
So this patch causes a failure from read_service_info() to *not* be
reported by process_clnt_dir_files. This ensures that
insert_clnt_poll()
will be called and requests will be handled.
In handle_gssd_upcall, the current error path (taken when the mech is
not "krb5") does not reply to the upcall. This is wrong. A reply is
always appropriate. The only replies which aren't treated as
transient errors are EACCES and EKEYEXPIRED, so we return the former.
If read_service_info() fails then ->servicename will be NULL which will
cause process_krb5_upcall() (quite reasonably) to become confused. So
in that case we don't even try to process the up-call but just reply
with EACCES.
As clp->servicename==NULL is no longer treated as fatal, it is not
appropraite to use it to test if read_service_info() has been already
called on a client. Instread test clp->prog.
Finally, the error path of read_service_info() will close 'fd' if it
isn't -1, so when we close it, we should set fd to -1.
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The client now supports multiple sec= options as a colon delimited list.
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When start_statd figures out that statd is not yet running it starts
it, waits for the invoked process to complete, and finally verifies
that statd is working. This approach works for serially mounting NFS
file systems but has a race condition for parallel mounting.
In the parallel case it can happen that two mount commands A and B
both decide that statd needs to be started. Both of them try to start
statd. Obviously only one of them can successfully do so, let's
assume this is command A in our case. The statd invoked by B
terminates because the resource is already claimed by the statd
invoked by A. The termination of B's statd though is before the
statd of A has completely set up all things. This causes the check
for a working statd of command B to fail and terminate the mount
request with an error.
To prevent this we define a timeout value. In case the initial check
after invoking statd fails we try again in a loop 10 times a second
until the timeout is reached.
In our tests when the race occurred we typically were successful
already on the first retry within the loop.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add the ability to turn off UDP listeners with the
new "-u | --no-udp" flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Convert the current code to used the NFSCTL_XXX macros
to turn off the TCP listener.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently if exportfs is asked to unexport something that is not
exported it silently succeeds. This is not ideal, particularly for
scripting situations.
So report an error when the unexport was successful and the -v flag used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Call gss_inquire_cred after gssd_acquire_krb5_cred check for expired
credentials.
This fixes a recent regression (since 302de786930a2c533068f9d8909a)
that causes the user's ticket cache to grow unbounded with expired
service tickets when the user's credentials expire.
To reproduce this issue:
- mount kerberos nfs export
- kinit for a short lifetime (ie "kinit -l 1m")
- run a job that opens a file and writes for more than the lifetime
- run klist a few times after expiry and see the list grow, ie:
Ticket cache: DIR::/run/user/1749600001/krb5cc/tktYmpGlX
Default principal: dros@APIKIA.FAKE
Valid starting Expires Service principal
10/21/2013 15:39:38 10/21/2013 15:40:35 krbtgt/APIKIA.FAKE@APIKIA.FAKE
10/21/2013 15:39:40 10/21/2013 15:40:35 nfs/zero.apikia.fake@APIKIA.FAKE
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
parse_fsid() is currently truncating all inode numbers to
32bits, and assumes that 'int' is 32 bits (which it probably is,
but we shouldn't assume).
So make the 'inode' field in 'struct parsed_fsid' a 64 bit field.
and only memcpy into variables or fields that have been declared
to a specific bit size.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
This reverts commit 956aeff2e24304e938846f81f4b9db34cbf18a32.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To improve error handling when scripting exportfs it's useful
to have non-zero exit codes when the requested operation did not
succeed.
This patch also returns a non-zero exit code if you request to
unexport a non-existant share.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Currently, mount.nfs returns an error code, but doesn't print anything
when this occurs.
Reported-by: Eric Doutreleau <edoutreleau@genoscope.cns.fr>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The part of process_krb5_upcall that handles non-machine user creds
first tries to query GSSAPI for credentials. If that fails, it then
falls back to trawling through likely credcache locations to find them
and then points $KRB5CCNAME at it before proceeding. There are a number
of bugs in this code that this patch attempts to address.
The code that queries GSSAPI for credentials does it as root which
almost universally fails to do anything useful unless we happen to be
looking for non-machine root creds. Because of this, gssd almost always
falls back to having to search for credcaches "manually". The code that
handles credential switching is in create_auth_rpc_client, so it's too
late to be of any use here.
Worse yet, for historical reasons the MIT krb5 authors used %{uid} in
the default credcache locations which translates to the real uid. Thus
switching the fsuid or even euid is insufficient. You must switch the
real uid in order to be able to find the proper credcache in most cases.
This patch moves the credential switching to occur much earlier in the
process and has it do a much more thorough job of it. It first drops all
supplimentary groups, then determines a gid to use and switches the gids
and uids to the correct ones. If it can't determine the correct gid to
use, it then tries to look up the one for "nobody" and uses that.
Once the credentials are switched, the forked child now no longer tries
to change them back. It does the downcall with the new credentials and
just exits when it's done.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most krb5 installations use credcache locations that contain %{uid},
which expands to the real UID of the current process. In order for
GSSAPI to find those properly, we need to be able to switch the real UID
of the process to the designated one. That however, opens the door to
allowing gssd to be killed or reniced during the window where we've
switched credentials.
To combat this, change gssd to fork before trying to handle each upcall.
The child will do the work to establish the context and the parent task
will just wait for it to exit. It's still possible for the child to be
killed or reniced, but that would only affect a single upcall instead of
the entire daemon. Also, If the process is killed prematurely, then log
an error to tip off the admin that there was a problem.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Adds '-s' option which outputs the current exports in a format
suitable for /etc/exports.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
When the 'timeo' option is specified in multiple sections of
the nfsmount.conf file, each instance is added to the parsing
string. This patch make the first instance override any others.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When the 'Background' and/or 'Foreground' options are set
in multiple sections of the nfsmount.conf file, each instance
gets added to the parsing string. This patch makes the first
instance of either option override the any others.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As Bruce recently pointed out, gss_clnt_send_err basically does an
unsolicited downcall into the kernel to try and destroy a valid GSS
context. That has been broken however since this kernel commit:
commit 3b68aaeaf54065e5c44583a1d33ffb7793953ba4
Author: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Thu Jun 7 10:14:15 2007 -0400
SUNRPC: Always match an upcall message in gss_pipe_downcall()
Downcalls that don't match an in-progress upcall just get back an
-ENOENT error and don't actually do anything. Remove these tools
since they've been useless for the last 6 years.
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
The syntax here is a little convoluted.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
Some newer kernels are rejecting -1 uid/gid. Actually, worse--they're
silently ignoring any attempt to cache such exports, thus preventing
test_export from getting back the errors it needs.
And -1 wasn't a good choice anyway.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
The tgtname is of the form service@hostname. It's not a hostname, and
attempting to look it up here just causes failure of any upcall with a
"target=" field (currently, any upcall on behalf of an nfsv4.0
callback).
I think the theory was that knowning that target= name might help pick
the right keytab, but I don't really know if that's helpful. For now,
just stop trying to do this.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
The tgtname is of the form service@hostname. It's not a hostname, and
attempting to look it up here just causes failure of any upcall with a
"target=" field (currently, any upcall on behalf of an nfsv4.0
callback).
I think the theory was that knowning that target= name might help pick
the right keytab, but I don't really know if that's helpful. For now,
just stop trying to do this.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
Both dirname and pdir are null-terminated strings, so there's no reason
I can see for the strncmp.
And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb"
directories! The results were callback clients being removed
immediately after creation, when lack of a client with the corresponding
name under "nfsd" lead gssd to believe it had disappeared from
"nfsd4_cb".
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible for a race to cause a name to appear when an rpc_pipefs
dir is scanned but to no longer be present when we try to open it.
So if the error is ENOENT, don't complain.
This is similar to
commit 5ac9bcfd820f09af4d3f87f1f7346d896f70bc9a
Author: David Jeffery <djeffery@redhat.com>
Date: Wed Jan 16 15:21:55 2013 -0500
rpc.idmapd: Ignore open failures in dirscancb()
which addressed a similar issue in idmapd.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes 2 small improvements to the parsing of the bg, fg, and
sloppy mount options in nfsmount.conf.
1. "bg" and "fg" negate should each other. "Background=True" should
mean "bg" and "Background=False" should mean "fg". The same applies to
"Foreground".
2. Once we see "Sloppy=False" while parsing the configuration file we
should ignore subsequent occurrences of the sloppy option. This will
preserve the "right-most setting wins" behavior for the sloppy mount
option.
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nfsmount.conf file has the following format:
[ section "arg" ]
tag = value
conf_get_tag_list() currently doesn't check the arg field so we wind up
getting all the options that fall under a particular section value,
instead of just the ones that match the specific "arg" field. As a
result, we wind up passing options to the mount syscall from sections
that aren't even relevant to the mount operation that is being
performed.
For example, if we have three different server sections, and each
section has an Nfsvers tag, then the string we pass to the mount syscall
will have two extra occurrences of the nfsvers option. Each option
should appear at most 4 times -- once for the system section, once for
the server-specific section, once for the mount-specific section, and
once for the command line mount options.
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
RH bz 831455 has a report that repeatedly mounting and unmounting over
lo can hit this warning in the EOF case. I suspect that's just
normal--I'm not sure of the details, but probably idmapd gets woken up
to check for an upcall and then the upcall gets yanked away before
idmapd gets a chance to read it.
So just skip the warning in that case. I also can't see a reason to
reopen.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Changed the default protocol versions that rpc.nfsd
register with rpcbind to just 3 and 4. Version 2
can still be enabled with the '-V' flag, but it
will not be on by default.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Commit 1c787f14 [gssd: scan for DIR: ccaches, too] changed the default
prefix for the credential cache files. Update the check to ignore the
machine credential file when running with -n (root ignores machine
credentials).
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
krb5_util tries various different credential names in order to find
the machine credential, not all of them use the full host name of the
current host.
So if getting the full host name fails, don't give up completely,
still try the other options.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The current implementation ignores any preferred realm specified on the
command line. Fix this behaviour and make sure the preferred realm is
used as first realm when trying to acquire a keytab entry
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
