| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a key can not be added to a keyring because
the keyring is full or there is no memory for
the playload, keyctl_instantiate() will fail
and set the errno to -EDQUOT, -ENFILE or
-ENOMEM
When this happens, purge the keyring to
free things up and then try to re-add
the key.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support FedFS and NFS junctions without introducing additional
build-time or run-time dependencies on nfs-utils, the community has
chosen to use a dynamically loadable library to handle junction
resolution.
There is one plug-in library for mountd that will handle any NFS-
related junction type. Currently there are two types:
o nfs-basic locally stored file set location data, and
o nfs-fedfs file set location data stored on an LDAP server
mountd's support for this library is enabled at build time by the
presence of the junction API definition header:
/usr/include/nfs-plugin.h
If this header is not found on the build system, mountd will build
without junction support, and will operate as before.
Note that mountd does not cache junction resolution results. NFSD
already caches these results in its exports cache. Thus each time
NFSD calls up to mountd, it is, in essence, requesting a fresh
junction resolution operation, not a cached response.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: xlog() already adds a newline to the end of each line of
output. Remove the superfluous newline from a number of xlog()
call sites in mountd.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Valgrind reports that the memory allocated for eep's e_hostname field
was not being freed. eep is not visible outside of v4root_create(),
so we don't need to strdup() that string.
Introduced by commit 3b777b0 "exports: NFSv4 pseudoroot support
routines" (Dec 1, 2009).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...as that makes that library get linked into every binary. Also,
replace "hardcoded" -lnfsidmap linker flag in Makefiles with
a AC_SUBST variable.
This fixes a regression introduced in commit d7c64dd.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
| |
Have it set LIBEVENT to -levent and use that in the Makefiles instead
of hardcoding it.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Free just calloc'd enc_key.data from one place, unconditionally,
after calling write_lucid_keyblock, rather than from three places.
Coverity spotted the possible double free.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libmount (as well as mount(8)) ignores mount options from command
line if running in restricted mode (suid, non-root-user) and all
options are read from fstab only.
It means that all options are replaced with stuff from fstab,
including mount options from nfsmount.conf. This is bug.
We have to apply fstab and then nfsmount.conf.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The 'clearing' variable was not being initialized
to zero which was cause the default key ring to
always be cleared.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Mounting with the "-o v3,bg,proto=udp" options will
fail, instead of retrying, when the server is down.
The reason being nfs_rewrite_pmap_mount_options()
does not interrupt RPC timeouts correctly.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introducing three new command line arguments
that allow particular keys to be revoke
-u will remove a uid key
-g will revoke a gid key
-r will revoke both the uid and gid keys
A user name has also needs to be supply with
these new flags.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Added the '-c' command line argument that will
clear all the keys from the keyring.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To aid in debugging, the -v flag can now be specified,
multiple time, on the command line to enable verbose
logging in both the nfsidmap command and libnfsidmap
library routines.
Also converted the timeout argument to use a -t flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Since this binary is being called by the kernel, errors
need to be logged to the syslog for help in debugging problems.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We should only try next address family if we meet ECONNREFUSED or
EHOSTUNREACH for v4 or ECONNREFUSED or EOPNOTSUPP or EHOSTUNREACH for v3v2.
Before, only a break in swich can not make the program out of for loop.
Signed-off-by: Yang Bai <hamo.by@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We have had problems on some of our machines (all Fedora 14), where
rpc.idmapd used to die with an `I/O possible' message at (basically)
random times. A strace suggested the issue being in nfsopen() where a
signal type is reset before notification is disabled; a signal at just
the right time might be the cause of the problem; see
https://bugzilla.redhat.com/show_bug.cgi?id=684308
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The groff macros for filling (word-wrapping) and tabulation control are
lower-case, but are written in upper-case here and so have been ignored.
Change the .NF and .FI lines to lower-case.
Change the .TA lines to lower-case and fix the tab stops to work both
on a terminal and in Postscript output.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
PAGE_SIZE is not exported by all architectures as it is not fixed: it
can depend on the model of the machine. So it's better to query the
system configuration for the actual page size on the machine.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This daemon is required to handle upcalls from the kernel pnfs block
layout driver.
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The decoded octal will always be positive and (char) -1 is negative. Any
field containing an encoded octal will be rejected.
As the encoded value should be an unsigned char, fix the check to reject
all values > (unsigned char) -1 = UCHAR_MAX, as this indicate an error
in the encoding.
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where -N 4.1 is left off the commandline, the current code
explicitly turns it on or off anyway, depending on configure options.
Instead, just leave 4.1 support alone. This allows a user to add an
"echo +4.1 >/proc/fs/nfsd/versions" to their init scripts, if they want.
Otherwise they will get the kernel's default (currently to leave 4.1
off, as long as 4.1 support is experimental).
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sm-notify fails to remove monitor records from sm.bak when it has
finally notified a host. This is because of a recent change to send
two SM_NOTIFY requests for each monitored peer: one with the local
host's FQDN, and one with an unqualified version of same. This was
commit baa41b2c: "sm-notify: Send fully-qualified and unqualified
mon_names" (March 19, 2010).
Because of the March 2010 commit, sm-notify modifies the "my_name"
string during notification, but then uses this modified string to try
to find the monitor record to remove. Of course the search for the
record fails. So a persistent monitor record is left in sm.bak.
Aside from leaving trash around, this causes the same hosts to be
notified after every reboot, even if they successfully responded to
the previous SM_NOTIFY and they had no contact with us during the last
boot.
I also noticed that the trick of truncating the argument of SM_NOTIFY
doesn't work at all if a substitute "my_name" was specified via the "-v"
command line option. This patch attempts to address that as well.
sm-notify should preserve the original my_name string so that
nsm_delete_host() can find the correct monitor record to delete. Also
add some degree of protection to the mon_name and my_name strings in
each nsm_host record to prevent a future change from breaking this
dependency.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic in notify_host() watches the host->retries counter to see if
progress is not being made. If progress stalls, notify_host() tries
another IP address. This means sm-notify will generate a fresh
rpcbind query.
After an RPC succeeds, be sure to reset host->retries so sm-notify
doesn't start walking down the host's addrinfo list when we _are_
making progress. In the common case, if the host responds, we avoid
extra rpcbind queries and send all requests for the host to the same
IP address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
An RPC retransmit timeout should start out the same for each new RPC
request. Don't increase the retransmit timeout after receiving the
reply to the rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Clean up: refactor the logic in recv_rpcbind_reply() that re-schedules
an nsm_host into a separate helper function
Adjust debugging messages so it's always apparent when an nsm_host is
rescheduled.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
nfsumount.c: In function nfs_umount_is_vers4:
nfsumount.c:164: warning: conversion to int from size_t may alter its value
nfsumount.c:173: warning: conversion to ?size_t? from int may change the sign of the result
Introduced by commit 3564ebbf.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If NFS port (2049) is supplied explicitly, don't ignore this setting
by requesting it to portmapper again.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It isn't uncommon for /etc/exports.d/ to not exist, and imo, it's not
that big of a deal as often times, a simple /etc/exports is sufficient.
So silently skip the case where the dir is missing.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Since xlog() itself appends a newline, we don't want to add our own
otherwise we get extra in the output.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
NFS/TCP does linear backoff then retransmiting - the manpage
was mistakenly asserting the "no backoff" theory.
Signed-off-by: Max Matveev <makc@redhat.com>
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like the existing algorithm for verifying the passed-in bind
address is as broken as statd_matchhostname() used to be: for IP
addresses, AI_CANONNAME is useless. We need to have getnameinfo(3) or
equivalent in there.
Clean up: extract the logic that verifies the command line bind
address into its own function, and make it handle canonical name
lookup correctly.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Same change as statd_matchhostname() is necessary for the logic in
exportfs.
Recall that these are "separate but nearly equal" because the exportfs
version requires extra expensive string checking that would be onerous
for statd.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The job of statd_matchhostname() is to work hard at matching two
hostnames or presentation IP addresses that may refer to the same
host.
statd_matchhostname() turns the hostname of the local system into a
list of addresses containing only the loopback address. The actual
DNS registered address of the system does not appear in that list.
Presentation IP addresses, on the other hand, are soundly ignored by
the AI_CANONNAME option of getaddrinfo(3). The ai_canonname string
that is returned is just the same presentation IP address. And the
resulting list of addresses contains just that IP address.
So if the DNS registered IP address of the local host is passed in as
one argument, and the local hostname is passed as the other argument,
statd_matchhostname() whiffs and believes there is no match. To fix
this, the logic needs to be smarter about deriving a hostname from an
IP address.
This appears to cause no end of trouble: monitor records pile up in
/var/lib/nfs/sm and sm.bak, notifications are missed, and so on. This
has likely been around since commit cbd3a131 "statd: Introduce statd
version of matchhostname()" (Jan 14, 2010).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
statd's "-F" flag disables syslog output, and specifies sm-notify's
"-d" option when it runs it. sm-notify's "-d" option should therefore
also disable syslog output.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix a debugging message to report correctly the count of hosts loaded
when statd starts up.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
License texts contain multiple address for FSF, some wrong.
So update them and replace COPYING file with
http://www.gnu.org/licenses/gpl-2.0.txt
which has a few changes to preamble and commentary.
Also remove extra COPYING file from utils/statd/
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Ian Kent <ikent@redhat.com>
nfs_umount_is_vers4() doesn't take acount of the escaping of characters
seen in /proc/mounts and /etc/mtab as the functions in fstab.c do. This
leads to an inability to umount a mount containing any of these escaped
characters (like spaces).
This patch changes nfs_umount_is_vers4() to use functions in fstab.c and
adds a function to fstab.c to read /proc/mounts specifically, as it was
used for the check in nfs_umount_is_vers4() previously.
Signed-off-by: Ian Kent <ikent@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
sh -p is not guaranteed to be provided by POSIX shells. dash for
instance does not provide this, so use bash explicitly.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The groff macros for filling (word-wrapping) and tabulation control are
lower-case, but are written in upper-case here and so have been ignored.
Change the .NF and .FI lines to lower-case.
Change the .TA lines to lower-case and fix the tab stops to work both
on a terminal and in Postscript output.
Delete the .SP line where .sp would be redundant.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Using three single-quotes for a comment sort of works because it
results in invoking a nonexistent macro, but it results in a huge
number of warnings when trying to validate the man page.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix syntax for line starting with 'visible' according to a patch from
Simon Paillard <spaillard@debian.org> in Debian bug #624261.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix "macro `local_lock=flock'.' not defined" by avoiding to put a quote
at the beginning of the line.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
man complains with "macro `d' not defined", so remove these seemingly
unneeded characters
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Consider a setup where mountd on the server is controlled via
tcp_wrappers (usual RHEL setup) and will not process calls from a
particular client because of something in /etc/hosts.deny.
When such client attempts to do v3 mount, the error message printed
by mount.nfs is misleading.
This patch changes that error message from:
mount.nfs: Argument list too long
to
mount.nfs: access denied by server while mounting server:/export
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The function mnt_fs_set_fs_options() has been removed from the final
version of the libmount API.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past, rpc.statd posted SM_NOTIFY requests using the same socket
it used for sending downcalls to the kernel. To receive replies from
remote hosts, the socket was bound to INADDR_ANY.
With commit f113db52 "Remove notify functionality from statd in
favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer
used for sending requests to remote hosts. However, the downcall
socket is still bound to INADDR_ANY.
Thus a remote host can inject data on this socket since it is an
unconnected UDP socket listening for RPC replies. Thanks to f113db52,
the port number of this socket is no longer controlled by a command
line option, making it difficult to firewall.
We have demonstrated that data injection on this socket can result in
a DoS by causing rpc.statd to consume CPU and log bandwidth, but so
far we have not found a breach.
To prevent unwanted data injection, bind this socket to the loopback
address.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Fixed the usage of strcmp in the duplicate check in insert groups.
Fixes an issue with showmount and other commands that required
the group information.
Signed-off-by: Matthew Treinish <treinish@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
At RHEL, if user set port for mountd at /etc/services as
"mount 12345/tcp", mountd should be bind to 12345, but the
latest nfs-utils, mountd get a rand port, not 12345.
This patch make sure mountd be bind to the port which was set
at /etc/service.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
