| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Address compiler warning:
stropts.c: In function ¿nfs_append_generic_address_option¿:
stropts.c:138: warning: comparison between signed and unsigned
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Address compiler warning:
nfsumount.c: In function nfsumount:
nfsumount.c:347: warning: comparison between signed and unsigned
The result type of pointer arithmetic and the return type of strlen(3)
are both size_t.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Address compiler warning:
network.c: In function nfs_string_to_sockaddr:
network.c:272: warning: unused parameter addrlen
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Address compiler warning:
network.c:1124: warning: unused parameter salen
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Fix a couple of nfs_error() call sites in utils/mount/network.c.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Address compiler warning:
mount.c: At top level:
mount.c:420: warning: unused parameter nomtab
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address compiler warning:
mount.c: In function discover_nfs_mount_data_version¿:
mount.c:162: warning: comparison between signed and unsigned
mount.c:164: warning: comparison between signed and unsigned
mount.c:166: warning: comparison between signed and unsigned
mount.c:168: warning: comparison between signed and unsigned
mount.c:170: warning: comparison between signed and unsigned
mount.c:178: warning: comparison between signed and unsigned
linux_version_code() and MAKE_VERSION() both return an unsigned int.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Introduce address family-agnostic functions that get and set IP port
numbers in socket addresses. We can already replace a few similar
functions in the mount command, and a few more will come up with
statd and sm-notify.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The umount.nfs command will negotiate the mount options again, so all
that is needed in /etc/mnttab is the original set of options used for
the mount, plus the additional mandatory options like addr=''.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix up comments and function names to reflect the new version/protocol
negotiation scheme. We can now remove a bunch of mount processing
that is specific to v2/v3, removing about 100 lines of logic from
stropts.c.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Clean up: Move nfs_is_permanent_error() closer to the functions that
call it, and update a documenting comment to reflect recent
restructuring in this area.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Text-based mounts try a mount operation first with default settings,
then negotiate via rpcbind queries and retry the mount, if the default
settings don't work. This method introduces long delays in certain
common scenarios, and makes it difficult to tell when it is
appropriate to fail immediately or negotiate and retry.
To address these behavioral regressions, make text-based mounts
operate the same way that legacy mounts work. Perform rpcbind queries
with short timeouts first, then use the results to determine
transport, version, and port number settings for the mount.
This allows the mount.nfs command to detect server settings, or
whether negotiation is even possible, quickly. It also makes it
simple to determine when to fail vs. when to retry.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up until now, nfs_options2pmap() has been passed mount options that
have already gone through the kernel's parser successfully. So, it
never had to check for invalid mount option values.
However, we are about to pass it options that come right from the
user. So nfs_options2pmap() will now need to report an error and
fail if it encounters a bogus value for any of the options it cares
about.
=====
Note that nfs_options2pmap() will allow a bogus value for an option
if the same option is specified farther to the right with a useable
value.
For example, if a user specifies "proto=foo,...,tcp" then
nfs_options2pmap() uses "tcp" and ignores "proto=foo".
However, if the options are specified in the other order:
"tcp,...,proto=foo" then nfs_options2pmap() will fail. This is a simple
and unambiguous extension of the "rightmost wins" rule.
Since mount.nfs strips out these options out and replaces them with
the rpcbind-negotiated options before invoking mount(2), the kernel
should never receive bogus values for these options from mount.nfs in
such cases.
This is probably slightly more flexible behavior than the legacy
mount implementation, but should be harmless. All mount options
unrelated to pmap are ignored by nfs_options2pmap().
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs_options2pmap() fills in default values if the passed-in mount
options don't specify values. This short-circuits the version, port,
and transport negotiation logic in nfs_probe_bothports().
Instead, nfs_options2pmap() should plant zeros in these pmap fields
to force nfs_probe_bothports() and nfs_advise_mount() to discover, via
rpcbind queries, what the server supports.
This fixes some scenarios where umount.nfs fails to connect to servers
that don't have all rpcbind ports open, in addition to fixing other
corner cases during mount.nfs version/protocol negotiation.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Suppose a port= option is specified on the mount command line, but not
enough other mount options are specified to avoid an rpcbind query to
discover the NFS service.
If the NFS service isn't registered on [100003, 3, "tcp", port] (even
if the server is listening on the specified port), the legacy mount.nfs
command fails immediately with:
mount.nfs: mount to NFS server 'server' failed: RPC Error: Success
What's more, this mount request should succeeded if an NFS service is
registered on the specified port for another version and/or protocol.
So instead, let's retry the rpcbind query with the other versions and
transport protocols to be absolutely sure that port won't work with
either version or transport. Then, if all fails, report:
mount.nfs: mount to NFS server 'server' failed:
RPC Error: Program not registered
This change also affects text-based mounts that require negotiation
by the mount.nfs command.
Note that if the mount options specify all four pmap parameters for
NFS, the rpcbind query for the NFS service is skipped entirely. The
mount command then hangs and times out later if NFS service is not
listening on the requested tuple. This is unchanged from previous
behavior.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
So we can see how rpcbind queries are failing during mount processing,
add some debugging messages (enabled with "mount.nfs -v") around the
nfs_getport() calls.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Some RPC errors set fields in rpc_createerr.cf_error in addition
to cf_stat. Be sure to clear _all_ error fields in rpc_createerr
each time through the rpcbind API.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
idmapd and svcgssd have a mydaemon() routine that uses closeall() to
close file descriptors. Unfortunately, they aren't using it correctly
and it ends up closing the pipe that the child process uses to talk to
its parent.
Fix this by not using closeall() in this routine and instead, just close
the file descriptors that we know need to be closed. If /dev/null can't
be opened for some reason, then just have the child exit with a non-zero
error.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
libnfsidmapd libraries when verbosity level is set
by the '-v' flag it on either daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
mountd tries to avoid telling the kernel to export something
when the kernel already knows to do that.
However sometimes (exportfs -r) the kernel can be told
to forget something without mountd realising.
So if mountd finds that it cannot get a valid filehandle,
make sure it really has been exported to the kernel.
This only applies if the nfsd filesystem is not mounted.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
with the explicit permission of Sun Microsystems
Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add additional error reporting to nfs_advise_umount().
These messages can be displayed if the "-v" option
is specified with umount.nfs. Normally these
messages do not appear.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we have two separate copies of nfs_name_to_address() since
some older glibc's don't define AI_ADDRCONFIG. This means extra
work to build- and run-test both functions when code is changed in
this area.
It is also the case that gethostbyname(3) is deprecated, and should
not be used in new code.
Remove the legacy code in favor of always using getaddrinfo(3).
We can also get rid of nfs_name_to_address()'s @family argument as
well.
Note also this addresses a bug in nfsumount.c -- it was calling
nfs_name_to_address() with AF_UNSPEC unconditionally, even if the
legacy version of nfs_name_to_address(), which doesn't support
AF_UNSPEC, was in use.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, if getaddrinfo(3) fails when trying to resolve a hostname,
sm-notify gives up immediately on that host. If sm-notify is started
before network service is available on a system, that means it quits
without notifying anyone. Or, if DNS service isn't available due to
a network partition or because the DNS server crashed, sm-notify will
simply remove all of its callback files and exit.
Really, sm-notify should try harder. We know that the hostnames
passed in to notify_host() have already been vetted by statd, which
won't monitor a hostname that it can't resolve. So it's likely that
any DNS failure we meet here is a temporary condition. If it isn't,
then sm-notify will stop trying to notify that host in 15 minutes
anyway.
[ The host's file is left in /var/lib/nfs/sm.bak in this case, but
sm.bak is not read again until the next time sm-notify runs. ]
sm-notify already has retry logic for handling RPC timeouts. We can
co-opt that to drive DNS resolution retries.
We also add AI_ADDRCONFIG because on systems whose network startup is
handled by NetworkManager, there appears to be a bug that causes
processes that started calling getaddinfo(3) before the network came
up to continue getting EAI_AGAIN even after the network is fully
operating.
As I understand it, legacy glibc (before AI_ADDRCONFIG was exposed in
headers) sets AI_ADDRCONFIG by default, although I haven't checked
this. In any event, pre-glibc-2.2 systems probably won't run
NetworkManager anyway, so this may not be much of a problem for them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sm-notify orphans an addrinfo struct in its address list rotation
logic if only a single result was returned from getaddrinfo(3).
For each host, the first time through notify_host(), we want to
send a PMAP_GETPORT request. ->ai is NULL, and retries is set to 100,
forcing a DNS lookup and an address rotation. If only a single
addrinfo struct is returned, the rotation logic causes a NULL to be
planted in ->ai, copied from the ai_next field of the returned result.
This means that the second time through notify_host() (to perform the
actual SM_NOTIFY call) we do a second DNS lookup, since ->ai is NULL.
The result of the first lookup has been orphaned, and extra network
traffic is generated.
This scenario is actually fairly common. Since we pass
.ai_protocol = IPPROTO_UDP,
to getaddrinfo(3), for most hosts, which have a single forward and
reverse pointer in the DNS database, we get back a single addrinfo
struct as a result.
To address this problem, only perform the address list rotation if
there is more than one element on the list returned by getaddrinfo(3).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Enable support for the maximum minor version (4.1 at the moment)
by default. It can be disabled using the -N command line
option.
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
<version>.<minorversion> to disable support
for <minorversion>. Only 4.1 is currently supported.
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
minorvers4 can be used to either enable or disable nfsv4.x.
If minorvers4 is a positive integer n, in the allowed range (only
minorversion 1 is supported for now), the string "+4.n" is appended
to the versions string written onto /proc/fs/nfsd/versions.
Correspondingly, if minorver4 is a negative integer -n, the string
"-4.n" is written.
With the default value, minorvers4==0, the minor version
setting is not changed.
Note that unlike the protocol versions 2, 3, or 4. The minor version
setting controls the *maximum* minor version nfsd supports. Particular
minor version cannot be controlled on their own. With only minor
version 1 supported at the moment the difference doesn't matter,
but for future minor versions greater than 1, enabling minor
version X will enable support for all minor versions 1 through X.
Disabling minor version X will disable support for minor
versions X and up, enabling 1 through X-1.
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix a copy-paste error introduced in nfs_mount_protocol(). It should
return an IPPROTO_ number, not an NFS version number.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Turns out we do actually need to use a privileged port for UMNT. The
Linux rpc.mountd complains if an ephemeral source port is used:
Apr 17 15:52:19 ingres mountd[2061]: refused unmount request from
192.168.0.59 for /export (/export): illegal port 60932
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
as currently printed c is the version number, not a string char,
therefore is should be printed as %d not %c. That said, just print
optarg as %s since it might be non-numeric.
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
All of the pieces to handle IPv6 are now in place. Add IPv6-specific
code wrapped in the proper #ifdef's so that IPv6 support works when
it's enabled at build-time.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We already have a common function for setting up an RPC client. That
function uses the tirpc API when tirpc is enabled and is also already
IPv6 enabled. Switch gssd to use it.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have the server's address from the upcall, so we don't really
need to look it up again, and querying the local services DB for the
port that the remote server is listening on is just plain wrong.
Use rpcbind to set the port for the program and version that we were
given in the upcall. The exception here is NFSv4. Since NFSv4 mounts
are supposed to use a well-defined port then skip the rpcbind query
for that and just set the port to the standard one (2049).
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current upcall could be more efficient. We first convert the address
to a hostname, and then later when we set up the RPC client, we do a
hostname lookup to convert it back to an address.
Begin to change this by keeping the address in the clnt_info that we get
out of the upcall. Since a sockaddr has a port field, we can also
eliminate the port from the clnt_info.
Finally, switch to getnameinfo() instead of gethostbyaddr(). We'll need
to use that call anyway when we add support for IPv6.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The print_stats_list() routine was using the client's
stats to decide whether to display any stats. This did
not work when there was only server stats.
This patch breaks up print_stats_list into two different
routines allowing both server and clients stats to be
listed.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
-Z options causing the stats to be incorrect.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is specified (-2, -3, -4) the -Z and or --list options.
When a particular protocol is specified and either
the -Z or --list options are used, zeros or blank lines
are echoed to the screen when there is not any NFS traffic.
This cause any useful data to be scroll off the screen.
With this patch only non-zero stats will be shown, which
makes the output of these options more condensed and
in turn more useful.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
nfsstat.c: Adds the --list flag to print information in a list format
instead of the standard multi-column format
nfsstat.man: Updates the manpage to include the --list flag.
Signed-off-by: Kevin Constantine <kevin.constantine@disneyanimation.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'nfsstat -Z5' command continually outputs the following
when there is no NFS traffic.
Client rpc stats:
calls retrans authrefrsh
0 0 0
This patch adds code that will keep the interval output
quite so real results will not be scrolled of the screen
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
nfsstat.c: Implements an optional "interval" argument to --sleep
nfsstat.man: Explains the use of --sleep[interval]
Reviewed-By: Greg Banks <gnb@fmeh.org>
Signed-off-by: Kevin Constantine <kevin.constantine@disneyanimation.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If qword_eol() fails while writing the context information, log
an indication of the failure.
This addresses at least one cause of the intermittent, and
previously undiagnosed, problem of the server returning
GSS_S_NO_CONTEXT when a context was seemingly successfully
created and sent down to the kernel. In my case there was a
mis-match between kernel and user-land configuration resulting in
the proper kernel module not being loaded. Therefore the write
of the context failed, but was not logged by svcgssd. When the
kernel goes to find the resulting context, it was really not
there and correctly returned GSS_S_NO_CONTEXT to the client.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mountd keeps file descriptors used for locks separate from
those used for io and seems to assume that the lock will
only be released on close of the file descriptor that was used
with fcntl. Actually the lock is released when any file
descriptor for that file is closed. When setexportent() is called
after xflock() he closes and reopens the io file descriptor and defeats the
lock.
This patch fixes that by using a separate file for locking, cleaning
them up when finished.
Signed-off-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
flag has been set. This cause warnings to be generated when
return values from reads/writes (and other calls) are not
checked. The patch address those warnings.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
this. Later code changes may make it more likely for this problem to
occur.
Also eliminate some unneeded NULL pointer checks before freeing memory.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There's no way for the caller of gssd_k5_err_msg to know whether to free
the string it returns. It can call krb5_get_error_message which returns
a string that must be freed via krb5_free_error_string. The other ways
that it can return a string require that the memory not be freed.
Deal with this by copying the string to a new buffer in all cases. Then
we can properly free the string allocated by krb5_get_error_message.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Valgrind complains that we're passing an unintialized buffer to sscanf
here. The main problem seems to be that we're not ensuring that the
buffer is NULL terminated before we pass it off.
This is the second version of this patch, the first one did not increase
the buffer allocation by 1 which could have led to clobbering the next
byte on the stack if nbytes == INFOBUFLEN.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This causes a compiler warning and also means that we're stuffing
the buffer with uninitialized junk from the stack. Other places in
this code initialize "fakeseed" to 0. Do the same here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Jeff Layton <jlayton@redhat.com>
Make the pkgconfig check for libgssglue conditional on tirpc being
enabled. When it's disabled, the pkgconfig check for librpcsecgss will
pull in the gssglue lib and include dir automatically.
Also, make sure we include GSSGLUE_CFLAGS and the GSSGLUE_LIBS to the
appropriate places in utils/gssd/Makefile.am so that we pick up
the gssglue libs when tirpc is enabled.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Data type incompatibilities between the legacy RPC headers and the
TI-RPC headers mean we can't use libtirpc with code that was compiled
against the legacy RPC headers. The definition of rpcprog_t for
example is "unsigned long" in the legacy library, but it's "uint32_t"
for TI-RPC. On 32-bit systems, these types happen to have the same
width, but on 64-bit systems they don't, making more complex data
structures that use these types in fields ABI incompatible.
Adopt a new strategy to deal with this issue. When --enable-tirpc is
set, append "-I/usr/include/tirpc" to the compilation steps. This
should cause the compiler to grab the tirpc/ headers instead of the
legacy headers. Now, for TI-RPC builds, the TI-RPC legacy functions
and the TI-RPC headers will be used. On legacy systems, the legacy
headers and legacy glibc RPC implementation will be used.
A new ./configure option is introduced to allow system integrators to
use TI-RPC headers in some other location than /usr/include/tirpc.
/usr/include/tirpc remains the default setting for this new option.
The gssd implementation presents a few challenges, but it turns out
the gssglue library is similar to the auth_gss pieces of TI-RPC. To
avoid similar header incompatibility issues, gssd now uses libtirpc
instead of libgssglue if --enable-tirpc is specified. There may be
other issues to tackle with gssd, but for now, we just make sure it
builds with --enable-tirpc.
Note also: svc_getcaller() is a macro in both cases that points to
a sockaddr field in the svc_req structure. The legacy version points
to a sockaddr_in type field, but the TI-RPC version points to a
sockaddr_in6 type field.
rpc.mountd unconditionally casts the result of svc_getcaller() to a
sockaddr_in *. This should be OK for TI-RPC as well, since rpc.mountd
still uses legacy RPC calls (provided by glibc, or emulated by TI-RPC)
to set up its listeners, and therefore rpc.mountd callers will always
be from AF_INET addresses for now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
