| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
This patch moves reading of the upcall information from the child thread
into the main thread. It removes the need to synchronize between the
parent and child thread before processing upcall. Also it creates the
thread in a detached state.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since calling xlog(D_GENERAL) will cause exportfs to exit with a status
of 1, there really should be a way to see those messages for debugging
purposes.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously the location of the credential cache was passed in either
using environment variable KRB5CCNAME or gss_krb5_ccache_name() if
supported. For threaded-gssd, we can't use an environment variable
as it's shared among all thread. Thus always use the api call.
Reviewed-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
For the threaded version we have to set uid,gid per thread instead
of per process. glibc setresuid() when called from a thread, it'll
send a signal to all other threads to synchronize the uid in all
other threads. To bypass this, we have to call syscall() directly.
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
Reviewed-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, to persevere global data over multiple mounts,
the root process does not fork when handling an upcall.
Instead on not-forking create a pthread to handle the
upcall since global data can be shared among threads.
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
librpcsecgss has not been used in years
so and there is no longer an upstream for
it so the support for the library has
been removed
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a "user" mount is the first NFSv3 mount, mount.nfs will be running
setuid to root (with non-root as the real-uid) when it executes
START_STATD.
start-statd is a shell script and many shells refuse to run setuid,
dropping privileges immediately. This results in start-statd running
as an unprivileged user and so statd fails to start.
To fix this, call "setuid(0)" to set real uid to zero. Also call
"setgid(0)"
for consistency.
The behaviour of a shell can often be affected by the environment,
such as the "shell functions" that bash includes from the environment.
To avoid the user being able to pass such environment to the shell,
explicitly pass an empty environment. The start-statd script explicitly
sets the PATH which is all it really needs.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux C libraries are moving away from implicitly including the header
sys/sysmacros.h via sys/types.h. We would like to do this for glibc
now, but others (musl/etc...) have been doing it already. This means
any code using major/minor/makedevs functions will fail to build when
they don't include that header.
Leverage the AC_HEADER_MAJOR macro that configure is already using to
pull in the right header.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A remount might fail if name resolution returns a different
server address, as might occur if there are multiple name
records for the server. Since we cannot change the server's
address on a remount anyway, skip the lookup and remove
any set addresses in the options.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Back when commit aba5ea5c and commit 55197c98
happen that replaced dnotify with inotify the
ignoring of non-existent upcall directories
got dropped. The patch adds it back and stops
following error log
ERROR: inotify_add_watch failed for nfs/clntXX:
No such file or directory
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
From: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The var "i" is already in use iterating realmnames.
Fixes: "6597e391 gssd: Don't assume the machine account will be in
uppercase"
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux only returns EBUSY for a non-remount mount if the exact
requested filesystem is already mounted. Arguably this is not an
error.
"mount -a" tries to see if each requested filesystem is already mounted.
Sometimes it gets it wrong - e.g. hostname aliases can confuse it.
So "mount -a" will report a failure "already mounted", which is
wrong because it should filter those out.
An easy fix it just to be silent about EBUSY. As the requested
result (a given filesystem being mounted at a given location) is in
effect after the EBUSY return, we can just treat it as success.
This removes the confusing "already mounted" errors.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
xlog_err() never returns. Change the xlog_err(),
when invalid arguments are use, to xlog_warn()
so the second xlog_warn, displaying the usage,
will be called.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Use the verbose command flag to turn on or off
logging to stderr.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Change some debugging levels in populate_port() to
make easier to follow the code.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
commit 1201d5d8 introduced some new debugging messages
that needed some formatting
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The returned port from getservbyname() is in
network order. Convert the port to host order
before writing it to the portlist file.
Reported-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Show the correct arguments when invalid
arguments are used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
In general the -h flag should at least show
a usage message
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The "-r | --reverse-lookup" arguments were missing
from the usage string.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are 59 client rpc procedures, not 60.
The order of rpc name must be the same as define of
NFSPROC4_CLNT_xx in include/linux/nfs4.h,
not nfs4_procedures in nfs4xdr.c.
Drop duplicate rpc name "getdevlist".
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If rpc.statd is running but slow to respond, mount.nfs will
run "start-statd" which might start a new statd. This is not a good
ideas as can result in lots of rpc.statds.
So inf start-statd check the pid file and if rpc.statd seems to be
running, exit with success.
(also "cd /" before running rpc.statd, just in case).
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If DNS service is particularly slow, nfs_probe_statd() can fail even
though rpc.statd is actually running. This happens because rpc.statd
is single threaded and could be waiting longer for DNS than
nfs_probe_statd() will wait for it.
This causes problems when mount.nfs uses nfs_probe_statd() to see if
statd is running, as is needed for NFSv3.
Currently in these circumstances there are two possible outcomes.
1/ if systemd is in use, it will be told to start rpc-statd, which
is already running so no change.
mount.nfs will try pinging rpc.statd a few more times and could
eventually give up and fail the mount.
While slow DNS may well result in slow service, it shouldn't cause
a mount attempt to fail.
2/ if systemd is not in use, a new rpc.statd will be started. This
can (and has) lead to a large number of rpc.statd processes running
on the one machine.
This patch addresses the first scenario. If START_STATD is run and
exits with a success status, mount.nfs assumes statd is running and
allows the mount to succeed. A separate patch will address the other
scenario.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if
the kernel doesn't understand the requested NFS version.
Unfortunately if the requested minor is not known to the kernel
it returns -EINVAL.
In kernels since 3.11 this can happen in nfs4_alloc_client(), if
compiled without NFS_V4_2.
More generally it can happen in in nfs_validate_text_mount_data()
when nfs_parse_mount_options() returns 0 because
nfs_parse_version_string()
didn't recognise the version.
EPROTONOSUPPORT is only returned if NFSv4 support is completely compiled
out.
So nfs_autonegotiate needs to check for EINVAL as well as
EPROTONOSUPPORT.
URL: https://bugzilla.opensuse.org/show_bug.cgi?id=959211
Reported-by: Takashi Iwai <tiwai@suse.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 5bea22e33b7a introduced a regression. Prior to that commit
nfs_nfs_version would set *version to 0 if NFS version wasn't specified.
Since that commit, version.v_mode is set to V_DEFAULT if the NFS version
isn't specified, but nfs_options2pmap uses version.major without
checking
v_mode. This can lead to incorrect behaviour.
In particular fall-ack to v3 if server doesn't support v4 can fail.
So test v_mode before using version.major.
URL: https://bugzilla.opensuse.org/show_bug.cgi?id=956743
Fixes: 5bea22e33b7a ("mount.nfs: Add struct nfs_version and generalize
version parsing")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
FSID_PRESENT was missing, and LAYOUTGET and GETDEVICEINFO were switched.
Update all the client operations. Also, increase the output width a bit
and pull out a column for these longer new operation names.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
The C and S flags were missing for the SYNOPSIS
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Show the correct arguments when invalid
arguments are used.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to an empty
Certain name resolution misconfigurations (for example, a hosts file
entry with an ip address but no hostnames) can cause get_nameinfo() to
return an empty string in buf, which will lead to this cryptic failure:
Dec 7 09:37:44 hostname rpc.statd[8024]: Failed to insert: creating
/var/lib/nfs/statd/sm/: Is a directory
Dec 7 09:37:44 hostname rpc.statd[8024]: STAT_FAIL to
hostname.example.com for SM_MON of 192.168.1.2
Dec 7 09:37:44 hostname kernel: lockd: cannot monitor 192.168.1.2
It's better in that case to just go ahead and use the presentation
address instead.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When unexport directory, it's possible that the specified path ends with
a '/'. So we need to deal with it to find the matched entry.
If not, there will be error like "Could not find '*:/some_path/' to
unexport."
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In function nfs_parse_simple_hostname, hostname can be NULL,
dereferncing it while passing it to free(*hostname) may result in
segfault.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the id_resolver keyring doesn't exist, the kernel has no cached
idmap information to expunge. AFAIK it's not an error.
If nfsidmap is run by a non-privileged user, the id_resolver keyring
is never visible. IMO that should be reported, but the error message
should report the privilege problem, not the missing keyring.
Reported-by: Amy Shi <amy.shi@oracle.com>
Fixes: 69aa69e7de80 ('nfsidmap: Allow keys to be cleared from the ')
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This prevents rpc.statd's in-memory (and on-disk) monitor lists from
winding up with multiple records for the same peer with outdated
cookie values. This happens in some HA-NFS configurations where
rpc.statd is always running.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the mountversion option is used, there should
not be any mount negotiations with the server.
Also, when the option is used, its know that the mount
is a v4 mount and a V_SPECFIC type.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Trimmed down the number messages being logged
by moving them into level 3 or 4 of debugging
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
When gssd exist ensure a error message is logged.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Cleaned up first level of debugging. Only
errors and warnings are logged.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
From: Jianhong Yin <jiyin@redhat.com>
The buf[] size in test_export() is not enough for NFS_MAXPATHLEN
+ prefix/suffix proto string. Fix it and same issue in dump().
And just to be on the safe side, %s/sprintf/snprintf/
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the kernel's IPv6 module isn't loaded:
rpc.nfsd: knfsd is currently down
rpc.nfsd: Writing version string to kernel: -2 +3 +4
rpc.nfsd: Creating AF_INET TCP socket.
rpc.nfsd: Creating AF_INET UDP socket.
rpc.nfsd: Creating AF_INET6 TCP socket.
rpc.nfsd: Creating AF_INET6 UDP socket.
The last two messages are misleading, since creation of AF_INET6
sockets now fails silently without kernel IPv6 support.
Fixes: c31fef7f4beb ('nfsd: ignore unsupported address types')
Signed-off-by: Juergen Daubert <jue@jue.il>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
No failure case if gssd doesn't recognize the kernel's requested
protocol. Caught with "protocol=rdma" upcall.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Also, fixed erroneously closing file descriptor 0 at init time.
Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find_keytab_entry() first looks for an entry of the form
<HOSTNAME>$@<DOMAIN>, which corresponds to the Active Directory machine
account. It assumes that <HOSTNAME> will be in uppercase because that's
how the entry is created if the machine is joined to the domain using
Samba.
But that's not necessarily the case if the another identity management
solution is used... for example a keytab entry for a machine account
created by Centrify will match the actual computer account in Active
Directory, whether that be in upper case, lower case, or mixed case.
So first look for an entry that matches the unmodified hostname and then
convert it to uppercase and try again only if that failed.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The interface for controlling the debug level in libtirpc was added
over a year ago, but nothing's taking advantage of it.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a hack which uses the bottom-level RPC improperly as below
in the current statd implementation: insert a socket in the
svc_fdset without a corresponding transport handle
and passes the socket to the svc_getreqset subroutine,
this usage causes a segfault of statd on a huge amount of sm-notifications.
Fix the issue by separating the non-RPC-server socket from RPC
dispatcher.
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Just continue and try a different record returned from getaddrinfo
if the kernel does not support an address family. This fixes nfsd
startup on kernels without IPv6 support.
Suggested-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer fork for uid 0, gssd_atexit()
is only called when uid != 0, and fails as permissions
on the /tmp/krb5ccmachine_REALM file prohibit the
clean up of machine credentials (as it should).
Move the reaping of machine credentials back into a
SIGINT sighandler so that <Ctrl-C> destroyes
machine credentials.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit f9cac65972da588d5218236de60a7be11247a8aa
added the fork to process_krb5_upcall so that the
child assumes the uid of the principal requesting
service.
When machine credentials are used, a gssd_k5_kt_princ
entry is added to a global list and used by future
upcalls to note when valid machine credentials have
been obtained. When a child process performs this task,
the entry to the global list is lost upon exit, and
all upcalls for machine credentials re-fetch a TGT,
even when a valid TGT is in the machine kerberos
credential cache.
Since forking is not necessary when the principal has
uid=0, solve the gssd_k5_kt_princ_list issue by only
forking when the uid != 0.
Acked-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
