| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
lookup_export() claims to "Always prefer non-V4ROOT mounts" (meaning
"exports") but actually prefers V4ROOT exports - once it has 'found'
one it will never replace it.
So fix that inversion, and add code so that it proactively prefers a
non-V4ROOT whether it is found before or after a V4ROOT.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
mountd uses colons to split fsloc hosts, but this doesn't work with IPv6
addresses (they contain ':').
To fix this, mountd is changed to expect all IPv6 addresses to be escaped
by '[' and ']' so colons that are part of the address may be skipped.
To fix IPv6 referrals, this patch must be used with the nfsd patch that
properly parses escaped IPv6 addresses in fs_location->hosts.
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Sachin Bhamare <sbhamare@panasas.com>
This script is part of the autologin feature mandated by the
pnfs-objects standard.
It is called from objlayoutdriver.ko in the kernel.
It invokes iscsiadm program to perform the iscsi login to OSDs.
It also features a watchdog which will make sure that control
returns to kernel after 15s timeout.
Signed-off-by: Sachin Bhamare <sbhamare@panasas.com>
Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
- Added header clean up some warnings
- Updated the .gitignore file.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Before opening the pipe, set an inotify watch on the containing dir and
then try to open the pipe. If it succeeds, then set up pipe and inotify
events and return success. If it fails with -ENOENT, then just set up
the inotify event and return success. If it fails with any other error
then return the error and the caller can then abort the program.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This should remove any client record that has a timestamp prior to
the given time.
Eventually, this call will need to be made cluster aware when this is
run in a clustered configuration. For now, this is only suitable for
single-host configurations.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add functions to check whether a client is allowed to reclaim, and
update its timestamp in the DB if so. If either the query or update
fails, then the host is not allowed to reclaim state.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Allow the kernel to ask for removal of a client record.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than roll our own "storage engine", use sqlite instead. It fits
the bill nicely as it does:
- durable on-disk storage
- the ability to constrain record uniqueness
- a facility for collating and searching the host records
...it does add a build dependency to nfs-utils, but almost all modern
distros provide those packages.
The current incarnation of this code dynamically links against a
provided sqlite library, but we could also consider including their
single-file "amalgamation" to reduce dependencies (though with all
the caveats that that entails).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This program opens and "listens" on the new nfsd/cld rpc_pipefs pipe.
The code here doesn't actually do anything on stable storage yet. That
will be added in a later patch.
The patch also adds a autoconf enable switch for the new daemon that
defaults to "no", and a test for the upcall description header file.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Implement a new option -l to force gssd to ignore its kernel's crypto
capabilities and use just the Single DES legacy encryption types to be
compatible with old servers. This is only relevant if those servers have
strong keys in their keytab.
Signed-off-by: Steve Dickson <steved@redhat.com>
Tested-by: Michael Weiser <weiser@science-computing.de>
|
| |
|
|
|
|
|
|
|
| |
The user credential cache currently is kept in /tmp.
In upcoming Kerberos release that will be moved to
/run/user/<username>/. This patch enables gssd to
look in both the old and new caches
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
When the nproc argument is not given the rpc.nfsd
a default number of processes is created. This
patch bumps that default up from 1 to 8.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This problem can occur when multiple cluster services fail over
at the same time, causing missing high-available exports.
Having a lot of nfs-exports will trigger this issue easier.
https://bugzilla.linux-nfs.org/show_bug.cgi?id=224
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The inclusion of no_acl in the exports man page is confusing since it is
not actually supported (v3.3-rc3):
1090 static struct flags {
1091 int flag;
1092 char *name[2];
1093 } expflags[] = {
1094 { NFSEXP_READONLY, {"ro", "rw"}},
1095 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1096 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1097 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1098 { NFSEXP_ASYNC, {"async", "sync"}},
1099 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1100 { NFSEXP_NOHIDE, {"nohide", ""}},
1101 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1102 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1103 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1104 { NFSEXP_V4ROOT, {"v4root", ""}},
1105 { 0, {"", ""}}
1106 };
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is essentially the same as the previous version, but has
been respun to fix up some merge conflicts with some of Chuck's
recent changes.
When we first added tirpc support, we took a "big hammer" approach, and
had it add libtirpc to $LIBS. That had the effect of making it so that
that library was linked into every binary. That's unnecessary, and
wasteful with memory.
Don't let AC_CHECK_LIB add -ltirpc to $LIBS. Instead, have the autoconf
tests set $(LIBTIRPC) in the makefiles, and have the programs that
need it explicitly include that library. In the event that we're not
using libtirpc, then set $LIBTIRPC to a blank string.
This necessitates a change to the bindresvport_sa check too. Since that
library is no longer included in $LIBS, we need to convert that check
to use AC_CHECK_LIB instead of AC_CHECK_FUNCS.
This patch also fixes a subtle bug. If the library was usable, but the
includes were not, the test would set $enable_tirpc to "no", but
HAVE_LIBTIRPC would still be true. That configuration would likely
fail to build.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a key can not be added to a keyring because
the keyring is full or there is no memory for
the playload, keyctl_instantiate() will fail
and set the errno to -EDQUOT, -ENFILE or
-ENOMEM
When this happens, purge the keyring to
free things up and then try to re-add
the key.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support FedFS and NFS junctions without introducing additional
build-time or run-time dependencies on nfs-utils, the community has
chosen to use a dynamically loadable library to handle junction
resolution.
There is one plug-in library for mountd that will handle any NFS-
related junction type. Currently there are two types:
o nfs-basic locally stored file set location data, and
o nfs-fedfs file set location data stored on an LDAP server
mountd's support for this library is enabled at build time by the
presence of the junction API definition header:
/usr/include/nfs-plugin.h
If this header is not found on the build system, mountd will build
without junction support, and will operate as before.
Note that mountd does not cache junction resolution results. NFSD
already caches these results in its exports cache. Thus each time
NFSD calls up to mountd, it is, in essence, requesting a fresh
junction resolution operation, not a cached response.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clean up: xlog() already adds a newline to the end of each line of
output. Remove the superfluous newline from a number of xlog()
call sites in mountd.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Valgrind reports that the memory allocated for eep's e_hostname field
was not being freed. eep is not visible outside of v4root_create(),
so we don't need to strdup() that string.
Introduced by commit 3b777b0 "exports: NFSv4 pseudoroot support
routines" (Dec 1, 2009).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...as that makes that library get linked into every binary. Also,
replace "hardcoded" -lnfsidmap linker flag in Makefiles with
a AC_SUBST variable.
This fixes a regression introduced in commit d7c64dd.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
| |
Have it set LIBEVENT to -levent and use that in the Makefiles instead
of hardcoding it.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Free just calloc'd enc_key.data from one place, unconditionally,
after calling write_lucid_keyblock, rather than from three places.
Coverity spotted the possible double free.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libmount (as well as mount(8)) ignores mount options from command
line if running in restricted mode (suid, non-root-user) and all
options are read from fstab only.
It means that all options are replaced with stuff from fstab,
including mount options from nfsmount.conf. This is bug.
We have to apply fstab and then nfsmount.conf.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The 'clearing' variable was not being initialized
to zero which was cause the default key ring to
always be cleared.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Mounting with the "-o v3,bg,proto=udp" options will
fail, instead of retrying, when the server is down.
The reason being nfs_rewrite_pmap_mount_options()
does not interrupt RPC timeouts correctly.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introducing three new command line arguments
that allow particular keys to be revoke
-u will remove a uid key
-g will revoke a gid key
-r will revoke both the uid and gid keys
A user name has also needs to be supply with
these new flags.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Added the '-c' command line argument that will
clear all the keys from the keyring.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To aid in debugging, the -v flag can now be specified,
multiple time, on the command line to enable verbose
logging in both the nfsidmap command and libnfsidmap
library routines.
Also converted the timeout argument to use a -t flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Since this binary is being called by the kernel, errors
need to be logged to the syslog for help in debugging problems.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We should only try next address family if we meet ECONNREFUSED or
EHOSTUNREACH for v4 or ECONNREFUSED or EOPNOTSUPP or EHOSTUNREACH for v3v2.
Before, only a break in swich can not make the program out of for loop.
Signed-off-by: Yang Bai <hamo.by@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We have had problems on some of our machines (all Fedora 14), where
rpc.idmapd used to die with an `I/O possible' message at (basically)
random times. A strace suggested the issue being in nfsopen() where a
signal type is reset before notification is disabled; a signal at just
the right time might be the cause of the problem; see
https://bugzilla.redhat.com/show_bug.cgi?id=684308
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The groff macros for filling (word-wrapping) and tabulation control are
lower-case, but are written in upper-case here and so have been ignored.
Change the .NF and .FI lines to lower-case.
Change the .TA lines to lower-case and fix the tab stops to work both
on a terminal and in Postscript output.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
PAGE_SIZE is not exported by all architectures as it is not fixed: it
can depend on the model of the machine. So it's better to query the
system configuration for the actual page size on the machine.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This daemon is required to handle upcalls from the kernel pnfs block
layout driver.
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The decoded octal will always be positive and (char) -1 is negative. Any
field containing an encoded octal will be rejected.
As the encoded value should be an unsigned char, fix the check to reject
all values > (unsigned char) -1 = UCHAR_MAX, as this indicate an error
in the encoding.
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where -N 4.1 is left off the commandline, the current code
explicitly turns it on or off anyway, depending on configure options.
Instead, just leave 4.1 support alone. This allows a user to add an
"echo +4.1 >/proc/fs/nfsd/versions" to their init scripts, if they want.
Otherwise they will get the kernel's default (currently to leave 4.1
off, as long as 4.1 support is experimental).
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sm-notify fails to remove monitor records from sm.bak when it has
finally notified a host. This is because of a recent change to send
two SM_NOTIFY requests for each monitored peer: one with the local
host's FQDN, and one with an unqualified version of same. This was
commit baa41b2c: "sm-notify: Send fully-qualified and unqualified
mon_names" (March 19, 2010).
Because of the March 2010 commit, sm-notify modifies the "my_name"
string during notification, but then uses this modified string to try
to find the monitor record to remove. Of course the search for the
record fails. So a persistent monitor record is left in sm.bak.
Aside from leaving trash around, this causes the same hosts to be
notified after every reboot, even if they successfully responded to
the previous SM_NOTIFY and they had no contact with us during the last
boot.
I also noticed that the trick of truncating the argument of SM_NOTIFY
doesn't work at all if a substitute "my_name" was specified via the "-v"
command line option. This patch attempts to address that as well.
sm-notify should preserve the original my_name string so that
nsm_delete_host() can find the correct monitor record to delete. Also
add some degree of protection to the mon_name and my_name strings in
each nsm_host record to prevent a future change from breaking this
dependency.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic in notify_host() watches the host->retries counter to see if
progress is not being made. If progress stalls, notify_host() tries
another IP address. This means sm-notify will generate a fresh
rpcbind query.
After an RPC succeeds, be sure to reset host->retries so sm-notify
doesn't start walking down the host's addrinfo list when we _are_
making progress. In the common case, if the host responds, we avoid
extra rpcbind queries and send all requests for the host to the same
IP address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
An RPC retransmit timeout should start out the same for each new RPC
request. Don't increase the retransmit timeout after receiving the
reply to the rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Clean up: refactor the logic in recv_rpcbind_reply() that re-schedules
an nsm_host into a separate helper function
Adjust debugging messages so it's always apparent when an nsm_host is
rescheduled.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
