nfs-utils/nfs-utils.1.2.5-rc1.patch

217 lines
7.9 KiB
Diff
Raw Normal View History

diff -up nfs-utils-1.2.4/aclocal/rpcsec_vers.m4.orig nfs-utils-1.2.4/aclocal/rpcsec_vers.m4
--- nfs-utils-1.2.4/aclocal/rpcsec_vers.m4.orig 2011-06-30 09:00:42.000000000 -0400
+++ nfs-utils-1.2.4/aclocal/rpcsec_vers.m4 2011-07-21 14:30:55.574408000 -0400
@@ -1,7 +1,7 @@
dnl Checks librpcsec version
AC_DEFUN([AC_RPCSEC_VERSION], [
- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1])
+ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
dnl TI-RPC replaces librpcsecgss
if test "$enable_tirpc" = no; then
diff -up nfs-utils-1.2.4/configure.ac.orig nfs-utils-1.2.4/configure.ac
--- nfs-utils-1.2.4/configure.ac.orig 2011-07-21 14:30:42.702030000 -0400
+++ nfs-utils-1.2.4/configure.ac 2011-07-21 14:30:55.581408000 -0400
@@ -264,9 +264,6 @@ if test "$enable_nfsv4" = yes; then
dnl check for nfsidmap libraries and headers
AC_LIBNFSIDMAP
- dnl enable nfsidmap when its support by libnfsidmap
- AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap" = "yes"])
-
dnl check for the keyutils libraries and headers
AC_KEYUTILS
@@ -276,6 +273,9 @@ if test "$enable_nfsv4" = yes; then
AC_RPCSEC_VERSION
fi
fi
+dnl enable nfsidmap when its support by libnfsidmap
+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap" = "yes"])
+
if test "$knfsd_cv_glibc2" = no; then
AC_CHECK_LIB(bsd, daemon, [LIBBSD="-lbsd"])
diff -up nfs-utils-1.2.4/support/nfs/exports.c.orig nfs-utils-1.2.4/support/nfs/exports.c
--- nfs-utils-1.2.4/support/nfs/exports.c.orig 2011-07-21 14:30:42.731028000 -0400
+++ nfs-utils-1.2.4/support/nfs/exports.c 2011-07-21 14:30:55.588408000 -0400
@@ -784,8 +784,9 @@ struct export_features *get_export_featu
fd = open(path, O_RDONLY);
if (fd == -1)
goto good;
- fd = read(fd, buf, 50);
- if (fd == -1)
+ c = read(fd, buf, 50);
+ close(fd);
+ if (c == -1)
goto err;
c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags);
if (c != 2)
diff -up nfs-utils-1.2.4/support/nsm/file.c.orig nfs-utils-1.2.4/support/nsm/file.c
--- nfs-utils-1.2.4/support/nsm/file.c.orig 2011-07-21 14:30:42.722027000 -0400
+++ nfs-utils-1.2.4/support/nsm/file.c 2011-07-21 14:30:55.596409000 -0400
@@ -396,18 +396,18 @@ nsm_drop_privileges(const int pidfd)
return false;
}
- if (st.st_uid == 0) {
- xlog_warn("Running as root. "
- "chown %s to choose different user", nsm_base_dirname);
- return true;
- }
-
if (chdir(nsm_base_dirname) == -1) {
xlog(L_ERROR, "Failed to change working directory to %s: %m",
nsm_base_dirname);
return false;
}
+ if (st.st_uid == 0) {
+ xlog_warn("Running as root. "
+ "chown %s to choose different user", nsm_base_dirname);
+ return true;
+ }
+
/*
* If the pidfile happens to reside on NFS, dropping privileges
* will probably cause us to lose access, even though we are
diff -up nfs-utils-1.2.4/utils/gssd/context_lucid.c.orig nfs-utils-1.2.4/utils/gssd/context_lucid.c
--- nfs-utils-1.2.4/utils/gssd/context_lucid.c.orig 2011-06-30 09:00:42.000000000 -0400
+++ nfs-utils-1.2.4/utils/gssd/context_lucid.c 2011-07-21 14:30:55.602409000 -0400
@@ -305,7 +305,7 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss
maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_export_lucid_sec_context",
+ pgsserr("gss_free_lucid_sec_context",
maj_stat, min_stat, &krb5oid);
printerr(0, "WARN: failed to free lucid sec context\n");
}
diff -up nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c.orig nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c
--- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c.orig 2011-06-30 09:00:42.000000000 -0400
+++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-07-21 14:30:55.609410000 -0400
@@ -45,6 +45,7 @@
#include "gss_oids.h"
#include "err_util.h"
#include "svcgssd_krb5.h"
+#include "../mount/version.h"
#define MYBUFLEN 1024
@@ -169,22 +170,44 @@ svcgssd_limit_krb5_enctypes(void)
{
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
u_int maj_stat, min_stat;
- krb5_enctype default_enctypes[] = { ENCTYPE_DES_CBC_CRC,
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_DES_CBC_MD4 };
- int default_num_enctypes =
- sizeof(default_enctypes) / sizeof(default_enctypes[0]);
- krb5_enctype *enctypes;
- int num_enctypes;
+ krb5_enctype old_kernel_enctypes[] = {
+ ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_MD4 };
+ krb5_enctype new_kernel_enctypes[] = {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_DES3_CBC_SHA1,
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_MD4 };
+ krb5_enctype *default_enctypes, *enctypes;
+ int default_num_enctypes, num_enctypes;
+
+
+ if (linux_version_code() < MAKE_VERSION(2, 6, 35)) {
+ default_enctypes = old_kernel_enctypes;
+ default_num_enctypes =
+ sizeof(old_kernel_enctypes) / sizeof(old_kernel_enctypes[0]);
+ } else {
+ default_enctypes = new_kernel_enctypes;
+ default_num_enctypes =
+ sizeof(new_kernel_enctypes) / sizeof(new_kernel_enctypes[0]);
+ }
get_kernel_supported_enctypes();
if (parsed_enctypes != NULL) {
enctypes = parsed_enctypes;
num_enctypes = parsed_num_enctypes;
+ printerr(2, "%s: Calling gss_set_allowable_enctypes with %d "
+ "enctypes from the kernel\n", __func__, num_enctypes);
} else {
enctypes = default_enctypes;
num_enctypes = default_num_enctypes;
+ printerr(2, "%s: Calling gss_set_allowable_enctypes with %d "
+ "enctypes from defaults\n", __func__, num_enctypes);
}
maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
diff -up nfs-utils-1.2.4/utils/mount/version.h.orig nfs-utils-1.2.4/utils/mount/version.h
--- nfs-utils-1.2.4/utils/mount/version.h.orig 2011-06-30 09:00:42.000000000 -0400
+++ nfs-utils-1.2.4/utils/mount/version.h 2011-07-21 14:30:55.614413000 -0400
@@ -23,8 +23,8 @@
#ifndef _NFS_UTILS_MOUNT_VERSION_H
#define _NFS_UTILS_MOUNT_VERSION_H
-#include <stdlib.h>
-#include <string.h>
+#include <stdio.h>
+#include <limits.h>
#include <sys/utsname.h>
@@ -37,14 +37,16 @@ static inline unsigned int MAKE_VERSION(
static inline unsigned int linux_version_code(void)
{
struct utsname my_utsname;
- unsigned int p, q, r;
+ unsigned int p, q = 0, r = 0;
+ /* UINT_MAX as backward compatibility code should not be run */
if (uname(&my_utsname))
- return 0;
+ return UINT_MAX;
- p = (unsigned int)atoi(strtok(my_utsname.release, "."));
- q = (unsigned int)atoi(strtok(NULL, "."));
- r = (unsigned int)atoi(strtok(NULL, "."));
+ /* UINT_MAX as future versions might not start with an integer */
+ if (sscanf(my_utsname.release, "%u.%u.%u", &p, &q, &r) < 1)
+ return UINT_MAX;
+
return MAKE_VERSION(p, q, r);
}
diff -up nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man.orig nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man
--- nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man.orig 2011-06-30 09:00:42.000000000 -0400
+++ nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man 2011-07-21 14:30:55.620410000 -0400
@@ -25,9 +25,9 @@ will need to be modified so
can properly direct the upcall. The following line should be added before a call
to keyctl negate:
.PP
-create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap %k %d 600
.PP
-This will direct all nfs_idmap requests to the program
+This will direct all id_resolver requests to the program
.I /usr/sbin/nfsidmap
The last parameter, 600, defines how many seconds into the future the key will
expire. This is an optional parameter for
@@ -48,9 +48,9 @@ You can choose to handle any of these in
generic upcall program. If you would like to use your own program for a uid
lookup then you would edit your request-key.conf so it looks similar to this:
.PP
-create nfs_idmap uid:* * /some/other/program %k %d 600
+create id_resolver uid:* * /some/other/program %k %d 600
.br
-create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap %k %d 600
.PP
Notice that the new line was added above the line for the generic program.
request-key will find the first matching line and run the corresponding program.