| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Avoid usage of -rpath is generally safer, and is required by Debian policy.
|
| |
|
|
| |
as this is more consistant across achitectures.
|
| |
|
|
|
|
| |
statistics and print them.
Submitted by: Shankar Anand <shanand@novell.com>
|
| | |
|
| |
|
|
| |
This is more consistant across platforms.
|
| | |
|
| |
|
|
|
| |
rquota_svc.c is still by-hand as it contains alot of extras.
These should really be moved to rquota_server.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted: support/export/keys.c
deleted: support/include/rpcdispatch.h
deleted: support/include/rpcsec.h
deleted: support/include/version.h
deleted: support/include/ypupdate.h
deleted: support/nfs/clients.c
deleted: support/nfs/keytab.c
deleted: support/nfs/ypupdate_xdr.c
deleted: support/rpc/include/Makefile.am
deleted: tools/rpcdebug/neat_idea.c
deleted: utils/mountd/mount_xdr.c
deleted: utils/rquotad/pathnames.h
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Temporary patch to do default mapping if we get an error while trying to
map a gss principal to the appropriate uid/gid. This currently returns
hardcoded values. This may be correct, or we may need to try and figure
out the correct values to match the anonuid/anongid for the export.
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change message priorities for errors and debug messages.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The readline routine expects much smaller messages than we are passing.
Change the default initial allocation and increment value from 128
to 2048. This saves many calls to realloc().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Update the printerr() function to:
1) Determine whether we'll print the message before going to all the
work of formatting it.
2) Don't just toss away messages that are too long for the buffer.
Print what we can and give an indication of the truncation with
"..." at the end.
3) Use a single buffer rather than two.
4) Messages either go to syslog (with level ERR) or stderr. Don't
send some messages to syslog level DEBUG.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
seteuid() when creating a gss context. This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured. We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Correct the definition of mech_used in the gss context to use gss_OID_desc.
This fixes problems on 64-bit machines when referencing the OID.
Also updates write_buffer function to use u_int rather than size_t when
doing calculations.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
-T - will suppressing listening for TCP connection.
-U - will suppress UDP
-H host - will only listen on that local address
-p port - will listen on that port.
This requires kernel patches which will hopefully be in 2.6.19 and possibly some
earlier test and vendor kernels.
|
| | |
| |
| |
| |
| |
| | |
e.g. -N 2
means that NFSv2 won't be supported, just v3 and v4 (if the kernel
supports them).
|
| | |
| |
| |
| |
| | |
Greg Banks suggested some variations, particularly improved
use of xmalloc/xstrdup functions. Thanks.
|
| | |
| |
| |
| | |
Thanks to Michael Halcrow for finding them.
|
| | |
| |
| |
| |
| |
| |
| | |
Change the configure option from --with-mount to --enable-mount.
Signed-off-by: Amit Gud <agud@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Merge utils/mount/nfsmount.x and support/export/mount.x into support/export/mount.x.
Signed-off-by: Amit Gud <agud@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to give an IP address to identify this client to the
server.
The current code does a gethostbyname of the hostname. One
some systems this returns 127.0.0.1 or similar, which is not useful.
Instead, use getsockname of the sock used to connect to the server
to confirm that the server is working. This gives the address on the
interface that was chosen to talk to that server, which is the
best address we can find (if there is a NAT in the way, it might
still not work, but in that case there is nothing we can do).
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
distribution. They cause compile warnings, there is no longer any
reason to try to build them into the binaries, and gcc seems to be
eliding some of them anyway.
|
| | |
| |
| |
| |
| | |
of int in those cases which generate compile warnings,
e.g. the last argument of recvfrom().
|
| | |
| |
| |
| | |
signal functions to avoid compile warnings.
|
| | |
| |
| |
| | |
unused labels, constness, signedness.
|
| |/
|
|
| |
don't bother calling it if it's missing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
How about the attached patch against nfs-utils tot? It
adds a -t option to set the number of forked workers.
Default is 1 thread, i.e. the old behaviour.
I've verified that showmount -e, the Ogata mount client,
and a real mount from Linux and IRIX boxes work with and
without the new option.
I've verified that you can manually kill any of the workers
without the portmap registration going away, that killing
all the workers causes the manager process to wake up and
unregister, and killing the manager process causes the
workers to be killed and portmap unregistered.
I've verified that all the workers have file descriptors
for the udp socket and the tcp rendezvous socket, that
connections are balanced across all the workers if service
times are sufficiently long, and that performance is
improved by that parallelism, at least for small numbers
of threads. For example, with 60 parallel MOUNT calls
and a testing patch to make DNS lookups take 100 milliseconds
time to perform all mounts (averaged over 5 runs) is:
num elapsed
threads time (sec)
------ ----------
1 13.125
2 6.859
3 4.836
4 3.841
5 3.303
6 3.100
7 3.078
8 3.018
Greg.
--
Greg Banks, R&D Software Engineer, SGI Australian Software Group.
I don't speak for SGI.
|
| | |
|
| |
|
|
|
|
|
| |
Adds the mount directory and the code to mount and umount the NFS file system.
Signed-off-by: Amit Gud <agud@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
nhfsrun is supposed to be able to be signalled with SIGUSR1, but
the signal trapped is number 30, which is something else
entirely (SIGPWR). This patch simply changes it to say "USR1",
which gets it right no matter what the value is.
"Steinar H. Gunderson" <sesse@debian.org>
|
| |
|
|
|
|
| |
Let the user select (via a new parameter) the path to the NFS
state directory for mountd, to match the statd functionality.
"Steinar H. Gunderson" <sesse@debian.org>
|
| |
|
|
|
|
| |
Document the 'sync' option in the exports(5) man page -- ATM
only the 'async' option is documented, which is not very
symmetric. :-) "Steinar H. Gunderson" <sesse@debian.org>
|
| |
|
|
|
|
| |
support/include/config.h.in from source control
These are auto autogenerated by
aclocal -I aclocal ; autoheader ; automake ; autoconf
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various paranoia checks:
gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
overflow
svcgssd_proc.c: range_check name.length, to ensure name.length+1
doesn't wrap
idmapd.c(nfsdcb): make sure at least one byte is read before
zeroing the last byte that was read, otherwise memory corruption
is possible.
Found by SuSE security audit.
|
| |
|
|
|
| |
Check for sufficient version of librpcsecgss and libgssapi
in configure.in
|
| |
|
|
|
| |
Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
HAVE_TCP_WRAPPERS as appropriate.
|
| |
|
|
|
|
|
| |
Update calls to gss_export_lucid_sec_context()
Change the calls to gss_export_lucid_sec_context() to match the corrected
interface definition in libgssapi-0.9.
|
| |
|
|
|
|
| |
Plug memory leaks in svcgssd
Various memory leaks in the svcgssd context processing are eliminated.
|
| |
|
|
|
|
|
| |
Fix memory leak of the AUTH structure on context negotiations
Free AUTH structure after completing context negotiation and sending
context information to the kernel.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of having separate copies of the gssapi and rpcsecgss
header files, or depending on the Kerberos gssapi header,
locate the headers now installed with the libgssapi and librpcsecgss
libraries.
Remove local copies of the gssapi and rpcsecgss header files.
This depends on the configure_use_autotools patch.
|
| |
|
|
|
|
|
| |
Print debugging message indicating the type of encryption keys being sent
down to the kernel. This should make it easier to detect cases where
unsupported encryption types are being negotiated.
(really this time)
|
