| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Just like statd, the path isn't needs in the man page and different
distros install it in different places.
|
| |
|
|
| |
Matching utils/statd, make sure generated files get cleaned.
|
| |
|
|
|
| |
As the man page doesn't need it, and different distros put it in
different places.
|
| |
|
|
| |
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/76409
|
| |
|
|
|
|
|
|
|
|
| |
This mostly takes care of the difference between
- and \-; in man pages, the former is hyphen
(which indicates, among others, that a line might
be split at that point), while the latter is a
dash. For options, the latter is correct.
There's also one minor grammatical fix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement default options in /etc/exports, to fix a long-standing wishlist
bug in Debian. (The user claims the syntax matches that of OpenBSD.) This
makes it possible to write "/srv/www -sync,no_subtree_check host1 host2 host3"
instead of having to write (sync,no_subtree_check) over and over and over
again, driving the administrator slowly mad. Such option lines can be
placed anywhere on the line, and affects anything after them (I do not
know if OpenBSD allows this). The patch is slightly convoluted in order to
avoid triggering spurious warnings; for instance, we want
"/srv/www -sync host1" to trigger a warning, but not "/srv/www
-sync,no_subtree_check host1" or "/srv/www -sync host1(no_subtree_check)".
There was also a suggestion for a truly global (ie. per-file) option list,
but this seemed like the safest bet, given that it matches that of other
implementations.
Also, the man page is updated with information on the new possibilities,
and an example.
Signed-off-by: Steinar H. Gunderson <sesse@debian.org>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NFS kernel server does not support uid mappings, activated with flags
such as "map_daemon" in exports. There is already code that parses these
flags, and gives an error at mount time if an unsupported flag (ie. any
but the default) is given. However, at some point the kernel changed the
export interface, and the new code forgot to include the relevant check.
Thus, simply copy the check from the old to the new code, which makes
sure mountd behaves the same in this aspect regardless of kernel version,
and makes sure the admin does not inadvertently use map_daemon and expect
it to work.
Signed-off-by: Steinar H. Gunderson <sesse@debian.org>
|
| |
|
|
|
|
| |
If auth_reload has been called by someone else, get_exportlist
can incorrectly return old data. So track modify times better
and only use cached data if the modify time matches.
|
| |
|
|
|
|
| |
And make sure that if we fail to export a filesystem in mountd,
then we don't try to get a filehandle on it, or a deadlock
might occur.
|
| |
|
|
|
|
|
|
|
| |
I forgot a bit of code that needs to go into patch 3 that I posted yesterday.
This adds a long option for the -r option. I'll post manpage update patches
once I get them written up.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Showmount itself tries to use a short timeout but
the RPC clnttcp_create and clntudp_create calls will call portmap
internally to get the port to use if it is set to 0 in the passed
address structure. The above calls then use the internal timeouts,
basically 60 seconds, which slows things down. Also the for tcp a
blocking connect is used which can take quite a while to timeout as
well.
showmount tries tcp then udp so a fail can go through several lengthy
waits before failing.
I've grabbed some of the autofs code and put together a patch to allow
specification of the timeouts for the portmap getport and to implement a
non-blocking connect.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
| |
It isn't clear the the License (See DISCLAIMER) is GPLv2 compatable,
and it is believed that the code is largely unused, so get rid
of nhfsstone just to be safe.
Signed-off-by: NeilBrown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For those that want "traditional" showmount -a behavior from their mountd
(hostname:/path instead of ipaddr:/path). This patch adds a '-r' flag that
does a reverse-resolve for each IP address listed in the rmtab when
a dump operation is called.
Probably not a good idea for those concerned about performance, but since it's
not the default option, I don't see it being an issue.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IP addresses
Neil suggested a patch to change the mountlist_add and mountlist_del calls to
use IP addresses instead of the names returned by client_compose based on a
command line option flag.
I don't see any real reason to put client_compose strings into the rmtab, so
this patch makes it so that it adds IP addresses instead of those strings to
the rmtab by default.
It also removes all mountlist_add calls that are being done from kernel cache
routines. My main concern there is NFSv4. We don't seem to make any upcalls to
mountd on NFSv4 unmounts, and I don't see a way to reliably remove NFSv4
entries. So, I figured I'd stick with having mountlist_add only called when
a v2 or v3 mount call is made, and mountlist_del called only on the
corresponding unmount call.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here's a new set of patches to fix up "showmount -a", based on the approach
suggested by Neil. This first patch is fairly simple. It just stops
the current caching of my_client.
For an explanation, consider this situation with the current code:
1) Client mounts an NFS export from server that is restricted to a particular
hostname or netgroup.
2) DNS or netgroup changes so that the client would be denied.
3) Client attempts mount again. Mount succeeds, even though it shouldn't due
to the fact that mountd relies on cached info in my_client.
This situation can occur as long as no other client attempts a mount between
1 and 3 above. The patch below removes this caching, and causes a new
invocation of client_compose for each pass through auth_authenticate:
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Hi all,
I noticed some mtab corruption the other day when doing some autofs
testing but thought nothing of it.
When investigating another issue I came across utils/mount.c:add_mtab
which looks like it adds an entry to /etc/mtab without performing
correct locking. Perhaps this is not needed when adding entries but I
think it is.
|
| |
|
|
|
|
|
| |
The getopt_long() option string in mountd was having a spurious
colon after the 'n', leading to the short form of --no-tcp not
being usable (expecting a parameter, contrary to the long form
and the documentation). Fix.
|
| |
|
|
|
|
|
|
| |
The exports(8) man page already mentions that some non-root users,
such as bin, might be just as sensitive as root, and that root_squash
thus might not be as effective as one could hope for. Update the
documentation to also mention that this could be the case for non-root
groups, such as staff.
|
| |
|
|
| |
Mostly thanks to Sylvain Cherrier <sylvain.cherrier@free.fr>
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add option to store gssd ccaches in a MEMORY: cache rather
than the default FILE: cache. In response to suggestion
from Steve Dickson <steved@redhat.com> and
Nalin Dahyabhai <nalin@redhat.com>.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Implement a new version of lucid spkm3 context which is passed
down to the kernel.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
We've been ignoring all mapping errors and instead mapping to a "nobody" user
or group.
This is arguably OK for the cases where we're returning a value to the user
(so, id->name mapping on the server or name->id mapping on the client).
But it's a disaster in the other direction (id->name on the server or id->name
on the client): for example, a chown to an unknown user should *not*
automatically be translated into a succesful chown to "nobody".
This patch fixes that problem on the server side.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Clean up a few warning messages.
|
| | |
|
| |
|
|
|
| |
Printing export options should avoid printing 'anonuid=65534'
rather than avoiding 'anonuid=-2'.
|
| |
|
|
|
|
|
|
|
| |
support/nfs/nfssvc.c: if any ports are already open,
don't try to open any more.
This means that once nfsd is running
rpc.nfsd X
will just change the number of threads, not the
ports in use.
|
| |
|
|
| |
Add warning of neither 'subtree_check' or 'no_subtree_check' present.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export. We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
|
| | |
|
| |
|
|
| |
Avoid usage of -rpath is generally safer, and is required by Debian policy.
|
| |
|
|
| |
as this is more consistant across achitectures.
|
| |
|
|
|
|
| |
statistics and print them.
Submitted by: Shankar Anand <shanand@novell.com>
|
| | |
|
| |
|
|
| |
This is more consistant across platforms.
|
| | |
|
| |
|
|
|
| |
rquota_svc.c is still by-hand as it contains alot of extras.
These should really be moved to rquota_server.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted: support/export/keys.c
deleted: support/include/rpcdispatch.h
deleted: support/include/rpcsec.h
deleted: support/include/version.h
deleted: support/include/ypupdate.h
deleted: support/nfs/clients.c
deleted: support/nfs/keytab.c
deleted: support/nfs/ypupdate_xdr.c
deleted: support/rpc/include/Makefile.am
deleted: tools/rpcdebug/neat_idea.c
deleted: utils/mountd/mount_xdr.c
deleted: utils/rquotad/pathnames.h
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Temporary patch to do default mapping if we get an error while trying to
map a gss principal to the appropriate uid/gid. This currently returns
hardcoded values. This may be correct, or we may need to try and figure
out the correct values to match the anonuid/anongid for the export.
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change message priorities for errors and debug messages.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The readline routine expects much smaller messages than we are passing.
Change the default initial allocation and increment value from 128
to 2048. This saves many calls to realloc().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Update the printerr() function to:
1) Determine whether we'll print the message before going to all the
work of formatting it.
2) Don't just toss away messages that are too long for the buffer.
Print what we can and give an indication of the truncation with
"..." at the end.
3) Use a single buffer rather than two.
4) Messages either go to syslog (with level ERR) or stderr. Don't
send some messages to syslog level DEBUG.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
seteuid() when creating a gss context. This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured. We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Correct the definition of mech_used in the gss context to use gss_OID_desc.
This fixes problems on 64-bit machines when referencing the OID.
Also updates write_buffer function to use u_int rather than size_t when
doing calculations.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
-T - will suppressing listening for TCP connection.
-U - will suppress UDP
-H host - will only listen on that local address
-p port - will listen on that port.
This requires kernel patches which will hopefully be in 2.6.19 and possibly some
earlier test and vendor kernels.
|
| | |
| |
| |
| |
| |
| | |
e.g. -N 2
means that NFSv2 won't be supported, just v3 and v4 (if the kernel
supports them).
|
