2020-08-04 13:38:56 +00:00
|
|
|
diff --git a/aclocal/libevent.m4 b/aclocal/libevent.m4
|
|
|
|
index b5ac00f..e0b820b 100644
|
|
|
|
--- a/aclocal/libevent.m4
|
|
|
|
+++ b/aclocal/libevent.m4
|
|
|
|
@@ -1,12 +1,12 @@
|
|
|
|
dnl Checks for libevent
|
|
|
|
AC_DEFUN([AC_LIBEVENT], [
|
|
|
|
|
|
|
|
- dnl Check for libevent, but do not add -levent to LIBS
|
|
|
|
- AC_CHECK_LIB([event], [event_dispatch], [LIBEVENT=-levent],
|
|
|
|
+ dnl Check for libevent, but do not add -levent_core to LIBS
|
|
|
|
+ AC_CHECK_LIB([event_core], [event_base_dispatch], [LIBEVENT=-levent_core],
|
|
|
|
[AC_MSG_ERROR([libevent not found.])])
|
|
|
|
AC_SUBST(LIBEVENT)
|
|
|
|
|
|
|
|
- AC_CHECK_HEADERS([event.h], ,
|
|
|
|
+ AC_CHECK_HEADERS([event2/event.h], ,
|
|
|
|
[AC_MSG_ERROR([libevent headers not found.])])
|
|
|
|
|
|
|
|
])dnl
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
|
|
index 942f3c0..dbb795f 100644
|
|
|
|
--- a/configure.ac
|
|
|
|
+++ b/configure.ac
|
|
|
|
@@ -638,13 +638,12 @@ my_am_cflags="\
|
|
|
|
-Werror=parentheses \
|
|
|
|
-Werror=aggregate-return \
|
|
|
|
-Werror=unused-result \
|
|
|
|
- -Wno-cast-function-type \
|
|
|
|
-fno-strict-aliasing \
|
|
|
|
"
|
|
|
|
|
|
|
|
AC_DEFUN([CHECK_CCSUPPORT], [
|
|
|
|
my_save_cflags="$CFLAGS"
|
|
|
|
- CFLAGS=$1
|
|
|
|
+ CFLAGS="-Werror $1"
|
|
|
|
AC_MSG_CHECKING([whether CC supports $1])
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
|
|
|
|
[AC_MSG_RESULT([yes])]
|
|
|
|
@@ -658,9 +657,10 @@ CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1])
|
|
|
|
CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
|
|
|
|
CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
|
|
|
|
CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
|
|
|
|
+CHECK_CCSUPPORT([-Wno-cast-function-type], [flg5])
|
|
|
|
AX_GCC_FUNC_ATTRIBUTE([format])
|
|
|
|
|
|
|
|
-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
|
|
|
|
+AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4 $flg5"])
|
|
|
|
|
|
|
|
# Make sure that $ACLOCAL_FLAGS are used during a rebuild
|
|
|
|
AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
|
|
|
|
diff --git a/support/include/xcommon.h b/support/include/xcommon.h
|
|
|
|
index 30b0403..efde83c 100644
|
|
|
|
--- a/support/include/xcommon.h
|
|
|
|
+++ b/support/include/xcommon.h
|
|
|
|
@@ -7,7 +7,7 @@
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _XMALLOC_H
|
|
|
|
-#define _MALLOC_H
|
|
|
|
+#define _XMALLOC_H
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include <config.h>
|
|
|
|
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
|
|
|
|
index 97eb318..037febd 100644
|
|
|
|
--- a/support/nfs/exports.c
|
|
|
|
+++ b/support/nfs/exports.c
|
|
|
|
@@ -838,6 +838,7 @@ struct export_features *get_export_features(void)
|
|
|
|
close(fd);
|
|
|
|
if (c == -1)
|
|
|
|
goto err;
|
|
|
|
+ buf[c] = 0;
|
|
|
|
c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags);
|
|
|
|
if (c != 2)
|
|
|
|
goto err;
|
|
|
|
diff --git a/support/nfs/xlog.c b/support/nfs/xlog.c
|
|
|
|
index 687d862..86acd6a 100644
|
|
|
|
--- a/support/nfs/xlog.c
|
|
|
|
+++ b/support/nfs/xlog.c
|
|
|
|
@@ -156,13 +156,29 @@ xlog_enabled(int fac)
|
|
|
|
void
|
|
|
|
xlog_backend(int kind, const char *fmt, va_list args)
|
|
|
|
{
|
|
|
|
- va_list args2;
|
|
|
|
-
|
|
|
|
if (!(kind & (L_ALL)) && !(logging && (kind & logmask)))
|
|
|
|
return;
|
|
|
|
|
|
|
|
- if (log_stderr)
|
|
|
|
+ if (log_stderr) {
|
|
|
|
+ va_list args2;
|
|
|
|
+#ifdef VERBOSE_PRINTF
|
|
|
|
+ time_t now;
|
|
|
|
+ struct tm *tm;
|
|
|
|
+
|
|
|
|
+ time(&now);
|
|
|
|
+ tm = localtime(&now);
|
|
|
|
+ fprintf(stderr, "%s[%d] %04d-%02d-%02d %02d:%02d:%02d ",
|
|
|
|
+ log_name, log_pid,
|
|
|
|
+ tm->tm_year+1900, tm->tm_mon + 1, tm->tm_mday,
|
|
|
|
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
|
|
|
|
+#else
|
|
|
|
+ fprintf(stderr, "%s: ", log_name);
|
|
|
|
+#endif
|
|
|
|
va_copy(args2, args);
|
|
|
|
+ vfprintf(stderr, fmt, args2);
|
|
|
|
+ fprintf(stderr, "\n");
|
|
|
|
+ va_end(args2);
|
|
|
|
+ }
|
|
|
|
|
|
|
|
if (log_syslog) {
|
|
|
|
switch (kind) {
|
|
|
|
@@ -185,25 +201,6 @@ xlog_backend(int kind, const char *fmt, va_list args)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (log_stderr) {
|
|
|
|
-#ifdef VERBOSE_PRINTF
|
|
|
|
- time_t now;
|
|
|
|
- struct tm *tm;
|
|
|
|
-
|
|
|
|
- time(&now);
|
|
|
|
- tm = localtime(&now);
|
|
|
|
- fprintf(stderr, "%s[%d] %04d-%02d-%02d %02d:%02d:%02d ",
|
|
|
|
- log_name, log_pid,
|
|
|
|
- tm->tm_year+1900, tm->tm_mon + 1, tm->tm_mday,
|
|
|
|
- tm->tm_hour, tm->tm_min, tm->tm_sec);
|
|
|
|
-#else
|
|
|
|
- fprintf(stderr, "%s: ", log_name);
|
|
|
|
-#endif
|
|
|
|
- vfprintf(stderr, fmt, args2);
|
|
|
|
- fprintf(stderr, "\n");
|
|
|
|
- va_end(args2);
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
if (kind == L_FATAL)
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
|
|
|
|
index bce448c..0a912e5 100644
|
|
|
|
--- a/support/nfsidmap/libnfsidmap.c
|
|
|
|
+++ b/support/nfsidmap/libnfsidmap.c
|
|
|
|
@@ -237,24 +237,40 @@ static int load_translation_plugin(char *method, struct mapping_plugin *plgn)
|
|
|
|
{
|
|
|
|
void *dl = NULL;
|
|
|
|
struct trans_func *trans = NULL;
|
|
|
|
- libnfsidmap_plugin_init_t init_func;
|
|
|
|
+ libnfsidmap_plugin_init_t init_func = NULL;
|
|
|
|
char plgname[128];
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
- snprintf(plgname, sizeof(plgname), "%s/%s.so", PATH_PLUGINS, method);
|
|
|
|
+ /* Look for library using search path first to allow overriding */
|
|
|
|
+ snprintf(plgname, sizeof(plgname), "%s.so", method);
|
|
|
|
|
|
|
|
dl = dlopen(plgname, RTLD_NOW | RTLD_LOCAL);
|
|
|
|
- if (dl == NULL) {
|
|
|
|
- IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s",
|
|
|
|
- dlerror()));
|
|
|
|
- return -1;
|
|
|
|
+ if (dl != NULL) {
|
|
|
|
+ /* Is it really one of our libraries */
|
|
|
|
+ init_func = (libnfsidmap_plugin_init_t) dlsym(dl, PLUGIN_INIT_FUNC);
|
|
|
|
+ if (init_func == NULL) {
|
|
|
|
+ dlclose(dl);
|
|
|
|
+ dl = NULL;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
- init_func = (libnfsidmap_plugin_init_t) dlsym(dl, PLUGIN_INIT_FUNC);
|
|
|
|
- if (init_func == NULL) {
|
|
|
|
- IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s",
|
|
|
|
- dlerror()));
|
|
|
|
- dlclose(dl);
|
|
|
|
- return -1;
|
|
|
|
+
|
|
|
|
+ if (dl == NULL) {
|
|
|
|
+ /* Fallback to hard-coded path */
|
|
|
|
+ snprintf(plgname, sizeof(plgname), "%s/%s.so", PATH_PLUGINS, method);
|
|
|
|
+
|
|
|
|
+ dl = dlopen(plgname, RTLD_NOW | RTLD_LOCAL);
|
|
|
|
+ if (dl == NULL) {
|
|
|
|
+ IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s: %s",
|
|
|
|
+ plgname, dlerror()));
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+ init_func = (libnfsidmap_plugin_init_t) dlsym(dl, PLUGIN_INIT_FUNC);
|
|
|
|
+ if (init_func == NULL) {
|
|
|
|
+ IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s: %s",
|
|
|
|
+ plgname, dlerror()));
|
|
|
|
+ dlclose(dl);
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
trans = init_func();
|
|
|
|
if (trans == NULL) {
|
|
|
|
@@ -496,6 +512,19 @@ out:
|
|
|
|
return ret ? -ENOENT: 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
+void nfs4_term_name_mapping(void)
|
|
|
|
+{
|
|
|
|
+ if (nfs4_plugins)
|
|
|
|
+ unload_plugins(nfs4_plugins);
|
|
|
|
+ if (gss_plugins)
|
|
|
|
+ unload_plugins(gss_plugins);
|
|
|
|
+
|
|
|
|
+ nfs4_plugins = gss_plugins = NULL;
|
|
|
|
+
|
|
|
|
+ free_local_realms();
|
|
|
|
+ conf_cleanup();
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
int
|
|
|
|
nfs4_get_default_domain(char *UNUSED(server), char *domain, size_t len)
|
|
|
|
{
|
|
|
|
diff --git a/support/nfsidmap/nfsidmap.h b/support/nfsidmap/nfsidmap.h
|
|
|
|
index 1063065..5a79568 100644
|
|
|
|
--- a/support/nfsidmap/nfsidmap.h
|
|
|
|
+++ b/support/nfsidmap/nfsidmap.h
|
|
|
|
@@ -50,6 +50,7 @@ typedef struct _extra_mapping_params {
|
|
|
|
typedef void (*nfs4_idmap_log_function_t)(const char *, ...);
|
|
|
|
|
|
|
|
int nfs4_init_name_mapping(char *conffile);
|
|
|
|
+void nfs4_term_name_mapping(void);
|
|
|
|
int nfs4_get_default_domain(char *server, char *domain, size_t len);
|
|
|
|
int nfs4_uid_to_name(uid_t uid, char *domain, char *name, size_t len);
|
|
|
|
int nfs4_gid_to_name(gid_t gid, char *domain, char *name, size_t len);
|
|
|
|
diff --git a/support/nfsidmap/nfsidmap_common.c b/support/nfsidmap/nfsidmap_common.c
|
|
|
|
index f89b82e..4d2cb14 100644
|
|
|
|
--- a/support/nfsidmap/nfsidmap_common.c
|
|
|
|
+++ b/support/nfsidmap/nfsidmap_common.c
|
|
|
|
@@ -34,12 +34,21 @@ static char * toupper_str(char *s)
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
+static struct conf_list *local_realms = NULL;
|
|
|
|
+
|
|
|
|
+void free_local_realms(void)
|
|
|
|
+{
|
|
|
|
+ if (local_realms) {
|
|
|
|
+ conf_free_list(local_realms);
|
|
|
|
+ local_realms = NULL;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
/* Get list of "local equivalent" realms. Meaning the list of realms
|
|
|
|
* where john@REALM.A is considered the same user as john@REALM.B
|
|
|
|
* If not specified, default to upper-case of local domain name */
|
|
|
|
struct conf_list *get_local_realms(void)
|
|
|
|
{
|
|
|
|
- static struct conf_list *local_realms = NULL;
|
|
|
|
if (local_realms) return local_realms;
|
|
|
|
|
|
|
|
local_realms = conf_get_list("General", "Local-Realms");
|
|
|
|
diff --git a/support/nfsidmap/nfsidmap_private.h b/support/nfsidmap/nfsidmap_private.h
|
|
|
|
index f1af55f..a5cb6dd 100644
|
|
|
|
--- a/support/nfsidmap/nfsidmap_private.h
|
|
|
|
+++ b/support/nfsidmap/nfsidmap_private.h
|
|
|
|
@@ -37,6 +37,7 @@
|
|
|
|
#include "conffile.h"
|
|
|
|
|
|
|
|
struct conf_list *get_local_realms(void);
|
|
|
|
+void free_local_realms(void);
|
|
|
|
int get_nostrip(void);
|
|
|
|
int get_reformat_group(void);
|
|
|
|
|
|
|
|
diff --git a/support/nfsidmap/nss.c b/support/nfsidmap/nss.c
|
|
|
|
index 9d46499..669760b 100644
|
|
|
|
--- a/support/nfsidmap/nss.c
|
|
|
|
+++ b/support/nfsidmap/nss.c
|
|
|
|
@@ -467,6 +467,17 @@ static int nss_plugin_init(void)
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
+/*
|
|
|
|
+ * Called by dlclose(). See dlopen(3) man page
|
|
|
|
+ */
|
|
|
|
+__attribute__((destructor))
|
|
|
|
+static int nss_plugin_term(void)
|
|
|
|
+{
|
|
|
|
+ free_local_realms();
|
|
|
|
+ conf_cleanup();
|
|
|
|
+ return 0;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
|
|
|
|
struct trans_func nss_trans = {
|
|
|
|
.name = "nsswitch",
|
|
|
|
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
|
|
|
|
index 24118d6..06c1adb 100644
|
|
|
|
--- a/systemd/nfs-server.service
|
|
|
|
+++ b/systemd/nfs-server.service
|
|
|
|
@@ -1,18 +1,18 @@
|
|
|
|
[Unit]
|
|
|
|
Description=NFS server and services
|
|
|
|
DefaultDependencies=no
|
|
|
|
-Requires= network.target proc-fs-nfsd.mount
|
|
|
|
-Requires= nfs-mountd.service
|
|
|
|
+Requires=network.target proc-fs-nfsd.mount
|
|
|
|
+Requires=nfs-mountd.service
|
|
|
|
Wants=rpcbind.socket network-online.target
|
|
|
|
Wants=rpc-statd.service nfs-idmapd.service
|
|
|
|
Wants=rpc-statd-notify.service
|
|
|
|
Wants=nfsdcld.service
|
|
|
|
|
|
|
|
-After= network-online.target local-fs.target
|
|
|
|
-After= proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service
|
|
|
|
-After= nfs-idmapd.service rpc-statd.service
|
|
|
|
-After= nfsdcld.service
|
|
|
|
-Before= rpc-statd-notify.service
|
|
|
|
+After=network-online.target local-fs.target
|
|
|
|
+After=proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service
|
|
|
|
+After=nfs-idmapd.service rpc-statd.service
|
|
|
|
+After=nfsdcld.service
|
|
|
|
+Before=rpc-statd-notify.service
|
|
|
|
|
|
|
|
# GSS services dependencies and ordering
|
|
|
|
Wants=auth-rpcgss-module.service
|
|
|
|
diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py
|
2020-08-31 15:25:10 +00:00
|
|
|
index 014f38a..00adc96 100755
|
2020-08-04 13:38:56 +00:00
|
|
|
--- a/tools/mountstats/mountstats.py
|
|
|
|
+++ b/tools/mountstats/mountstats.py
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-#!/usr/bin/python
|
|
|
|
+#!/usr/bin/python3
|
|
|
|
# -*- python-mode -*-
|
|
|
|
"""Parse /proc/self/mountstats and display it in human readable form
|
|
|
|
"""
|
2020-08-04 13:38:56 +00:00
|
|
|
@@ -560,7 +560,10 @@ class DeviceData:
|
|
|
|
# the reference to them. so we build new lists here
|
|
|
|
# for the result object.
|
|
|
|
for op in result.__rpc_data['ops']:
|
|
|
|
- result.__rpc_data[op] = list(map(difference, self.__rpc_data[op], old_stats.__rpc_data[op]))
|
|
|
|
+ try:
|
|
|
|
+ result.__rpc_data[op] = list(map(difference, self.__rpc_data[op], old_stats.__rpc_data[op]))
|
|
|
|
+ except KeyError:
|
|
|
|
+ continue
|
|
|
|
|
|
|
|
# update the remaining keys
|
|
|
|
if protocol == 'udp':
|
|
|
|
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
|
2020-08-31 15:25:10 +00:00
|
|
|
index b7e98a2..4f5e8a6 100755
|
2020-08-04 13:38:56 +00:00
|
|
|
--- a/tools/nfs-iostat/nfs-iostat.py
|
|
|
|
+++ b/tools/nfs-iostat/nfs-iostat.py
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-#!/usr/bin/python
|
|
|
|
+#!/usr/bin/python3
|
|
|
|
# -*- python-mode -*-
|
|
|
|
"""Emulate iostat for NFS mount points using /proc/self/mountstats
|
|
|
|
"""
|
2020-08-04 13:38:56 +00:00
|
|
|
@@ -213,8 +213,11 @@ class DeviceData:
|
|
|
|
# the reference to them. so we build new lists here
|
|
|
|
# for the result object.
|
|
|
|
for op in result.__rpc_data['ops']:
|
|
|
|
- result.__rpc_data[op] = list(map(
|
|
|
|
- difference, self.__rpc_data[op], old_stats.__rpc_data[op]))
|
|
|
|
+ try:
|
|
|
|
+ result.__rpc_data[op] = list(map(
|
|
|
|
+ difference, self.__rpc_data[op], old_stats.__rpc_data[op]))
|
|
|
|
+ except KeyError:
|
|
|
|
+ continue
|
|
|
|
|
|
|
|
# update the remaining keys we care about
|
|
|
|
result.__rpc_data['rpcsends'] -= old_stats.__rpc_data['rpcsends']
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -380,6 +383,8 @@ class DeviceData:
|
|
|
|
sends = float(self.__rpc_data['rpcsends'])
|
|
|
|
if sample_time == 0:
|
|
|
|
sample_time = float(self.__nfs_data['age'])
|
|
|
|
+ if sample_time == 0:
|
|
|
|
+ sample_time = 1;
|
|
|
|
return (sends / sample_time)
|
|
|
|
|
|
|
|
def display_iostats(self, sample_time, which):
|
2020-08-04 13:38:56 +00:00
|
|
|
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
|
|
|
|
index a04a789..cde5e51 100644
|
|
|
|
--- a/utils/exportfs/exportfs.c
|
|
|
|
+++ b/utils/exportfs/exportfs.c
|
|
|
|
@@ -85,8 +85,11 @@ grab_lockfile()
|
|
|
|
static void
|
|
|
|
release_lockfile()
|
|
|
|
{
|
|
|
|
- if (_lockfd != -1)
|
|
|
|
+ if (_lockfd != -1) {
|
|
|
|
lockf(_lockfd, F_ULOCK, 0);
|
|
|
|
+ close(_lockfd);
|
|
|
|
+ _lockfd = -1;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
@@ -184,6 +187,7 @@ main(int argc, char **argv)
|
|
|
|
xtab_export_read();
|
|
|
|
dump(f_verbose, f_export_format);
|
|
|
|
free_state_path_names(&etab);
|
|
|
|
+ export_freeall();
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -225,6 +229,7 @@ main(int argc, char **argv)
|
|
|
|
xtab_export_write();
|
|
|
|
cache_flush(force_flush);
|
|
|
|
free_state_path_names(&etab);
|
|
|
|
+ export_freeall();
|
|
|
|
|
|
|
|
return export_errno;
|
|
|
|
}
|
|
|
|
diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
|
|
|
|
index 321046b..21d3bb8 100644
|
|
|
|
--- a/utils/gssd/Makefile.am
|
|
|
|
+++ b/utils/gssd/Makefile.am
|
|
|
|
@@ -67,7 +67,6 @@ gssd_CFLAGS = \
|
|
|
|
svcgssd_SOURCES = \
|
|
|
|
$(COMMON_SRCS) \
|
|
|
|
svcgssd.c \
|
|
|
|
- svcgssd_main_loop.c \
|
|
|
|
svcgssd_mech2file.c \
|
|
|
|
svcgssd_proc.c \
|
|
|
|
svcgssd_krb5.c \
|
|
|
|
@@ -78,6 +77,7 @@ svcgssd_SOURCES = \
|
|
|
|
svcgssd_LDADD = \
|
|
|
|
../../support/nfs/libnfs.la \
|
|
|
|
../../support/nfsidmap/libnfsidmap.la \
|
|
|
|
+ $(LIBEVENT) \
|
|
|
|
$(RPCSECGSS_LIBS) \
|
|
|
|
$(KRBLIBS) $(GSSAPI_LIBS) $(LIBTIRPC)
|
|
|
|
|
|
|
|
diff --git a/utils/gssd/gss_names.c b/utils/gssd/gss_names.c
|
|
|
|
index 2a7f3a1..982b96f 100644
|
|
|
|
--- a/utils/gssd/gss_names.c
|
|
|
|
+++ b/utils/gssd/gss_names.c
|
|
|
|
@@ -110,10 +110,12 @@ get_hostbased_client_name(gss_name_t client_name, gss_OID mech,
|
|
|
|
/* For Kerberos, transform the NT_KRB5_PRINCIPAL name to
|
|
|
|
* an NT_HOSTBASED_SERVICE name */
|
|
|
|
if (g_OID_equal(&krb5oid, mech)) {
|
|
|
|
- if (get_krb5_hostbased_name(&name, &cname) == 0)
|
|
|
|
- *hostbased_name = cname;
|
|
|
|
+ if (get_krb5_hostbased_name(&name, &cname) != 0)
|
|
|
|
+ goto out_rel_buf;
|
|
|
|
+ *hostbased_name = cname;
|
|
|
|
} else {
|
|
|
|
printerr(1, "WARNING: unknown/unsupport mech OID\n");
|
|
|
|
+ goto out_rel_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
res = 0;
|
|
|
|
diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
|
|
|
|
index 2e6d40f..a4b2777 100644
|
|
|
|
--- a/utils/gssd/gss_util.c
|
|
|
|
+++ b/utils/gssd/gss_util.c
|
|
|
|
@@ -339,3 +339,9 @@ out:
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
|
|
|
+void
|
|
|
|
+gssd_cleanup(void)
|
|
|
|
+{
|
|
|
|
+ u_int32_t min_stat;
|
|
|
|
+ gss_release_cred(&min_stat, &gssd_creds);
|
|
|
|
+}
|
|
|
|
diff --git a/utils/gssd/gss_util.h b/utils/gssd/gss_util.h
|
|
|
|
index aa9f778..4da64e3 100644
|
|
|
|
--- a/utils/gssd/gss_util.h
|
|
|
|
+++ b/utils/gssd/gss_util.h
|
|
|
|
@@ -41,6 +41,7 @@ int gssd_acquire_cred(char *server_name, const gss_OID oid);
|
|
|
|
void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
|
|
|
|
const gss_OID mech);
|
|
|
|
int gssd_check_mechs(void);
|
|
|
|
+void gssd_cleanup(void);
|
|
|
|
|
|
|
|
#ifndef HAVE_LIBGSSGLUE
|
|
|
|
#include <gssapi/gssapi_krb5.h>
|
|
|
|
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
|
|
|
index 588da0f..85bc4b0 100644
|
|
|
|
--- a/utils/gssd/gssd.c
|
|
|
|
+++ b/utils/gssd/gssd.c
|
|
|
|
@@ -64,7 +64,7 @@
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <dirent.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
-#include <event.h>
|
|
|
|
+#include <event2/event.h>
|
|
|
|
|
|
|
|
#include "gssd.h"
|
|
|
|
#include "err_util.h"
|
|
|
|
@@ -77,7 +77,7 @@ static char *pipefs_path = GSSD_PIPEFS_DIR;
|
|
|
|
static DIR *pipefs_dir;
|
|
|
|
static int pipefs_fd;
|
|
|
|
static int inotify_fd;
|
|
|
|
-struct event inotify_ev;
|
|
|
|
+struct event *inotify_ev;
|
|
|
|
|
|
|
|
char *keytabfile = GSSD_DEFAULT_KEYTAB_FILE;
|
|
|
|
char **ccachesearch;
|
|
|
|
@@ -90,9 +90,9 @@ char *ccachedir = NULL;
|
|
|
|
/* Avoid DNS reverse lookups on server names */
|
|
|
|
static bool avoid_dns = true;
|
|
|
|
static bool use_gssproxy = false;
|
|
|
|
-int thread_started = false;
|
|
|
|
-pthread_mutex_t pmutex = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
-pthread_cond_t pcond = PTHREAD_COND_INITIALIZER;
|
|
|
|
+pthread_mutex_t clp_lock = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
+static bool signal_received = false;
|
|
|
|
+static struct event_base *evbase = NULL;
|
|
|
|
|
|
|
|
TAILQ_HEAD(topdir_list_head, topdir) topdir_list;
|
|
|
|
|
|
|
|
@@ -359,20 +359,28 @@ out:
|
|
|
|
free(port);
|
|
|
|
}
|
|
|
|
|
|
|
|
+/* Actually frees clp and fields that might be used from other
|
|
|
|
+ * threads if was last reference.
|
|
|
|
+ */
|
|
|
|
static void
|
|
|
|
-gssd_destroy_client(struct clnt_info *clp)
|
|
|
|
+gssd_free_client(struct clnt_info *clp)
|
|
|
|
{
|
|
|
|
- if (clp->krb5_fd >= 0) {
|
|
|
|
+ int refcnt;
|
|
|
|
+
|
|
|
|
+ pthread_mutex_lock(&clp_lock);
|
|
|
|
+ refcnt = --clp->refcount;
|
|
|
|
+ pthread_mutex_unlock(&clp_lock);
|
|
|
|
+ if (refcnt > 0)
|
|
|
|
+ return;
|
|
|
|
+
|
|
|
|
+ printerr(3, "freeing client %s\n", clp->relpath);
|
|
|
|
+
|
|
|
|
+ if (clp->krb5_fd >= 0)
|
|
|
|
close(clp->krb5_fd);
|
|
|
|
- event_del(&clp->krb5_ev);
|
|
|
|
- }
|
|
|
|
|
|
|
|
- if (clp->gssd_fd >= 0) {
|
|
|
|
+ if (clp->gssd_fd >= 0)
|
|
|
|
close(clp->gssd_fd);
|
|
|
|
- event_del(&clp->gssd_ev);
|
|
|
|
- }
|
|
|
|
|
|
|
|
- inotify_rm_watch(inotify_fd, clp->wd);
|
|
|
|
free(clp->relpath);
|
|
|
|
free(clp->servicename);
|
|
|
|
free(clp->servername);
|
|
|
|
@@ -380,6 +388,30 @@ gssd_destroy_client(struct clnt_info *clp)
|
|
|
|
free(clp);
|
|
|
|
}
|
|
|
|
|
|
|
|
+/* Called when removing from clnt_list to tear down event handling.
|
|
|
|
+ * Will then free clp if was last reference.
|
|
|
|
+ */
|
|
|
|
+static void
|
|
|
|
+gssd_destroy_client(struct clnt_info *clp)
|
|
|
|
+{
|
|
|
|
+ printerr(3, "destroying client %s\n", clp->relpath);
|
|
|
|
+
|
|
|
|
+ if (clp->krb5_ev) {
|
|
|
|
+ event_del(clp->krb5_ev);
|
|
|
|
+ event_free(clp->krb5_ev);
|
|
|
|
+ clp->krb5_ev = NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (clp->gssd_ev) {
|
|
|
|
+ event_del(clp->gssd_ev);
|
|
|
|
+ event_free(clp->gssd_ev);
|
|
|
|
+ clp->gssd_ev = NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ inotify_rm_watch(inotify_fd, clp->wd);
|
|
|
|
+ gssd_free_client(clp);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
static void gssd_scan(void);
|
|
|
|
|
|
|
|
static int
|
|
|
|
@@ -416,11 +448,21 @@ static struct clnt_upcall_info *alloc_upcall_info(struct clnt_info *clp)
|
|
|
|
info = malloc(sizeof(struct clnt_upcall_info));
|
|
|
|
if (info == NULL)
|
|
|
|
return NULL;
|
|
|
|
+
|
|
|
|
+ pthread_mutex_lock(&clp_lock);
|
|
|
|
+ clp->refcount++;
|
|
|
|
+ pthread_mutex_unlock(&clp_lock);
|
|
|
|
info->clp = clp;
|
|
|
|
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
|
|
|
+void free_upcall_info(struct clnt_upcall_info *info)
|
|
|
|
+{
|
|
|
|
+ gssd_free_client(info->clp);
|
|
|
|
+ free(info);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
/* For each upcall read the upcall info into the buffer, then create a
|
|
|
|
* thread in a detached state so that resources are released back into
|
|
|
|
* the system without the need for a join.
|
|
|
|
@@ -438,13 +480,13 @@ gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
|
|
|
|
info->lbuflen = read(clp->gssd_fd, info->lbuf, sizeof(info->lbuf));
|
|
|
|
if (info->lbuflen <= 0 || info->lbuf[info->lbuflen-1] != '\n') {
|
|
|
|
printerr(0, "WARNING: %s: failed reading request\n", __func__);
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
info->lbuf[info->lbuflen-1] = 0;
|
|
|
|
|
|
|
|
if (start_upcall_thread(handle_gssd_upcall, info))
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
@@ -461,12 +503,12 @@ gssd_clnt_krb5_cb(int UNUSED(fd), short UNUSED(which), void *data)
|
|
|
|
sizeof(info->uid)) < (ssize_t)sizeof(info->uid)) {
|
|
|
|
printerr(0, "WARNING: %s: failed reading uid from krb5 "
|
|
|
|
"upcall pipe: %s\n", __func__, strerror(errno));
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (start_upcall_thread(handle_krb5_upcall, info))
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct clnt_info *
|
|
|
|
@@ -478,6 +520,8 @@ gssd_get_clnt(struct topdir *tdi, const char *name)
|
|
|
|
if (!strcmp(clp->name, name))
|
|
|
|
return clp;
|
|
|
|
|
|
|
|
+ printerr(3, "creating client %s/%s\n", tdi->name, name);
|
|
|
|
+
|
|
|
|
clp = calloc(1, sizeof(struct clnt_info));
|
|
|
|
if (!clp) {
|
|
|
|
printerr(0, "ERROR: can't malloc clnt_info: %s\n",
|
|
|
|
@@ -501,6 +545,7 @@ gssd_get_clnt(struct topdir *tdi, const char *name)
|
|
|
|
clp->name = clp->relpath + strlen(tdi->name) + 1;
|
|
|
|
clp->krb5_fd = -1;
|
|
|
|
clp->gssd_fd = -1;
|
|
|
|
+ clp->refcount = 1;
|
|
|
|
|
|
|
|
TAILQ_INSERT_HEAD(&tdi->clnt_list, clp, list);
|
|
|
|
return clp;
|
|
|
|
@@ -515,11 +560,8 @@ static int
|
|
|
|
gssd_scan_clnt(struct clnt_info *clp)
|
|
|
|
{
|
|
|
|
int clntfd;
|
|
|
|
- bool gssd_was_closed;
|
|
|
|
- bool krb5_was_closed;
|
|
|
|
|
|
|
|
- gssd_was_closed = clp->gssd_fd < 0 ? true : false;
|
|
|
|
- krb5_was_closed = clp->krb5_fd < 0 ? true : false;
|
|
|
|
+ printerr(3, "scanning client %s\n", clp->relpath);
|
|
|
|
|
|
|
|
clntfd = openat(pipefs_fd, clp->relpath, O_RDONLY);
|
|
|
|
if (clntfd < 0) {
|
|
|
|
@@ -535,16 +577,30 @@ gssd_scan_clnt(struct clnt_info *clp)
|
|
|
|
if (clp->gssd_fd == -1 && clp->krb5_fd == -1)
|
|
|
|
clp->krb5_fd = openat(clntfd, "krb5", O_RDWR | O_NONBLOCK);
|
|
|
|
|
|
|
|
- if (gssd_was_closed && clp->gssd_fd >= 0) {
|
|
|
|
- event_set(&clp->gssd_ev, clp->gssd_fd, EV_READ | EV_PERSIST,
|
|
|
|
- gssd_clnt_gssd_cb, clp);
|
|
|
|
- event_add(&clp->gssd_ev, NULL);
|
|
|
|
+ if (!clp->gssd_ev && clp->gssd_fd >= 0) {
|
|
|
|
+ clp->gssd_ev = event_new(evbase, clp->gssd_fd, EV_READ | EV_PERSIST,
|
|
|
|
+ gssd_clnt_gssd_cb, clp);
|
|
|
|
+ if (!clp->gssd_ev) {
|
|
|
|
+ printerr(0, "ERROR: %s: can't create gssd event for %s: %s\n",
|
|
|
|
+ __FUNCTION__, clp->relpath, strerror(errno));
|
|
|
|
+ close(clp->gssd_fd);
|
|
|
|
+ clp->gssd_fd = -1;
|
|
|
|
+ } else {
|
|
|
|
+ event_add(clp->gssd_ev, NULL);
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (krb5_was_closed && clp->krb5_fd >= 0) {
|
|
|
|
- event_set(&clp->krb5_ev, clp->krb5_fd, EV_READ | EV_PERSIST,
|
|
|
|
- gssd_clnt_krb5_cb, clp);
|
|
|
|
- event_add(&clp->krb5_ev, NULL);
|
|
|
|
+ if (!clp->krb5_ev && clp->krb5_fd >= 0) {
|
|
|
|
+ clp->krb5_ev = event_new(evbase, clp->krb5_fd, EV_READ | EV_PERSIST,
|
|
|
|
+ gssd_clnt_krb5_cb, clp);
|
|
|
|
+ if (!clp->krb5_ev) {
|
|
|
|
+ printerr(0, "ERROR: %s: can't create krb5 event for %s: %s\n",
|
|
|
|
+ __FUNCTION__, clp->relpath, strerror(errno));
|
|
|
|
+ close(clp->krb5_fd);
|
|
|
|
+ clp->krb5_fd = -1;
|
|
|
|
+ } else {
|
|
|
|
+ event_add(clp->krb5_ev, NULL);
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
if (clp->krb5_fd == -1 && clp->gssd_fd == -1)
|
|
|
|
@@ -651,7 +707,7 @@ gssd_scan_topdir(const char *name)
|
|
|
|
if (clp->scanned)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
- printerr(3, "destroying client %s\n", clp->relpath);
|
|
|
|
+ printerr(3, "orphaned client %s\n", clp->relpath);
|
|
|
|
saveprev = clp->list.tqe_prev;
|
|
|
|
TAILQ_REMOVE(&tdi->clnt_list, clp, list);
|
|
|
|
gssd_destroy_client(clp);
|
|
|
|
@@ -748,12 +804,16 @@ gssd_inotify_clnt(struct topdir *tdi, struct clnt_info *clp, const struct inotif
|
|
|
|
} else if (ev->mask & IN_DELETE) {
|
|
|
|
if (!strcmp(ev->name, "gssd") && clp->gssd_fd >= 0) {
|
|
|
|
close(clp->gssd_fd);
|
|
|
|
- event_del(&clp->gssd_ev);
|
|
|
|
+ event_del(clp->gssd_ev);
|
|
|
|
+ event_free(clp->gssd_ev);
|
|
|
|
+ clp->gssd_ev = NULL;
|
|
|
|
clp->gssd_fd = -1;
|
|
|
|
|
|
|
|
} else if (!strcmp(ev->name, "krb5") && clp->krb5_fd >= 0) {
|
|
|
|
close(clp->krb5_fd);
|
|
|
|
- event_del(&clp->krb5_ev);
|
|
|
|
+ event_del(clp->krb5_ev);
|
|
|
|
+ event_free(clp->krb5_ev);
|
|
|
|
+ clp->krb5_ev = NULL;
|
|
|
|
clp->krb5_fd = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
@@ -826,10 +886,15 @@ found:
|
|
|
|
static void
|
|
|
|
sig_die(int signal)
|
|
|
|
{
|
|
|
|
- if (root_uses_machine_creds)
|
|
|
|
- gssd_destroy_krb5_machine_creds();
|
|
|
|
+ if (signal_received) {
|
|
|
|
+ gssd_destroy_krb5_principals(root_uses_machine_creds);
|
|
|
|
+ printerr(1, "forced exiting on signal %d\n", signal);
|
|
|
|
+ exit(0);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ signal_received = true;
|
|
|
|
printerr(1, "exiting on signal %d\n", signal);
|
|
|
|
- exit(0);
|
|
|
|
+ event_base_loopexit(evbase, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
@@ -886,9 +951,10 @@ main(int argc, char *argv[])
|
|
|
|
int rpc_verbosity = 0;
|
|
|
|
int opt;
|
|
|
|
int i;
|
|
|
|
+ int rc;
|
|
|
|
extern char *optarg;
|
|
|
|
char *progname;
|
|
|
|
- struct event sighup_ev;
|
|
|
|
+ struct event *sighup_ev;
|
|
|
|
|
|
|
|
read_gss_conf();
|
|
|
|
|
|
|
|
@@ -1027,7 +1093,11 @@ main(int argc, char *argv[])
|
|
|
|
if (gssd_check_mechs() != 0)
|
|
|
|
errx(1, "Problem with gssapi library");
|
|
|
|
|
|
|
|
- event_init();
|
|
|
|
+ evbase = event_base_new();
|
|
|
|
+ if (!evbase) {
|
|
|
|
+ printerr(0, "ERROR: failed to create event base: %s\n", strerror(errno));
|
|
|
|
+ exit(EXIT_FAILURE);
|
|
|
|
+ }
|
|
|
|
|
|
|
|
pipefs_dir = opendir(pipefs_path);
|
|
|
|
if (!pipefs_dir) {
|
|
|
|
@@ -1049,18 +1119,51 @@ main(int argc, char *argv[])
|
|
|
|
|
|
|
|
signal(SIGINT, sig_die);
|
|
|
|
signal(SIGTERM, sig_die);
|
|
|
|
- signal_set(&sighup_ev, SIGHUP, gssd_scan_cb, NULL);
|
|
|
|
- signal_add(&sighup_ev, NULL);
|
|
|
|
- event_set(&inotify_ev, inotify_fd, EV_READ | EV_PERSIST, gssd_inotify_cb, NULL);
|
|
|
|
- event_add(&inotify_ev, NULL);
|
|
|
|
+ sighup_ev = evsignal_new(evbase, SIGHUP, gssd_scan_cb, NULL);
|
|
|
|
+ if (!sighup_ev) {
|
|
|
|
+ printerr(0, "ERROR: failed to create SIGHUP event: %s\n", strerror(errno));
|
|
|
|
+ exit(EXIT_FAILURE);
|
|
|
|
+ }
|
|
|
|
+ evsignal_add(sighup_ev, NULL);
|
|
|
|
+ inotify_ev = event_new(evbase, inotify_fd, EV_READ | EV_PERSIST,
|
|
|
|
+ gssd_inotify_cb, NULL);
|
|
|
|
+ if (!inotify_ev) {
|
|
|
|
+ printerr(0, "ERROR: failed to create inotify event: %s\n", strerror(errno));
|
|
|
|
+ exit(EXIT_FAILURE);
|
|
|
|
+ }
|
|
|
|
+ event_add(inotify_ev, NULL);
|
|
|
|
|
|
|
|
TAILQ_INIT(&topdir_list);
|
|
|
|
gssd_scan();
|
|
|
|
daemon_ready();
|
|
|
|
|
|
|
|
- event_dispatch();
|
|
|
|
+ rc = event_base_dispatch(evbase);
|
|
|
|
|
|
|
|
- printerr(0, "ERROR: event_dispatch() returned!\n");
|
|
|
|
- return EXIT_FAILURE;
|
|
|
|
-}
|
|
|
|
+ printerr(0, "event_dispatch() returned %i!\n", rc);
|
|
|
|
+
|
|
|
|
+ gssd_destroy_krb5_principals(root_uses_machine_creds);
|
|
|
|
+
|
|
|
|
+ while (!TAILQ_EMPTY(&topdir_list)) {
|
|
|
|
+ struct topdir *tdi = TAILQ_FIRST(&topdir_list);
|
|
|
|
+ TAILQ_REMOVE(&topdir_list, tdi, list);
|
|
|
|
+ while (!TAILQ_EMPTY(&tdi->clnt_list)) {
|
|
|
|
+ struct clnt_info *clp = TAILQ_FIRST(&tdi->clnt_list);
|
|
|
|
+ TAILQ_REMOVE(&tdi->clnt_list, clp, list);
|
|
|
|
+ gssd_destroy_client(clp);
|
|
|
|
+ }
|
|
|
|
+ free(tdi);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ event_free(inotify_ev);
|
|
|
|
+ event_free(sighup_ev);
|
|
|
|
+ event_base_free(evbase);
|
|
|
|
|
|
|
|
+ close(inotify_fd);
|
|
|
|
+ close(pipefs_fd);
|
|
|
|
+ closedir(pipefs_dir);
|
|
|
|
+
|
|
|
|
+ free(preferred_realm);
|
|
|
|
+ free(ccachesearch);
|
|
|
|
+
|
|
|
|
+ return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
|
|
|
+}
|
|
|
|
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
|
|
|
|
index f4f5975..1e8c58d 100644
|
|
|
|
--- a/utils/gssd/gssd.h
|
|
|
|
+++ b/utils/gssd/gssd.h
|
|
|
|
@@ -62,13 +62,10 @@ extern int root_uses_machine_creds;
|
|
|
|
extern unsigned int context_timeout;
|
|
|
|
extern unsigned int rpc_timeout;
|
|
|
|
extern char *preferred_realm;
|
|
|
|
-extern pthread_mutex_t ple_lock;
|
|
|
|
-extern pthread_cond_t pcond;
|
|
|
|
-extern pthread_mutex_t pmutex;
|
|
|
|
-extern int thread_started;
|
|
|
|
|
|
|
|
struct clnt_info {
|
|
|
|
TAILQ_ENTRY(clnt_info) list;
|
|
|
|
+ int refcount;
|
|
|
|
int wd;
|
|
|
|
bool scanned;
|
|
|
|
char *name;
|
|
|
|
@@ -79,9 +76,9 @@ struct clnt_info {
|
|
|
|
int vers;
|
|
|
|
char *protocol;
|
|
|
|
int krb5_fd;
|
|
|
|
- struct event krb5_ev;
|
|
|
|
+ struct event *krb5_ev;
|
|
|
|
int gssd_fd;
|
|
|
|
- struct event gssd_ev;
|
|
|
|
+ struct event *gssd_ev;
|
|
|
|
struct sockaddr_storage addr;
|
|
|
|
};
|
|
|
|
|
|
|
|
@@ -94,6 +91,7 @@ struct clnt_upcall_info {
|
|
|
|
|
|
|
|
void handle_krb5_upcall(struct clnt_upcall_info *clp);
|
|
|
|
void handle_gssd_upcall(struct clnt_upcall_info *clp);
|
|
|
|
+void free_upcall_info(struct clnt_upcall_info *info);
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* _RPC_GSSD_H_ */
|
|
|
|
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
2020-08-31 16:21:06 +00:00
|
|
|
index 8fe6605..e830f49 100644
|
2020-08-04 13:38:56 +00:00
|
|
|
--- a/utils/gssd/gssd_proc.c
|
|
|
|
+++ b/utils/gssd/gssd_proc.c
|
|
|
|
@@ -149,9 +149,10 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
|
|
|
|
char *buf = NULL, *p = NULL, *end = NULL;
|
|
|
|
unsigned int timeout = context_timeout;
|
|
|
|
unsigned int buf_size = 0;
|
|
|
|
+ pthread_t tid = pthread_self();
|
|
|
|
|
|
|
|
- printerr(2, "doing downcall: lifetime_rec=%u acceptor=%.*s\n",
|
|
|
|
- lifetime_rec, acceptor->length, acceptor->value);
|
|
|
|
+ printerr(2, "do_downcall(0x%x): lifetime_rec=%u acceptor=%.*s\n",
|
|
|
|
+ tid, lifetime_rec, acceptor->length, acceptor->value);
|
|
|
|
buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) +
|
|
|
|
sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length +
|
|
|
|
sizeof(context_token->length) + context_token->length +
|
|
|
|
@@ -177,7 +178,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
|
|
|
|
return;
|
|
|
|
out_err:
|
|
|
|
free(buf);
|
|
|
|
- printerr(1, "Failed to write downcall!\n");
|
|
|
|
+ printerr(1, "do_downcall(0x%x): Failed to write downcall!\n", tid);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
@@ -231,7 +232,7 @@ populate_port(struct sockaddr *sa, const socklen_t salen,
|
|
|
|
switch (sa->sa_family) {
|
|
|
|
case AF_INET:
|
|
|
|
if (s4->sin_port != 0) {
|
|
|
|
- printerr(2, "DEBUG: port already set to %d\n",
|
|
|
|
+ printerr(4, "DEBUG: port already set to %d\n",
|
|
|
|
ntohs(s4->sin_port));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
@@ -239,7 +240,7 @@ populate_port(struct sockaddr *sa, const socklen_t salen,
|
|
|
|
#ifdef IPV6_SUPPORTED
|
|
|
|
case AF_INET6:
|
|
|
|
if (s6->sin6_port != 0) {
|
|
|
|
- printerr(2, "DEBUG: port already set to %d\n",
|
|
|
|
+ printerr(4, "DEBUG: port already set to %d\n",
|
|
|
|
ntohs(s6->sin6_port));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
@@ -548,7 +549,7 @@ krb5_use_machine_creds(struct clnt_info *clp, uid_t uid,
|
|
|
|
uid, tgtname);
|
|
|
|
|
|
|
|
do {
|
|
|
|
- gssd_refresh_krb5_machine_credential(clp->servername, NULL,
|
|
|
|
+ gssd_refresh_krb5_machine_credential(clp->servername,
|
|
|
|
service, srchost);
|
|
|
|
/*
|
|
|
|
* Get a list of credential cache names and try each
|
2020-08-31 16:21:06 +00:00
|
|
|
@@ -730,7 +731,7 @@ handle_krb5_upcall(struct clnt_upcall_info *info)
|
2020-08-04 13:38:56 +00:00
|
|
|
printerr(2, "\n%s: uid %d (%s)\n", __func__, info->uid, clp->relpath);
|
|
|
|
|
|
|
|
process_krb5_upcall(clp, info->uid, clp->krb5_fd, NULL, NULL, NULL);
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2020-08-31 16:21:06 +00:00
|
|
|
@@ -747,8 +748,10 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
|
2020-08-04 13:38:56 +00:00
|
|
|
char *enctypes = NULL;
|
|
|
|
char *upcall_str;
|
|
|
|
char *pbuf = info->lbuf;
|
|
|
|
+ pthread_t tid = pthread_self();
|
|
|
|
|
|
|
|
- printerr(2, "\n%s: '%s' (%s)\n", __func__, info->lbuf, clp->relpath);
|
|
|
|
+ printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
|
|
|
|
+ info->lbuf, clp->relpath);
|
|
|
|
|
|
|
|
upcall_str = strdup(info->lbuf);
|
|
|
|
if (upcall_str == NULL) {
|
2020-08-31 16:21:06 +00:00
|
|
|
@@ -830,6 +833,6 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
|
2020-08-04 13:38:56 +00:00
|
|
|
out:
|
|
|
|
free(upcall_str);
|
|
|
|
out_nomem:
|
|
|
|
- free(info);
|
|
|
|
+ free_upcall_info(info);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
|
|
|
index 8c73748..9bd74b0 100644
|
|
|
|
--- a/utils/gssd/krb5_util.c
|
|
|
|
+++ b/utils/gssd/krb5_util.c
|
|
|
|
@@ -130,9 +130,28 @@
|
|
|
|
#include "gss_util.h"
|
|
|
|
#include "krb5_util.h"
|
|
|
|
|
|
|
|
+/*
|
|
|
|
+ * List of principals from our keytab that we
|
|
|
|
+ * will try to use to obtain credentials
|
|
|
|
+ * (known as a principal list entry (ple))
|
|
|
|
+ */
|
|
|
|
+struct gssd_k5_kt_princ {
|
|
|
|
+ struct gssd_k5_kt_princ *next;
|
|
|
|
+ // Only protect against deletion, not modification
|
|
|
|
+ int refcount;
|
|
|
|
+ // Only set during creation in new_ple()
|
|
|
|
+ krb5_principal princ;
|
|
|
|
+ char *realm;
|
|
|
|
+ // Modified during usage by gssd_get_single_krb5_cred()
|
|
|
|
+ char *ccname;
|
|
|
|
+ krb5_timestamp endtime;
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+
|
|
|
|
/* Global list of principals/cache file names for machine credentials */
|
|
|
|
-struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL;
|
|
|
|
-pthread_mutex_t ple_lock = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
+static struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL;
|
|
|
|
+/* This mutex protects list modification & ple->ccname */
|
|
|
|
+static pthread_mutex_t ple_lock = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
|
|
|
|
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
|
|
|
int limit_to_legacy_enctypes = 0;
|
|
|
|
@@ -146,10 +165,22 @@ static int select_krb5_ccache(const struct dirent *d);
|
|
|
|
static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
|
|
|
|
const char **cctype, struct dirent **d);
|
|
|
|
static int gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
- krb5_keytab kt, struct gssd_k5_kt_princ *ple, int nocache);
|
|
|
|
+ krb5_keytab kt, struct gssd_k5_kt_princ *ple);
|
|
|
|
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
|
|
|
|
char **ret_realm);
|
|
|
|
|
|
|
|
+static void release_ple(krb5_context context, struct gssd_k5_kt_princ *ple)
|
|
|
|
+{
|
|
|
|
+ if (--ple->refcount)
|
|
|
|
+ return;
|
|
|
|
+
|
|
|
|
+ printerr(3, "freeing cached principal (ccname=%s, realm=%s)\n", ple->ccname, ple->realm);
|
|
|
|
+ krb5_free_principal(context, ple->princ);
|
|
|
|
+ free(ple->ccname);
|
|
|
|
+ free(ple->realm);
|
|
|
|
+ free(ple);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
/*
|
|
|
|
* Called from the scandir function to weed out potential krb5
|
|
|
|
* credentials cache files
|
|
|
|
@@ -192,7 +223,8 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
|
|
|
|
int found = 0;
|
|
|
|
struct dirent *best_match_dir = NULL;
|
|
|
|
struct stat best_match_stat, tmp_stat;
|
|
|
|
- char buf[PATH_MAX+4+2+256];
|
|
|
|
+ /* dirname + cctype + d_name + NULL */
|
|
|
|
+ char buf[PATH_MAX+5+256+1];
|
|
|
|
char *princname = NULL;
|
|
|
|
char *realm = NULL;
|
|
|
|
int score, best_match_score = 0, err = -EACCES;
|
|
|
|
@@ -349,8 +381,7 @@ gssd_check_if_cc_exists(struct gssd_k5_kt_princ *ple)
|
|
|
|
static int
|
|
|
|
gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
krb5_keytab kt,
|
|
|
|
- struct gssd_k5_kt_princ *ple,
|
|
|
|
- int nocache)
|
|
|
|
+ struct gssd_k5_kt_princ *ple)
|
|
|
|
{
|
|
|
|
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS
|
|
|
|
krb5_get_init_creds_opt *init_opts = NULL;
|
|
|
|
@@ -367,22 +398,26 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
char *cache_type;
|
|
|
|
char *pname = NULL;
|
|
|
|
char *k5err = NULL;
|
|
|
|
+ int nocache = 0;
|
|
|
|
|
|
|
|
memset(&my_creds, 0, sizeof(my_creds));
|
|
|
|
|
|
|
|
- if (!nocache && !use_memcache)
|
|
|
|
+ if (!use_memcache)
|
|
|
|
nocache = gssd_check_if_cc_exists(ple);
|
|
|
|
/*
|
|
|
|
* Workaround for clock skew among NFS server, NFS client and KDC
|
|
|
|
* 300 because clock skew must be within 300sec for kerberos
|
|
|
|
*/
|
|
|
|
now += 300;
|
|
|
|
+ pthread_mutex_lock(&ple_lock);
|
|
|
|
if (ple->ccname && ple->endtime > now && !nocache) {
|
|
|
|
printerr(3, "INFO: Credentials in CC '%s' are good until %d\n",
|
|
|
|
ple->ccname, ple->endtime);
|
|
|
|
code = 0;
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
|
|
|
|
if ((code = krb5_kt_get_name(context, kt, kt_name, BUFSIZ))) {
|
|
|
|
printerr(0, "ERROR: Unable to get keytab name in "
|
|
|
|
@@ -435,6 +470,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
* Initialize cache file which we're going to be using
|
|
|
|
*/
|
|
|
|
|
|
|
|
+ pthread_mutex_lock(&ple_lock);
|
|
|
|
if (use_memcache)
|
|
|
|
cache_type = "MEMORY";
|
|
|
|
else
|
|
|
|
@@ -444,15 +480,18 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
ccachesearch[0], GSSD_DEFAULT_CRED_PREFIX,
|
|
|
|
GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm);
|
|
|
|
ple->endtime = my_creds.times.endtime;
|
|
|
|
- if (ple->ccname != NULL)
|
|
|
|
+ if (ple->ccname == NULL || strcmp(ple->ccname, cc_name) != 0) {
|
|
|
|
free(ple->ccname);
|
|
|
|
- ple->ccname = strdup(cc_name);
|
|
|
|
- if (ple->ccname == NULL) {
|
|
|
|
- printerr(0, "ERROR: no storage to duplicate credentials "
|
|
|
|
- "cache name '%s'\n", cc_name);
|
|
|
|
- code = ENOMEM;
|
|
|
|
- goto out;
|
|
|
|
+ ple->ccname = strdup(cc_name);
|
|
|
|
+ if (ple->ccname == NULL) {
|
|
|
|
+ printerr(0, "ERROR: no storage to duplicate credentials "
|
|
|
|
+ "cache name '%s'\n", cc_name);
|
|
|
|
+ code = ENOMEM;
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
if ((code = krb5_cc_resolve(context, cc_name, &ccache))) {
|
|
|
|
k5err = gssd_k5_err_msg(context, code);
|
|
|
|
printerr(0, "ERROR: %s while opening credential cache '%s'\n",
|
|
|
|
@@ -484,12 +523,13 @@ gssd_get_single_krb5_cred(krb5_context context,
|
|
|
|
if (ccache)
|
|
|
|
krb5_cc_close(context, ccache);
|
|
|
|
krb5_free_cred_contents(context, &my_creds);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
return (code);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given a principal, find a matching ple structure
|
|
|
|
+ * Called with mutex held
|
|
|
|
*/
|
|
|
|
static struct gssd_k5_kt_princ *
|
|
|
|
find_ple_by_princ(krb5_context context, krb5_principal princ)
|
|
|
|
@@ -506,6 +546,7 @@ find_ple_by_princ(krb5_context context, krb5_principal princ)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create, initialize, and add a new ple structure to the global list
|
|
|
|
+ * Called with mutex held
|
|
|
|
*/
|
|
|
|
static struct gssd_k5_kt_princ *
|
|
|
|
new_ple(krb5_context context, krb5_principal princ)
|
|
|
|
@@ -557,6 +598,7 @@ new_ple(krb5_context context, krb5_principal princ)
|
|
|
|
p->next = ple;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ ple->refcount = 1;
|
|
|
|
return ple;
|
|
|
|
outerr:
|
|
|
|
if (ple) {
|
|
|
|
@@ -575,13 +617,14 @@ get_ple_by_princ(krb5_context context, krb5_principal princ)
|
|
|
|
{
|
|
|
|
struct gssd_k5_kt_princ *ple;
|
|
|
|
|
|
|
|
- /* Need to serialize list if we ever become multi-threaded! */
|
|
|
|
-
|
|
|
|
pthread_mutex_lock(&ple_lock);
|
|
|
|
ple = find_ple_by_princ(context, princ);
|
|
|
|
if (ple == NULL) {
|
|
|
|
ple = new_ple(context, princ);
|
|
|
|
}
|
|
|
|
+ if (ple != NULL) {
|
|
|
|
+ ple->refcount++;
|
|
|
|
+ }
|
|
|
|
pthread_mutex_unlock(&ple_lock);
|
|
|
|
|
|
|
|
return ple;
|
|
|
|
@@ -715,6 +758,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ printerr(4, "Scanning keytab for %s/*@%s\n", service, realm);
|
|
|
|
while ((code = krb5_kt_next_entry(context, kt, kte, &cursor)) == 0) {
|
|
|
|
if ((code = krb5_unparse_name(context, kte->principal,
|
|
|
|
&pname))) {
|
|
|
|
@@ -723,7 +767,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
|
|
|
"we failed to unparse principal name: %s\n",
|
|
|
|
k5err);
|
|
|
|
k5_free_kt_entry(context, kte);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
k5err = NULL;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
@@ -746,6 +790,8 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
|
|
|
retval = ENOMEM;
|
|
|
|
k5_free_kt_entry(context, kte);
|
|
|
|
} else {
|
|
|
|
+ release_ple(context, ple);
|
|
|
|
+ ple = NULL;
|
|
|
|
retval = 0;
|
|
|
|
*found = 1;
|
|
|
|
}
|
|
|
|
@@ -770,7 +816,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
|
|
|
if (retval < 0)
|
|
|
|
retval = 0;
|
|
|
|
out:
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
|
|
|
@@ -811,41 +857,42 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
|
|
|
/* Get full local hostname */
|
|
|
|
if (srchost) {
|
|
|
|
strcpy(myhostname, srchost);
|
|
|
|
- } else if (gethostname(myhostname, sizeof(myhostname)) == -1) {
|
|
|
|
- retval = errno;
|
|
|
|
- k5err = gssd_k5_err_msg(context, retval);
|
|
|
|
- printerr(1, "%s while getting local hostname\n", k5err);
|
|
|
|
- goto out;
|
|
|
|
+ strcpy(myhostad, myhostname);
|
|
|
|
+ } else {
|
|
|
|
+ /* Borrow myhostad for gethostname(), we need it later anyways */
|
|
|
|
+ if (gethostname(myhostad, sizeof(myhostad)-1) == -1) {
|
|
|
|
+ retval = errno;
|
|
|
|
+ k5err = gssd_k5_err_msg(context, retval);
|
|
|
|
+ printerr(1, "%s while getting local hostname\n", k5err);
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+ retval = get_full_hostname(myhostad, myhostname, sizeof(myhostname));
|
|
|
|
+ if (retval) {
|
|
|
|
+ /* Don't use myhostname */
|
|
|
|
+ myhostname[0] = 0;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Compute the active directory machine name HOST$ */
|
|
|
|
- krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
|
|
|
|
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
|
|
|
|
notsetstr, &adhostoverride);
|
|
|
|
- if (strcmp(adhostoverride, notsetstr) != 0) {
|
|
|
|
- printerr (1,
|
|
|
|
- "AD host string overridden with \"%s\" from appdefaults\n",
|
|
|
|
- adhostoverride);
|
|
|
|
- /* No overflow: Windows cannot handle strings longer than 19 chars */
|
|
|
|
- strcpy(myhostad, adhostoverride);
|
|
|
|
+ if (adhostoverride && strcmp(adhostoverride, notsetstr) != 0) {
|
|
|
|
+ printerr(1,
|
|
|
|
+ "AD host string overridden with \"%s\" from appdefaults\n",
|
|
|
|
+ adhostoverride);
|
|
|
|
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
|
|
|
|
+ strcpy(myhostad, adhostoverride);
|
|
|
|
} else {
|
|
|
|
- strcpy(myhostad, myhostname);
|
|
|
|
- for (i = 0; myhostad[i] != 0; ++i) {
|
|
|
|
- if (myhostad[i] == '.') break;
|
|
|
|
- }
|
|
|
|
- myhostad[i] = '$';
|
|
|
|
- myhostad[i+1] = 0;
|
|
|
|
+ /* In this case, it's been pre-filled above */
|
|
|
|
+ for (i = 0; myhostad[i] != 0; ++i) {
|
|
|
|
+ if (myhostad[i] == '.') break;
|
|
|
|
+ }
|
|
|
|
+ myhostad[i] = '$';
|
|
|
|
+ myhostad[i+1] = 0;
|
|
|
|
}
|
|
|
|
if (adhostoverride)
|
|
|
|
krb5_free_string(context, adhostoverride);
|
|
|
|
|
|
|
|
- if (!srchost) {
|
|
|
|
- retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
|
|
|
|
- if (retval) {
|
|
|
|
- /* Don't use myhostname */
|
|
|
|
- myhostname[0] = 0;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
code = krb5_get_default_realm(context, &default_realm);
|
|
|
|
if (code) {
|
|
|
|
retval = code;
|
|
|
|
@@ -927,7 +974,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
|
|
|
k5err = gssd_k5_err_msg(context, code);
|
|
|
|
printerr(1, "%s while building principal for '%s'\n",
|
|
|
|
k5err, spn);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
k5err = NULL;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
@@ -937,7 +984,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
|
|
|
k5err = gssd_k5_err_msg(context, code);
|
|
|
|
printerr(3, "%s while getting keytab entry for '%s'\n",
|
|
|
|
k5err, spn);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
k5err = NULL;
|
|
|
|
/*
|
|
|
|
* We tried the active directory machine account
|
|
|
|
@@ -986,7 +1033,7 @@ out:
|
|
|
|
k5_free_default_realm(context, default_realm);
|
|
|
|
if (realmnames)
|
|
|
|
krb5_free_host_realm(context, realmnames);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
+ free(k5err);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
|
|
|
@@ -1078,6 +1125,93 @@ err_cache:
|
|
|
|
return (*ret_princname && *ret_realm);
|
|
|
|
}
|
|
|
|
|
|
|
|
+/*
|
|
|
|
+ * Obtain (or refresh if necessary) Kerberos machine credentials
|
|
|
|
+ * If a ple is passed in, it's reference will be released
|
|
|
|
+ */
|
|
|
|
+static int
|
|
|
|
+gssd_refresh_krb5_machine_credential_internal(char *hostname,
|
|
|
|
+ struct gssd_k5_kt_princ *ple,
|
|
|
|
+ char *service, char *srchost)
|
|
|
|
+{
|
|
|
|
+ krb5_error_code code = 0;
|
|
|
|
+ krb5_context context;
|
|
|
|
+ krb5_keytab kt = NULL;;
|
|
|
|
+ int retval = 0;
|
|
|
|
+ char *k5err = NULL;
|
|
|
|
+ const char *svcnames[] = { "$", "root", "nfs", "host", NULL };
|
|
|
|
+
|
|
|
|
+ printerr(2, "%s: hostname=%s ple=%p service=%s srchost=%s\n",
|
|
|
|
+ __func__, hostname, ple, service, srchost);
|
|
|
|
+
|
|
|
|
+ /*
|
|
|
|
+ * If a specific service name was specified, use it.
|
|
|
|
+ * Otherwise, use the default list.
|
|
|
|
+ */
|
|
|
|
+ if (service != NULL && strcmp(service, "*") != 0) {
|
|
|
|
+ svcnames[0] = service;
|
|
|
|
+ svcnames[1] = NULL;
|
|
|
|
+ }
|
|
|
|
+ if (hostname == NULL && ple == NULL)
|
|
|
|
+ return EINVAL;
|
|
|
|
+
|
|
|
|
+ code = krb5_init_context(&context);
|
|
|
|
+ if (code) {
|
|
|
|
+ k5err = gssd_k5_err_msg(NULL, code);
|
|
|
|
+ printerr(0, "ERROR: %s: %s while initializing krb5 context\n",
|
|
|
|
+ __func__, k5err);
|
|
|
|
+ retval = code;
|
|
|
|
+ goto out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if ((code = krb5_kt_resolve(context, keytabfile, &kt))) {
|
|
|
|
+ k5err = gssd_k5_err_msg(context, code);
|
|
|
|
+ printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
|
|
|
|
+ __func__, k5err, keytabfile);
|
|
|
|
+ goto out_free_context;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (ple == NULL) {
|
|
|
|
+ krb5_keytab_entry kte;
|
|
|
|
+
|
|
|
|
+ code = find_keytab_entry(context, kt, srchost, hostname,
|
|
|
|
+ &kte, svcnames);
|
|
|
|
+ if (code) {
|
|
|
|
+ printerr(0, "ERROR: %s: no usable keytab entry found "
|
|
|
|
+ "in keytab %s for connection with host %s\n",
|
|
|
|
+ __FUNCTION__, keytabfile, hostname);
|
|
|
|
+ retval = code;
|
|
|
|
+ goto out_free_kt;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ ple = get_ple_by_princ(context, kte.principal);
|
|
|
|
+ k5_free_kt_entry(context, &kte);
|
|
|
|
+ if (ple == NULL) {
|
|
|
|
+ char *pname;
|
|
|
|
+ if ((krb5_unparse_name(context, kte.principal, &pname))) {
|
|
|
|
+ pname = NULL;
|
|
|
|
+ }
|
|
|
|
+ printerr(0, "ERROR: %s: Could not locate or create "
|
|
|
|
+ "ple struct for principal %s for connection "
|
|
|
|
+ "with host %s\n",
|
|
|
|
+ __FUNCTION__, pname ? pname : "<unparsable>",
|
|
|
|
+ hostname);
|
|
|
|
+ if (pname) k5_free_unparsed_name(context, pname);
|
|
|
|
+ goto out_free_kt;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ retval = gssd_get_single_krb5_cred(context, kt, ple);
|
|
|
|
+out_free_kt:
|
|
|
|
+ krb5_kt_close(context, kt);
|
|
|
|
+out_free_context:
|
|
|
|
+ if (ple)
|
|
|
|
+ release_ple(context, ple);
|
|
|
|
+ krb5_free_context(context);
|
|
|
|
+out:
|
|
|
|
+ free(k5err);
|
|
|
|
+ return retval;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
/*==========================*/
|
|
|
|
/*=== External routines ===*/
|
|
|
|
/*==========================*/
|
|
|
|
@@ -1092,7 +1226,8 @@ err_cache:
|
|
|
|
int
|
|
|
|
gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirpattern)
|
|
|
|
{
|
|
|
|
- char buf[PATH_MAX+2+256], dirname[PATH_MAX];
|
|
|
|
+ /* dirname + cctype + d_name + NULL */
|
|
|
|
+ char buf[PATH_MAX+5+256+1], dirname[PATH_MAX];
|
|
|
|
const char *cctype;
|
|
|
|
struct dirent *d;
|
|
|
|
int err, i, j;
|
|
|
|
@@ -1171,37 +1306,56 @@ gssd_get_krb5_machine_cred_list(char ***list)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
- /* Need to serialize list if we ever become multi-threaded! */
|
|
|
|
-
|
|
|
|
+ pthread_mutex_lock(&ple_lock);
|
|
|
|
for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) {
|
|
|
|
- if (ple->ccname) {
|
|
|
|
- /* Make sure cred is up-to-date before returning it */
|
|
|
|
- retval = gssd_refresh_krb5_machine_credential(NULL, ple,
|
|
|
|
- NULL, NULL);
|
|
|
|
- if (retval)
|
|
|
|
- continue;
|
|
|
|
- if (i + 1 > listsize) {
|
|
|
|
- listsize += listinc;
|
|
|
|
- l = (char **)
|
|
|
|
- realloc(l, listsize * sizeof(char *));
|
|
|
|
- if (l == NULL) {
|
|
|
|
- retval = ENOMEM;
|
|
|
|
- goto out;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
- if ((l[i++] = strdup(ple->ccname)) == NULL) {
|
|
|
|
+ if (!ple->ccname)
|
|
|
|
+ continue;
|
|
|
|
+
|
|
|
|
+ /* Take advantage of the fact we only remove the ple
|
|
|
|
+ * from the list during shutdown. If it's modified
|
|
|
|
+ * concurrently at worst we'll just miss a new entry
|
|
|
|
+ * before the current ple
|
|
|
|
+ *
|
|
|
|
+ * gssd_refresh_krb5_machine_credential_internal() will
|
|
|
|
+ * release the ple refcount
|
|
|
|
+ */
|
|
|
|
+ ple->refcount++;
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
+ /* Make sure cred is up-to-date before returning it */
|
|
|
|
+ retval = gssd_refresh_krb5_machine_credential_internal(NULL, ple,
|
|
|
|
+ NULL, NULL);
|
|
|
|
+ pthread_mutex_lock(&ple_lock);
|
|
|
|
+ if (gssd_k5_kt_princ_list == NULL) {
|
|
|
|
+ /* Looks like we did shutdown... abort */
|
|
|
|
+ l[i] = NULL;
|
|
|
|
+ gssd_free_krb5_machine_cred_list(l);
|
|
|
|
+ retval = ENOMEM;
|
|
|
|
+ goto out_lock;
|
|
|
|
+ }
|
|
|
|
+ if (retval)
|
|
|
|
+ continue;
|
|
|
|
+ if (i + 1 > listsize) {
|
|
|
|
+ listsize += listinc;
|
|
|
|
+ l = (char **)
|
|
|
|
+ realloc(l, listsize * sizeof(char *));
|
|
|
|
+ if (l == NULL) {
|
|
|
|
retval = ENOMEM;
|
|
|
|
- goto out;
|
|
|
|
+ goto out_lock;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
+ if ((l[i++] = strdup(ple->ccname)) == NULL) {
|
|
|
|
+ retval = ENOMEM;
|
|
|
|
+ goto out_lock;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
if (i > 0) {
|
|
|
|
l[i] = NULL;
|
|
|
|
*list = l;
|
|
|
|
retval = 0;
|
|
|
|
- goto out;
|
|
|
|
} else
|
|
|
|
free((void *)l);
|
|
|
|
+out_lock:
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
out:
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
@@ -1226,7 +1380,7 @@ gssd_free_krb5_machine_cred_list(char **list)
|
|
|
|
* Called upon exit. Destroys machine credentials.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
-gssd_destroy_krb5_machine_creds(void)
|
|
|
|
+gssd_destroy_krb5_principals(int destroy_machine_creds)
|
|
|
|
{
|
|
|
|
krb5_context context;
|
|
|
|
krb5_error_code code = 0;
|
|
|
|
@@ -1238,33 +1392,38 @@ gssd_destroy_krb5_machine_creds(void)
|
|
|
|
if (code) {
|
|
|
|
k5err = gssd_k5_err_msg(NULL, code);
|
|
|
|
printerr(0, "ERROR: %s while initializing krb5\n", k5err);
|
|
|
|
- goto out;
|
|
|
|
+ free(k5err);
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
|
|
|
|
- for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) {
|
|
|
|
- if (!ple->ccname)
|
|
|
|
- continue;
|
|
|
|
- if ((code = krb5_cc_resolve(context, ple->ccname, &ccache))) {
|
|
|
|
- k5err = gssd_k5_err_msg(context, code);
|
|
|
|
- printerr(0, "WARNING: %s while resolving credential "
|
|
|
|
- "cache '%s' for destruction\n", k5err,
|
|
|
|
- ple->ccname);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
- k5err = NULL;
|
|
|
|
- continue;
|
|
|
|
- }
|
|
|
|
+ pthread_mutex_lock(&ple_lock);
|
|
|
|
+ while (gssd_k5_kt_princ_list) {
|
|
|
|
+ ple = gssd_k5_kt_princ_list;
|
|
|
|
+ gssd_k5_kt_princ_list = ple->next;
|
|
|
|
|
|
|
|
- if ((code = krb5_cc_destroy(context, ccache))) {
|
|
|
|
- k5err = gssd_k5_err_msg(context, code);
|
|
|
|
- printerr(0, "WARNING: %s while destroying credential "
|
|
|
|
- "cache '%s'\n", k5err, ple->ccname);
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
- k5err = NULL;
|
|
|
|
+ if (destroy_machine_creds && ple->ccname) {
|
|
|
|
+ if ((code = krb5_cc_resolve(context, ple->ccname, &ccache))) {
|
|
|
|
+ k5err = gssd_k5_err_msg(context, code);
|
|
|
|
+ printerr(0, "WARNING: %s while resolving credential "
|
|
|
|
+ "cache '%s' for destruction\n", k5err,
|
|
|
|
+ ple->ccname);
|
|
|
|
+ free(k5err);
|
|
|
|
+ k5err = NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (!code && (code = krb5_cc_destroy(context, ccache))) {
|
|
|
|
+ k5err = gssd_k5_err_msg(context, code);
|
|
|
|
+ printerr(0, "WARNING: %s while destroying credential "
|
|
|
|
+ "cache '%s'\n", k5err, ple->ccname);
|
|
|
|
+ free(k5err);
|
|
|
|
+ k5err = NULL;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
+
|
|
|
|
+ release_ple(context, ple);
|
|
|
|
}
|
|
|
|
+ pthread_mutex_unlock(&ple_lock);
|
|
|
|
krb5_free_context(context);
|
|
|
|
- out:
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
@@ -1272,83 +1431,10 @@ gssd_destroy_krb5_machine_creds(void)
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
gssd_refresh_krb5_machine_credential(char *hostname,
|
|
|
|
- struct gssd_k5_kt_princ *ple,
|
|
|
|
char *service, char *srchost)
|
|
|
|
{
|
|
|
|
- krb5_error_code code = 0;
|
|
|
|
- krb5_context context;
|
|
|
|
- krb5_keytab kt = NULL;;
|
|
|
|
- int retval = 0;
|
|
|
|
- char *k5err = NULL;
|
|
|
|
- const char *svcnames[] = { "$", "root", "nfs", "host", NULL };
|
|
|
|
-
|
|
|
|
- printerr(2, "%s: hostname=%s ple=%p service=%s srchost=%s\n",
|
|
|
|
- __func__, hostname, ple, service, srchost);
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * If a specific service name was specified, use it.
|
|
|
|
- * Otherwise, use the default list.
|
|
|
|
- */
|
|
|
|
- if (service != NULL && strcmp(service, "*") != 0) {
|
|
|
|
- svcnames[0] = service;
|
|
|
|
- svcnames[1] = NULL;
|
|
|
|
- }
|
|
|
|
- if (hostname == NULL && ple == NULL)
|
|
|
|
- return EINVAL;
|
|
|
|
-
|
|
|
|
- code = krb5_init_context(&context);
|
|
|
|
- if (code) {
|
|
|
|
- k5err = gssd_k5_err_msg(NULL, code);
|
|
|
|
- printerr(0, "ERROR: %s: %s while initializing krb5 context\n",
|
|
|
|
- __func__, k5err);
|
|
|
|
- retval = code;
|
|
|
|
- goto out;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- if ((code = krb5_kt_resolve(context, keytabfile, &kt))) {
|
|
|
|
- k5err = gssd_k5_err_msg(context, code);
|
|
|
|
- printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
|
|
|
|
- __func__, k5err, keytabfile);
|
|
|
|
- goto out_free_context;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- if (ple == NULL) {
|
|
|
|
- krb5_keytab_entry kte;
|
|
|
|
-
|
|
|
|
- code = find_keytab_entry(context, kt, srchost, hostname,
|
|
|
|
- &kte, svcnames);
|
|
|
|
- if (code) {
|
|
|
|
- printerr(0, "ERROR: %s: no usable keytab entry found "
|
|
|
|
- "in keytab %s for connection with host %s\n",
|
|
|
|
- __FUNCTION__, keytabfile, hostname);
|
|
|
|
- retval = code;
|
|
|
|
- goto out_free_kt;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- ple = get_ple_by_princ(context, kte.principal);
|
|
|
|
- k5_free_kt_entry(context, &kte);
|
|
|
|
- if (ple == NULL) {
|
|
|
|
- char *pname;
|
|
|
|
- if ((krb5_unparse_name(context, kte.principal, &pname))) {
|
|
|
|
- pname = NULL;
|
|
|
|
- }
|
|
|
|
- printerr(0, "ERROR: %s: Could not locate or create "
|
|
|
|
- "ple struct for principal %s for connection "
|
|
|
|
- "with host %s\n",
|
|
|
|
- __FUNCTION__, pname ? pname : "<unparsable>",
|
|
|
|
- hostname);
|
|
|
|
- if (pname) k5_free_unparsed_name(context, pname);
|
|
|
|
- goto out_free_kt;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
- retval = gssd_get_single_krb5_cred(context, kt, ple, 0);
|
|
|
|
-out_free_kt:
|
|
|
|
- krb5_kt_close(context, kt);
|
|
|
|
-out_free_context:
|
|
|
|
- krb5_free_context(context);
|
|
|
|
-out:
|
|
|
|
- krb5_free_string(context, k5err);
|
|
|
|
- return retval;
|
|
|
|
+ return gssd_refresh_krb5_machine_credential_internal(hostname, NULL,
|
|
|
|
+ service, srchost);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
|
|
|
index b000b44..2415205 100644
|
|
|
|
--- a/utils/gssd/krb5_util.h
|
|
|
|
+++ b/utils/gssd/krb5_util.h
|
|
|
|
@@ -9,27 +9,13 @@
|
|
|
|
#include "gss_oids.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
-/*
|
|
|
|
- * List of principals from our keytab that we
|
|
|
|
- * will try to use to obtain credentials
|
|
|
|
- * (known as a principal list entry (ple))
|
|
|
|
- */
|
|
|
|
-struct gssd_k5_kt_princ {
|
|
|
|
- struct gssd_k5_kt_princ *next;
|
|
|
|
- krb5_principal princ;
|
|
|
|
- char *ccname;
|
|
|
|
- char *realm;
|
|
|
|
- krb5_timestamp endtime;
|
|
|
|
-};
|
|
|
|
-
|
|
|
|
|
|
|
|
int gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername,
|
|
|
|
char *dirname);
|
|
|
|
int gssd_get_krb5_machine_cred_list(char ***list);
|
|
|
|
void gssd_free_krb5_machine_cred_list(char **list);
|
|
|
|
-void gssd_destroy_krb5_machine_creds(void);
|
|
|
|
+void gssd_destroy_krb5_principals(int destroy_machine_creds);
|
|
|
|
int gssd_refresh_krb5_machine_credential(char *hostname,
|
|
|
|
- struct gssd_k5_kt_princ *ple,
|
|
|
|
char *service, char *srchost);
|
|
|
|
char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
|
|
|
|
void gssd_k5_get_default_realm(char **def_realm);
|
|
|
|
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
|
|
|
|
index ec49b61..3ab2100 100644
|
|
|
|
--- a/utils/gssd/svcgssd.c
|
|
|
|
+++ b/utils/gssd/svcgssd.c
|
|
|
|
@@ -57,20 +57,36 @@
|
|
|
|
#include <string.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <nfsidmap.h>
|
|
|
|
+#include <event2/event.h>
|
|
|
|
+
|
|
|
|
#include "nfslib.h"
|
|
|
|
#include "svcgssd.h"
|
|
|
|
#include "gss_util.h"
|
|
|
|
#include "err_util.h"
|
|
|
|
#include "conffile.h"
|
|
|
|
+#include "misc.h"
|
|
|
|
+#include "svcgssd_krb5.h"
|
|
|
|
+
|
|
|
|
+struct state_paths etab; /* from cacheio.c */
|
|
|
|
+static bool signal_received = false;
|
|
|
|
+static struct event_base *evbase = NULL;
|
|
|
|
+static int nullrpc_fd = -1;
|
|
|
|
+static struct event *nullrpc_event = NULL;
|
|
|
|
+static struct event *wait_event = NULL;
|
|
|
|
|
|
|
|
-struct state_paths etab;
|
|
|
|
+#define NULLRPC_FILE "/proc/net/rpc/auth.rpcsec.init/channel"
|
|
|
|
|
|
|
|
static void
|
|
|
|
sig_die(int signal)
|
|
|
|
{
|
|
|
|
- /* destroy krb5 machine creds */
|
|
|
|
+ if (signal_received) {
|
|
|
|
+ /* destroy krb5 machine creds */
|
|
|
|
+ printerr(1, "forced exiting on signal %d\n", signal);
|
|
|
|
+ exit(0);
|
|
|
|
+ }
|
|
|
|
+ signal_received = true;
|
|
|
|
printerr(1, "exiting on signal %d\n", signal);
|
|
|
|
- exit(0);
|
|
|
|
+ event_base_loopexit(evbase, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
@@ -89,6 +105,84 @@ usage(char *progname)
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
+static void
|
|
|
|
+svcgssd_nullrpc_cb(int fd, short UNUSED(which), void *UNUSED(data))
|
|
|
|
+{
|
|
|
|
+ char lbuf[RPC_CHAN_BUF_SIZE];
|
|
|
|
+ int lbuflen = 0;
|
|
|
|
+
|
|
|
|
+ printerr(1, "reading null request\n");
|
|
|
|
+
|
|
|
|
+ lbuflen = read(fd, lbuf, sizeof(lbuf));
|
|
|
|
+ if (lbuflen <= 0 || lbuf[lbuflen-1] != '\n') {
|
|
|
|
+ printerr(0, "WARNING: handle_nullreq: failed reading request\n");
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+ lbuf[lbuflen-1] = 0;
|
|
|
|
+
|
|
|
|
+ handle_nullreq(lbuf);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+svcgssd_nullrpc_close(void)
|
|
|
|
+{
|
|
|
|
+ if (nullrpc_event) {
|
|
|
|
+ printerr(2, "closing nullrpc channel %s\n", NULLRPC_FILE);
|
|
|
|
+ event_free(nullrpc_event);
|
|
|
|
+ nullrpc_event = NULL;
|
|
|
|
+ }
|
|
|
|
+ if (nullrpc_fd != -1) {
|
|
|
|
+ close(nullrpc_fd);
|
|
|
|
+ nullrpc_fd = -1;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+svcgssd_nullrpc_open(void)
|
|
|
|
+{
|
|
|
|
+ nullrpc_fd = open(NULLRPC_FILE, O_RDWR);
|
|
|
|
+ if (nullrpc_fd < 0) {
|
|
|
|
+ printerr(0, "failed to open %s: %s\n",
|
|
|
|
+ NULLRPC_FILE, strerror(errno));
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+ nullrpc_event = event_new(evbase, nullrpc_fd, EV_READ | EV_PERSIST,
|
|
|
|
+ svcgssd_nullrpc_cb, NULL);
|
|
|
|
+ if (!nullrpc_event) {
|
|
|
|
+ printerr(0, "failed to create event for %s: %s\n",
|
|
|
|
+ NULLRPC_FILE, strerror(errno));
|
|
|
|
+ close(nullrpc_fd);
|
|
|
|
+ nullrpc_fd = -1;
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+ event_add(nullrpc_event, NULL);
|
|
|
|
+ printerr(2, "opened nullrpc channel %s\n", NULLRPC_FILE);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+svcgssd_wait_cb(int UNUSED(fd), short UNUSED(which), void *UNUSED(data))
|
|
|
|
+{
|
|
|
|
+ static int times = 0;
|
|
|
|
+ int rc;
|
|
|
|
+
|
|
|
|
+ rc = access(NULLRPC_FILE, R_OK | W_OK);
|
|
|
|
+ if (rc != 0) {
|
|
|
|
+ struct timeval t = {times < 10 ? 1 : 10, 0};
|
|
|
|
+ times++;
|
|
|
|
+ if (times % 30 == 0)
|
|
|
|
+ printerr(2, "still waiting for nullrpc channel: %s\n",
|
|
|
|
+ NULLRPC_FILE);
|
|
|
|
+ evtimer_add(wait_event, &t);
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ svcgssd_nullrpc_open();
|
|
|
|
+ event_free(wait_event);
|
|
|
|
+ wait_event = NULL;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
@@ -102,6 +196,7 @@ main(int argc, char *argv[])
|
|
|
|
char *progname;
|
|
|
|
char *principal = NULL;
|
|
|
|
char *s;
|
|
|
|
+ int rc;
|
|
|
|
|
|
|
|
conf_init_file(NFS_CONFFILE);
|
|
|
|
|
|
|
|
@@ -117,6 +212,9 @@ main(int argc, char *argv[])
|
|
|
|
rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
|
|
|
|
idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
|
|
|
|
|
|
|
|
+ /* We don't need the config anymore */
|
|
|
|
+ conf_cleanup();
|
|
|
|
+
|
|
|
|
while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
|
|
|
|
switch (opt) {
|
|
|
|
case 'f':
|
|
|
|
@@ -182,6 +280,12 @@ main(int argc, char *argv[])
|
|
|
|
|
|
|
|
daemon_init(fg);
|
|
|
|
|
|
|
|
+ evbase = event_base_new();
|
|
|
|
+ if (!evbase) {
|
|
|
|
+ printerr(0, "ERROR: failed to create event base: %s\n", strerror(errno));
|
|
|
|
+ exit(EXIT_FAILURE);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
signal(SIGINT, sig_die);
|
|
|
|
signal(SIGTERM, sig_die);
|
|
|
|
signal(SIGHUP, sig_hup);
|
|
|
|
@@ -209,10 +313,37 @@ main(int argc, char *argv[])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
+ svcgssd_nullrpc_open();
|
|
|
|
+ if (!nullrpc_event) {
|
|
|
|
+ struct timeval t = {1, 0};
|
|
|
|
+
|
|
|
|
+ printerr(2, "waiting for nullrpc channel to appear\n");
|
|
|
|
+ wait_event = evtimer_new(evbase, svcgssd_wait_cb, NULL);
|
|
|
|
+ if (!wait_event) {
|
|
|
|
+ printerr(0, "ERROR: failed to create wait event: %s\n",
|
|
|
|
+ strerror(errno));
|
|
|
|
+ exit(EXIT_FAILURE);
|
|
|
|
+ }
|
|
|
|
+ evtimer_add(wait_event, &t);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
daemon_ready();
|
|
|
|
|
|
|
|
nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
|
|
|
|
- gssd_run();
|
|
|
|
- printerr(0, "gssd_run returned!\n");
|
|
|
|
- abort();
|
|
|
|
+
|
|
|
|
+ rc = event_base_dispatch(evbase);
|
|
|
|
+ if (rc < 0)
|
|
|
|
+ printerr(0, "event_base_dispatch() returned %i!\n", rc);
|
|
|
|
+
|
|
|
|
+ svcgssd_nullrpc_close();
|
|
|
|
+ if (wait_event)
|
|
|
|
+ event_free(wait_event);
|
|
|
|
+
|
|
|
|
+ event_base_free(evbase);
|
|
|
|
+
|
|
|
|
+ nfs4_term_name_mapping();
|
|
|
|
+ svcgssd_free_enctypes();
|
|
|
|
+ gssd_cleanup();
|
|
|
|
+
|
|
|
|
+ return EXIT_SUCCESS;
|
|
|
|
}
|
|
|
|
diff --git a/utils/gssd/svcgssd.h b/utils/gssd/svcgssd.h
|
|
|
|
index 02b5c7a..e229b98 100644
|
|
|
|
--- a/utils/gssd/svcgssd.h
|
|
|
|
+++ b/utils/gssd/svcgssd.h
|
|
|
|
@@ -35,8 +35,7 @@
|
|
|
|
#include <sys/queue.h>
|
|
|
|
#include <gssapi/gssapi.h>
|
|
|
|
|
|
|
|
-void handle_nullreq(int f);
|
|
|
|
-void gssd_run(void);
|
|
|
|
+void handle_nullreq(char *cp);
|
|
|
|
|
|
|
|
#define GSSD_SERVICE_NAME "nfs"
|
|
|
|
|
|
|
|
diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
|
|
|
|
index 1d44d34..305d475 100644
|
|
|
|
--- a/utils/gssd/svcgssd_krb5.c
|
|
|
|
+++ b/utils/gssd/svcgssd_krb5.c
|
|
|
|
@@ -74,13 +74,7 @@ parse_enctypes(char *enctypes)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Free any existing cached_enctypes */
|
|
|
|
- free(cached_enctypes);
|
|
|
|
-
|
|
|
|
- if (parsed_enctypes != NULL) {
|
|
|
|
- free(parsed_enctypes);
|
|
|
|
- parsed_enctypes = NULL;
|
|
|
|
- parsed_num_enctypes = 0;
|
|
|
|
- }
|
|
|
|
+ svcgssd_free_enctypes();
|
|
|
|
|
|
|
|
/* count the number of commas */
|
|
|
|
for (curr = enctypes; curr && *curr != '\0'; curr = ++comma) {
|
|
|
|
@@ -162,6 +156,19 @@ out_clean_parsed:
|
|
|
|
/*=== External routines ===*/
|
|
|
|
/*==========================*/
|
|
|
|
|
|
|
|
+void
|
|
|
|
+svcgssd_free_enctypes(void)
|
|
|
|
+{
|
|
|
|
+ free(cached_enctypes);
|
|
|
|
+ cached_enctypes = NULL;
|
|
|
|
+
|
|
|
|
+ if (parsed_enctypes != NULL) {
|
|
|
|
+ free(parsed_enctypes);
|
|
|
|
+ parsed_enctypes = NULL;
|
|
|
|
+ parsed_num_enctypes = 0;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
/*
|
|
|
|
* Get encryption types supported by the kernel, and then
|
|
|
|
* call gss_krb5_set_allowable_enctypes() to limit the
|
|
|
|
diff --git a/utils/gssd/svcgssd_krb5.h b/utils/gssd/svcgssd_krb5.h
|
|
|
|
index 07d5eb9..78a90e9 100644
|
|
|
|
--- a/utils/gssd/svcgssd_krb5.h
|
|
|
|
+++ b/utils/gssd/svcgssd_krb5.h
|
|
|
|
@@ -32,5 +32,6 @@
|
|
|
|
#define SVCGSSD_KRB5_H
|
|
|
|
|
|
|
|
int svcgssd_limit_krb5_enctypes(void);
|
|
|
|
+void svcgssd_free_enctypes(void);
|
|
|
|
|
|
|
|
#endif /* SVCGSSD_KRB5_H */
|
|
|
|
diff --git a/utils/gssd/svcgssd_main_loop.c b/utils/gssd/svcgssd_main_loop.c
|
|
|
|
deleted file mode 100644
|
|
|
|
index 920520d..0000000
|
|
|
|
--- a/utils/gssd/svcgssd_main_loop.c
|
|
|
|
+++ /dev/null
|
|
|
|
@@ -1,94 +0,0 @@
|
|
|
|
-/*
|
|
|
|
- Copyright (c) 2004 The Regents of the University of Michigan.
|
|
|
|
- All rights reserved.
|
|
|
|
-
|
|
|
|
- Redistribution and use in source and binary forms, with or without
|
|
|
|
- modification, are permitted provided that the following conditions
|
|
|
|
- are met:
|
|
|
|
-
|
|
|
|
- 1. Redistributions of source code must retain the above copyright
|
|
|
|
- notice, this list of conditions and the following disclaimer.
|
|
|
|
- 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
- notice, this list of conditions and the following disclaimer in the
|
|
|
|
- documentation and/or other materials provided with the distribution.
|
|
|
|
- 3. Neither the name of the University nor the names of its
|
|
|
|
- contributors may be used to endorse or promote products derived
|
|
|
|
- from this software without specific prior written permission.
|
|
|
|
-
|
|
|
|
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
|
|
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
|
|
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
-*/
|
|
|
|
-
|
|
|
|
-#ifdef HAVE_CONFIG_H
|
|
|
|
-#include <config.h>
|
|
|
|
-#endif /* HAVE_CONFIG_H */
|
|
|
|
-
|
|
|
|
-#include <sys/param.h>
|
|
|
|
-#include <sys/socket.h>
|
|
|
|
-#include <poll.h>
|
|
|
|
-#include <sys/types.h>
|
|
|
|
-#include <sys/stat.h>
|
|
|
|
-#include <netinet/in.h>
|
|
|
|
-
|
|
|
|
-#include <stdio.h>
|
|
|
|
-#include <stdlib.h>
|
|
|
|
-#include <string.h>
|
|
|
|
-#include <memory.h>
|
|
|
|
-#include <fcntl.h>
|
|
|
|
-#include <errno.h>
|
|
|
|
-#include <unistd.h>
|
|
|
|
-
|
|
|
|
-#include "svcgssd.h"
|
|
|
|
-#include "err_util.h"
|
|
|
|
-
|
|
|
|
-void
|
|
|
|
-gssd_run()
|
|
|
|
-{
|
|
|
|
- int ret;
|
|
|
|
- int f;
|
|
|
|
- struct pollfd pollfd;
|
|
|
|
-
|
|
|
|
-#define NULLRPC_FILE "/proc/net/rpc/auth.rpcsec.init/channel"
|
|
|
|
-
|
|
|
|
- f = open(NULLRPC_FILE, O_RDWR);
|
|
|
|
- if (f < 0) {
|
|
|
|
- printerr(0, "failed to open %s: %s\n",
|
|
|
|
- NULLRPC_FILE, strerror(errno));
|
|
|
|
- exit(1);
|
|
|
|
- }
|
|
|
|
- pollfd.fd = f;
|
|
|
|
- pollfd.events = POLLIN;
|
|
|
|
- while (1) {
|
|
|
|
- int save_err;
|
|
|
|
-
|
|
|
|
- pollfd.revents = 0;
|
|
|
|
- printerr(1, "entering poll\n");
|
|
|
|
- ret = poll(&pollfd, 1, -1);
|
|
|
|
- save_err = errno;
|
|
|
|
- printerr(1, "leaving poll\n");
|
|
|
|
- if (ret < 0) {
|
|
|
|
- if (save_err != EINTR)
|
|
|
|
- printerr(0, "error return from poll: %s\n",
|
|
|
|
- strerror(save_err));
|
|
|
|
- } else if (ret == 0) {
|
|
|
|
- /* timeout; shouldn't happen. */
|
|
|
|
- } else {
|
|
|
|
- if (ret != 1) {
|
|
|
|
- printerr(0, "bug: unexpected poll return %d\n",
|
|
|
|
- ret);
|
|
|
|
- exit(1);
|
|
|
|
- }
|
|
|
|
- if (pollfd.revents & POLLIN)
|
|
|
|
- handle_nullreq(f);
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
-}
|
|
|
|
diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
|
|
|
|
index 72ec254..b403143 100644
|
|
|
|
--- a/utils/gssd/svcgssd_proc.c
|
|
|
|
+++ b/utils/gssd/svcgssd_proc.c
|
|
|
|
@@ -318,7 +318,7 @@ print_hexl(const char *description, unsigned char *cp, int length)
|
|
|
|
#endif
|
|
|
|
|
|
|
|
void
|
|
|
|
-handle_nullreq(int f) {
|
|
|
|
+handle_nullreq(char *cp) {
|
|
|
|
/* XXX initialize to a random integer to reduce chances of unnecessary
|
|
|
|
* invalidation of existing ctx's on restarting svcgssd. */
|
|
|
|
static u_int32_t handle_seq = 0;
|
|
|
|
@@ -340,24 +340,11 @@ handle_nullreq(int f) {
|
|
|
|
u_int32_t maj_stat = GSS_S_FAILURE, min_stat = 0;
|
|
|
|
u_int32_t ignore_min_stat;
|
|
|
|
struct svc_cred cred;
|
|
|
|
- char lbuf[RPC_CHAN_BUF_SIZE];
|
|
|
|
- int lbuflen = 0;
|
|
|
|
- char *cp;
|
|
|
|
int32_t ctx_endtime;
|
|
|
|
char *hostbased_name = NULL;
|
|
|
|
|
|
|
|
printerr(1, "handling null request\n");
|
|
|
|
|
|
|
|
- lbuflen = read(f, lbuf, sizeof(lbuf));
|
|
|
|
- if (lbuflen <= 0 || lbuf[lbuflen-1] != '\n') {
|
|
|
|
- printerr(0, "WARNING: handle_nullreq: "
|
|
|
|
- "failed reading request\n");
|
|
|
|
- return;
|
|
|
|
- }
|
|
|
|
- lbuf[lbuflen-1] = 0;
|
|
|
|
-
|
|
|
|
- cp = lbuf;
|
|
|
|
-
|
|
|
|
in_handle.length = (size_t) qword_get(&cp, in_handle.value,
|
|
|
|
sizeof(in_handle_buf));
|
|
|
|
#ifdef DEBUG
|
|
|
|
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
|
2020-08-31 15:25:10 +00:00
|
|
|
index 893159f..f3d2314 100644
|
2020-08-04 13:38:56 +00:00
|
|
|
--- a/utils/idmapd/idmapd.c
|
|
|
|
+++ b/utils/idmapd/idmapd.c
|
|
|
|
@@ -49,7 +49,7 @@
|
|
|
|
|
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
|
|
|
-#include <event.h>
|
|
|
|
+#include <event2/event.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <dirent.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
@@ -115,7 +115,7 @@ struct idmap_client {
|
|
|
|
int ic_fd;
|
|
|
|
int ic_dirfd;
|
|
|
|
int ic_scanned;
|
|
|
|
- struct event ic_event;
|
|
|
|
+ struct event *ic_event;
|
|
|
|
TAILQ_ENTRY(idmap_client) ic_next;
|
|
|
|
};
|
|
|
|
static struct idmap_client nfsd_ic[2] = {
|
|
|
|
@@ -155,6 +155,7 @@ static void idtonameres(struct idmap_msg *);
|
|
|
|
static void nametoidres(struct idmap_msg *);
|
|
|
|
|
|
|
|
static int nfsdopen(void);
|
|
|
|
+static void nfsdclose(void);
|
|
|
|
static int nfsdopenone(struct idmap_client *);
|
|
|
|
static void nfsdreopen_one(struct idmap_client *);
|
|
|
|
static void nfsdreopen(void);
|
|
|
|
@@ -166,6 +167,22 @@ static char pipefsdir[PATH_MAX];
|
|
|
|
static char *nobodyuser, *nobodygroup;
|
|
|
|
static uid_t nobodyuid;
|
|
|
|
static gid_t nobodygid;
|
|
|
|
+static struct event_base *evbase = NULL;
|
|
|
|
+static bool signal_received = false;
|
|
|
|
+static int inotify_fd = -1;
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+sig_die(int signal)
|
|
|
|
+{
|
|
|
|
+ if (signal_received) {
|
|
|
|
+ xlog_warn("forced exiting on signal %d\n", signal);
|
|
|
|
+ exit(0);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ signal_received = true;
|
|
|
|
+ xlog_warn("exiting on signal %d\n", signal);
|
|
|
|
+ event_base_loopexit(evbase, NULL);
|
|
|
|
+}
|
|
|
|
|
|
|
|
static int
|
|
|
|
flush_nfsd_cache(char *path, time_t now)
|
|
|
|
@@ -209,14 +226,14 @@ main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
int wd = -1, opt, fg = 0, nfsdret = -1;
|
|
|
|
struct idmap_clientq icq;
|
|
|
|
- struct event rootdirev, clntdirev, svrdirev, inotifyev;
|
|
|
|
- struct event initialize;
|
|
|
|
+ struct event *rootdirev = NULL, *clntdirev = NULL,
|
|
|
|
+ *svrdirev = NULL, *inotifyev = NULL;
|
|
|
|
+ struct event *initialize = NULL;
|
|
|
|
struct passwd *pw;
|
|
|
|
struct group *gr;
|
|
|
|
struct stat sb;
|
|
|
|
char *xpipefsdir = NULL;
|
|
|
|
int serverstart = 1, clientstart = 1;
|
|
|
|
- int inotify_fd;
|
|
|
|
int ret;
|
|
|
|
char *progname;
|
|
|
|
char *conf_path = NULL;
|
|
|
|
@@ -289,6 +306,9 @@ main(int argc, char **argv)
|
|
|
|
serverstart = 0;
|
|
|
|
}
|
|
|
|
|
2020-08-31 15:25:10 +00:00
|
|
|
+ /* Config memory is no longer needed */
|
2020-08-04 13:38:56 +00:00
|
|
|
+ conf_cleanup();
|
|
|
|
+
|
|
|
|
while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
|
|
|
|
switch (opt) {
|
|
|
|
case 'v':
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -341,9 +361,11 @@ main(int argc, char **argv)
|
2020-08-04 13:38:56 +00:00
|
|
|
if (nfs4_init_name_mapping(conf_path))
|
|
|
|
errx(1, "Unable to create name to user id mappings.");
|
|
|
|
|
|
|
|
- event_init();
|
|
|
|
+ evbase = event_base_new();
|
|
|
|
+ if (evbase == NULL)
|
|
|
|
+ errx(1, "Failed to create event base.");
|
|
|
|
|
2020-08-31 15:25:10 +00:00
|
|
|
- if (verbose > 0)
|
|
|
|
+ if (verbose > 1)
|
2020-08-04 13:38:56 +00:00
|
|
|
xlog_warn("Expiration time is %d seconds.",
|
2020-08-31 15:25:10 +00:00
|
|
|
cache_entry_expiration);
|
|
|
|
if (serverstart) {
|
2020-08-04 13:38:56 +00:00
|
|
|
@@ -388,30 +410,44 @@ main(int argc, char **argv)
|
|
|
|
if (inotify_fd == -1) {
|
|
|
|
xlog_err("Unable to initialise inotify_init1: %s\n", strerror(errno));
|
|
|
|
} else {
|
|
|
|
- wd = inotify_add_watch(inotify_fd, pipefsdir, IN_CREATE | IN_DELETE | IN_MODIFY);
|
|
|
|
+ wd = inotify_add_watch(inotify_fd, pipefsdir, IN_CREATE | IN_DELETE);
|
|
|
|
if (wd < 0)
|
|
|
|
xlog_err("Unable to inotify_add_watch(%s): %s\n", pipefsdir, strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
TAILQ_INIT(&icq);
|
|
|
|
|
|
|
|
+ signal(SIGINT, sig_die);
|
|
|
|
+ signal(SIGTERM, sig_die);
|
|
|
|
+
|
|
|
|
/* These events are persistent */
|
|
|
|
- signal_set(&rootdirev, SIGUSR1, dirscancb, &icq);
|
|
|
|
- signal_add(&rootdirev, NULL);
|
|
|
|
- signal_set(&clntdirev, SIGUSR2, clntscancb, &icq);
|
|
|
|
- signal_add(&clntdirev, NULL);
|
|
|
|
- signal_set(&svrdirev, SIGHUP, svrreopen, NULL);
|
|
|
|
- signal_add(&svrdirev, NULL);
|
|
|
|
+ rootdirev = evsignal_new(evbase, SIGUSR1, dirscancb, &icq);
|
|
|
|
+ if (rootdirev == NULL)
|
|
|
|
+ errx(1, "Failed to create SIGUSR1 event.");
|
|
|
|
+ evsignal_add(rootdirev, NULL);
|
|
|
|
+ clntdirev = evsignal_new(evbase, SIGUSR2, clntscancb, &icq);
|
|
|
|
+ if (clntdirev == NULL)
|
|
|
|
+ errx(1, "Failed to create SIGUSR2 event.");
|
|
|
|
+ evsignal_add(clntdirev, NULL);
|
|
|
|
+ svrdirev = evsignal_new(evbase, SIGHUP, svrreopen, NULL);
|
|
|
|
+ if (svrdirev == NULL)
|
|
|
|
+ errx(1, "Failed to create SIGHUP event.");
|
|
|
|
+ evsignal_add(svrdirev, NULL);
|
|
|
|
if ( wd >= 0) {
|
|
|
|
- event_set(&inotifyev, inotify_fd, EV_READ, dirscancb, &icq);
|
|
|
|
- event_add(&inotifyev, NULL);
|
|
|
|
+ inotifyev = event_new(evbase, inotify_fd,
|
|
|
|
+ EV_READ | EV_PERSIST, dirscancb, &icq);
|
|
|
|
+ if (inotifyev == NULL)
|
|
|
|
+ errx(1, "Failed to create inotify read event.");
|
|
|
|
+ event_add(inotifyev, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Fetch current state */
|
|
|
|
/* (Delay till start of event_dispatch to avoid possibly losing
|
|
|
|
* a SIGUSR1 between here and the call to event_dispatch().) */
|
|
|
|
- evtimer_set(&initialize, dirscancb, &icq);
|
|
|
|
- evtimer_add(&initialize, &now);
|
|
|
|
+ initialize = evtimer_new(evbase, dirscancb, &icq);
|
|
|
|
+ if (initialize == NULL)
|
|
|
|
+ errx(1, "Failed to create initialize event.");
|
|
|
|
+ evtimer_add(initialize, &now);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nfsdret != 0 && wd < 0)
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -419,15 +455,60 @@ main(int argc, char **argv)
|
2020-08-04 13:38:56 +00:00
|
|
|
|
|
|
|
daemon_ready();
|
|
|
|
|
|
|
|
- if (event_dispatch() < 0)
|
|
|
|
+ if (event_base_dispatch(evbase) < 0)
|
|
|
|
xlog_err("main: event_dispatch returns errno %d (%s)",
|
|
|
|
errno, strerror(errno));
|
|
|
|
- /* NOTREACHED */
|
|
|
|
+
|
|
|
|
+ nfs4_term_name_mapping();
|
|
|
|
+ nfsdclose();
|
|
|
|
+
|
|
|
|
+ if (inotifyev)
|
|
|
|
+ event_free(inotifyev);
|
|
|
|
+ if (inotify_fd != -1)
|
|
|
|
+ close(inotify_fd);
|
|
|
|
+
|
|
|
|
+ if (initialize)
|
|
|
|
+ event_free(initialize);
|
|
|
|
+ if (rootdirev)
|
|
|
|
+ event_free(rootdirev);
|
|
|
|
+ if (clntdirev)
|
|
|
|
+ event_free(clntdirev);
|
|
|
|
+ if (svrdirev)
|
|
|
|
+ event_free(svrdirev);
|
|
|
|
+ event_base_free(evbase);
|
|
|
|
+
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
-dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
|
|
|
|
+flush_inotify(int fd)
|
|
|
|
+{
|
|
|
|
+ while (true) {
|
|
|
|
+ char buf[4096] __attribute__ ((aligned(__alignof__(struct inotify_event))));
|
|
|
|
+ const struct inotify_event *ev;
|
|
|
|
+ ssize_t len;
|
|
|
|
+ char *ptr;
|
|
|
|
+
|
|
|
|
+ len = read(fd, buf, sizeof(buf));
|
|
|
|
+ if (len == -1 && errno == EINTR)
|
|
|
|
+ continue;
|
|
|
|
+
|
|
|
|
+ if (len <= 0)
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ for (ptr = buf; ptr < buf + len;
|
|
|
|
+ ptr += sizeof(struct inotify_event) + ev->len) {
|
|
|
|
+
|
|
|
|
+ ev = (const struct inotify_event *)ptr;
|
2020-08-31 15:25:10 +00:00
|
|
|
+ if (verbose > 2)
|
|
|
|
+ xlog_warn("pipefs inotify: wd=%i, mask=0x%08x, len=%i, name=%s",
|
2020-08-04 13:38:56 +00:00
|
|
|
+ ev->wd, ev->mask, ev->len, ev->len ? ev->name : "");
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+dirscancb(int fd, short UNUSED(which), void *data)
|
|
|
|
{
|
|
|
|
int nent, i;
|
|
|
|
struct dirent **ents;
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -435,6 +516,13 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
char path[PATH_MAX+256]; /* + sizeof(d_name) */
|
|
|
|
struct idmap_clientq *icq = data;
|
|
|
|
|
|
|
|
+ if (fd != -1)
|
|
|
|
+ flush_inotify(fd);
|
|
|
|
+
|
|
|
|
+ TAILQ_FOREACH(ic, icq, ic_next) {
|
|
|
|
+ ic->ic_scanned = 0;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
nent = scandir(pipefsdir, &ents, NULL, alphasort);
|
|
|
|
if (nent == -1) {
|
|
|
|
xlog_warn("dirscancb: scandir(%s): %s", pipefsdir, strerror(errno));
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -468,15 +556,15 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
strlcat(path, "/idmap", sizeof(path));
|
|
|
|
strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
|
|
|
|
|
|
|
|
- if (verbose > 0)
|
|
|
|
- xlog_warn("New client: %s", ic->ic_clid);
|
|
|
|
-
|
|
|
|
if (nfsopen(ic) == -1) {
|
|
|
|
close(ic->ic_dirfd);
|
|
|
|
free(ic);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2020-08-31 15:25:10 +00:00
|
|
|
+ if (verbose > 2)
|
2020-08-04 13:38:56 +00:00
|
|
|
+ xlog_warn("New client: %s", ic->ic_clid);
|
|
|
|
+
|
|
|
|
ic->ic_id = "Client";
|
|
|
|
|
|
|
|
TAILQ_INSERT_TAIL(icq, ic, ic_next);
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -490,17 +578,19 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
while(ic != NULL) {
|
|
|
|
nextic=TAILQ_NEXT(ic, ic_next);
|
|
|
|
if (!ic->ic_scanned) {
|
|
|
|
- event_del(&ic->ic_event);
|
|
|
|
- close(ic->ic_fd);
|
|
|
|
- close(ic->ic_dirfd);
|
|
|
|
+ if (ic->ic_event)
|
|
|
|
+ event_free(ic->ic_event);
|
|
|
|
+ if (ic->ic_fd != -1)
|
|
|
|
+ close(ic->ic_fd);
|
|
|
|
+ if (ic->ic_dirfd != -1)
|
|
|
|
+ close(ic->ic_dirfd);
|
|
|
|
TAILQ_REMOVE(icq, ic, ic_next);
|
2020-08-31 15:25:10 +00:00
|
|
|
- if (verbose > 0) {
|
|
|
|
+ if (verbose > 2) {
|
2020-08-04 13:38:56 +00:00
|
|
|
xlog_warn("Stale client: %s", ic->ic_clid);
|
|
|
|
xlog_warn("\t-> closed %s", ic->ic_path);
|
|
|
|
}
|
|
|
|
free(ic);
|
|
|
|
- } else
|
|
|
|
- ic->ic_scanned = 0;
|
|
|
|
+ }
|
|
|
|
ic = nextic;
|
|
|
|
}
|
|
|
|
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -546,7 +636,7 @@ nfsdcb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
unsigned long tmp;
|
|
|
|
|
|
|
|
if (which != EV_READ)
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
|
|
|
|
len = read(ic->ic_fd, buf, sizeof(buf));
|
|
|
|
if (len == 0)
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -569,13 +659,13 @@ nfsdcb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
/* Authentication name -- ignored for now*/
|
|
|
|
if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
|
|
|
|
xlog_warn("nfsdcb: bad authentication name in upcall\n");
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
if (getfield(&bp, typebuf, sizeof(typebuf)) == -1) {
|
|
|
|
xlog_warn("nfsdcb: bad type in upcall\n");
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
2020-08-31 15:25:10 +00:00
|
|
|
- if (verbose > 0)
|
|
|
|
+ if (verbose > 2)
|
2020-08-04 13:38:56 +00:00
|
|
|
xlog_warn("nfsdcb: authbuf=%s authtype=%s",
|
2020-08-31 15:25:10 +00:00
|
|
|
authbuf, typebuf);
|
|
|
|
|
|
|
|
@@ -587,26 +677,26 @@ nfsdcb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
im.im_conv = IDMAP_CONV_NAMETOID;
|
|
|
|
if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
|
|
|
|
xlog_warn("nfsdcb: bad name in upcall\n");
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case IC_IDNAME:
|
|
|
|
im.im_conv = IDMAP_CONV_IDTONAME;
|
|
|
|
if (getfield(&bp, buf1, sizeof(buf1)) == -1) {
|
|
|
|
xlog_warn("nfsdcb: bad id in upcall\n");
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
tmp = strtoul(buf1, (char **)NULL, 10);
|
|
|
|
im.im_id = (u_int32_t)tmp;
|
|
|
|
if ((tmp == ULONG_MAX && errno == ERANGE)
|
|
|
|
|| (unsigned long)im.im_id != tmp) {
|
|
|
|
xlog_warn("nfsdcb: id '%s' too big!\n", buf1);
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
|
|
|
|
imconv(ic, &im);
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -667,7 +757,7 @@ nfsdcb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
|
|
|
|
bsiz = sizeof(buf) - bsiz;
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -675,9 +765,6 @@ nfsdcb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
if (atomicio((void*)write, ic->ic_fd, buf, bsiz) != bsiz)
|
|
|
|
xlog_warn("nfsdcb: write(%s) failed: errno %d (%s)",
|
|
|
|
ic->ic_path, errno, strerror(errno));
|
|
|
|
-
|
|
|
|
-out:
|
|
|
|
- event_add(&ic->ic_event, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -721,14 +808,12 @@ nfscb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
struct idmap_msg im;
|
|
|
|
|
|
|
|
if (which != EV_READ)
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
|
|
|
|
if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
|
|
|
|
if (verbose > 0)
|
|
|
|
xlog_warn("nfscb: read(%s): %s", ic->ic_path, strerror(errno));
|
|
|
|
- if (errno == EPIPE)
|
|
|
|
- return;
|
|
|
|
- goto out;
|
|
|
|
+ return;
|
|
|
|
}
|
|
|
|
|
|
|
|
imconv(ic, &im);
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -742,8 +827,19 @@ nfscb(int UNUSED(fd), short which, void *data)
|
2020-08-04 13:38:56 +00:00
|
|
|
|
|
|
|
if (atomicio((void*)write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
|
|
|
|
xlog_warn("nfscb: write(%s): %s", ic->ic_path, strerror(errno));
|
|
|
|
-out:
|
|
|
|
- event_add(&ic->ic_event, NULL);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
|
|
|
+nfsdclose_one(struct idmap_client *ic)
|
|
|
|
+{
|
|
|
|
+ if (ic->ic_event) {
|
|
|
|
+ event_free(ic->ic_event);
|
|
|
|
+ ic->ic_event = NULL;
|
|
|
|
+ }
|
|
|
|
+ if (ic->ic_fd != -1) {
|
|
|
|
+ close(ic->ic_fd);
|
|
|
|
+ ic->ic_fd = -1;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -751,18 +847,22 @@ nfsdreopen_one(struct idmap_client *ic)
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
- if (verbose > 0)
|
|
|
|
+ if (verbose > 2)
|
2020-08-04 13:38:56 +00:00
|
|
|
xlog_warn("ReOpening %s", ic->ic_path);
|
|
|
|
|
|
|
|
if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
|
|
|
|
- if ((event_initialized(&ic->ic_event)))
|
|
|
|
- event_del(&ic->ic_event);
|
|
|
|
- if (ic->ic_fd != -1)
|
|
|
|
- close(ic->ic_fd);
|
|
|
|
+ nfsdclose_one(ic);
|
|
|
|
|
|
|
|
- ic->ic_event.ev_fd = ic->ic_fd = fd;
|
|
|
|
- event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
|
|
|
|
- event_add(&ic->ic_event, NULL);
|
|
|
|
+ ic->ic_fd = fd;
|
|
|
|
+ ic->ic_event = event_new(evbase, ic->ic_fd, EV_READ | EV_PERSIST, nfsdcb, ic);
|
|
|
|
+ if (ic->ic_event == NULL) {
|
|
|
|
+ xlog_warn("nfsdreopen: Failed to create event for '%s'",
|
|
|
|
+ ic->ic_path);
|
|
|
|
+ close(ic->ic_fd);
|
|
|
|
+ ic->ic_fd = -1;
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+ event_add(ic->ic_event, NULL);
|
|
|
|
} else {
|
|
|
|
xlog_warn("nfsdreopen: Opening '%s' failed: errno %d (%s)",
|
|
|
|
ic->ic_path, errno, strerror(errno));
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -784,6 +884,13 @@ nfsdopen(void)
|
2020-08-04 13:38:56 +00:00
|
|
|
nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1);
|
|
|
|
}
|
|
|
|
|
|
|
|
+static void
|
|
|
|
+nfsdclose(void)
|
|
|
|
+{
|
|
|
|
+ nfsdclose_one(&nfsd_ic[IC_NAMEID]);
|
|
|
|
+ nfsdclose_one(&nfsd_ic[IC_IDNAME]);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
static int
|
|
|
|
nfsdopenone(struct idmap_client *ic)
|
|
|
|
{
|
2020-08-31 15:25:10 +00:00
|
|
|
@@ -795,10 +902,18 @@ nfsdopenone(struct idmap_client *ic)
|
2020-08-04 13:38:56 +00:00
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
- event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
|
|
|
|
- event_add(&ic->ic_event, NULL);
|
|
|
|
+ ic->ic_event = event_new(evbase, ic->ic_fd, EV_READ | EV_PERSIST, nfsdcb, ic);
|
|
|
|
+ if (ic->ic_event == NULL) {
|
|
|
|
+ if (verbose > 0)
|
|
|
|
+ xlog_warn("nfsdopenone: Create event for %s failed",
|
|
|
|
+ ic->ic_path);
|
|
|
|
+ close(ic->ic_fd);
|
|
|
|
+ ic->ic_fd = -1;
|
|
|
|
+ return (-1);
|
|
|
|
+ }
|
|
|
|
+ event_add(ic->ic_event, NULL);
|
|
|
|
|
2020-08-31 15:25:10 +00:00
|
|
|
- if (verbose > 0)
|
|
|
|
+ if (verbose > 2)
|
2020-08-04 13:38:56 +00:00
|
|
|
xlog_warn("Opened %s", ic->ic_path);
|
2020-08-31 15:25:10 +00:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
@@ -808,25 +923,35 @@ static int
|
2020-08-04 13:38:56 +00:00
|
|
|
nfsopen(struct idmap_client *ic)
|
|
|
|
{
|
|
|
|
if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
|
|
|
|
- switch (errno) {
|
|
|
|
- case ENOENT:
|
|
|
|
- fcntl(ic->ic_dirfd, F_SETSIG, SIGUSR2);
|
|
|
|
- fcntl(ic->ic_dirfd, F_NOTIFY,
|
|
|
|
- DN_CREATE | DN_DELETE | DN_MULTISHOT);
|
|
|
|
- break;
|
|
|
|
- default:
|
|
|
|
- xlog_warn("nfsopen: open(%s): %s", ic->ic_path, strerror(errno));
|
|
|
|
- return (-1);
|
|
|
|
+ if (errno == ENOENT) {
|
|
|
|
+ char *slash;
|
|
|
|
+
|
|
|
|
+ slash = strrchr(ic->ic_path, '/');
|
|
|
|
+ if (!slash)
|
|
|
|
+ return -1;
|
|
|
|
+ *slash = 0;
|
|
|
|
+ inotify_add_watch(inotify_fd, ic->ic_path, IN_CREATE | IN_ONLYDIR | IN_ONESHOT);
|
|
|
|
+ *slash = '/';
|
2020-08-31 15:25:10 +00:00
|
|
|
+ if (verbose > 2)
|
|
|
|
+ xlog_warn("Path %s not available. waiting...", ic->ic_path);
|
2020-08-04 13:38:56 +00:00
|
|
|
+ return -1;
|
|
|
|
}
|
|
|
|
- } else {
|
|
|
|
- event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
|
|
|
|
- event_add(&ic->ic_event, NULL);
|
|
|
|
- fcntl(ic->ic_dirfd, F_NOTIFY, 0);
|
|
|
|
- fcntl(ic->ic_dirfd, F_SETSIG, 0);
|
|
|
|
- if (verbose > 0)
|
|
|
|
- xlog_warn("Opened %s", ic->ic_path);
|
|
|
|
+
|
|
|
|
+ xlog_warn("nfsopen: open(%s): %s", ic->ic_path, strerror(errno));
|
|
|
|
+ return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
+ ic->ic_event = event_new(evbase, ic->ic_fd, EV_READ | EV_PERSIST, nfscb, ic);
|
|
|
|
+ if (ic->ic_event == NULL) {
|
|
|
|
+ xlog_warn("nfsopen: Create event for %s failed", ic->ic_path);
|
|
|
|
+ close(ic->ic_fd);
|
|
|
|
+ ic->ic_fd = -1;
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+ event_add(ic->ic_event, NULL);
|
2020-08-31 15:25:10 +00:00
|
|
|
+ if (verbose > 2)
|
2020-08-04 13:38:56 +00:00
|
|
|
+ xlog_warn("Opened %s", ic->ic_path);
|
|
|
|
+
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
diff --git a/utils/mount/network.c b/utils/mount/network.c
|
|
|
|
index 6ac913d..d9c0b51 100644
|
|
|
|
--- a/utils/mount/network.c
|
|
|
|
+++ b/utils/mount/network.c
|
|
|
|
@@ -1268,14 +1268,14 @@ nfs_nfs_program(struct mount_options *options, unsigned long *program)
|
|
|
|
int
|
|
|
|
nfs_nfs_version(char *type, struct mount_options *options, struct nfs_version *version)
|
|
|
|
{
|
|
|
|
- char *version_key, *version_val, *cptr;
|
|
|
|
+ char *version_key, *version_val = NULL, *cptr;
|
|
|
|
int i, found = 0;
|
|
|
|
|
|
|
|
version->v_mode = V_DEFAULT;
|
|
|
|
|
|
|
|
for (i = 0; nfs_version_opttbl[i]; i++) {
|
|
|
|
if (po_contains_prefix(options, nfs_version_opttbl[i],
|
|
|
|
- &version_key) == PO_FOUND) {
|
|
|
|
+ &version_key) == PO_FOUND) {
|
|
|
|
found++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
|
|
|
|
index 901f995..91a976b 100644
|
|
|
|
--- a/utils/mount/stropts.c
|
|
|
|
+++ b/utils/mount/stropts.c
|
|
|
|
@@ -1094,9 +1094,7 @@ static int nfsmount_fg(struct nfsmount_info *mi)
|
|
|
|
if (nfs_try_mount(mi))
|
|
|
|
return EX_SUCCESS;
|
|
|
|
|
|
|
|
-#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
|
|
|
|
if (errno == EBUSY && is_mountpoint(mi->node)) {
|
|
|
|
-#pragma GCC diagnostic warning "-Wdiscarded-qualifiers"
|
|
|
|
/*
|
|
|
|
* EBUSY can happen when mounting a filesystem that
|
|
|
|
* is already mounted or when the context= are
|
|
|
|
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
|
|
|
|
index 6cba288..ea74067 100644
|
|
|
|
--- a/utils/mountd/cache.c
|
|
|
|
+++ b/utils/mountd/cache.c
|
|
|
|
@@ -57,7 +57,7 @@ enum nfsd_fsid {
|
|
|
|
};
|
|
|
|
|
|
|
|
#undef is_mountpoint
|
|
|
|
-static int is_mountpoint(char *path)
|
|
|
|
+static int is_mountpoint(const char *path)
|
|
|
|
{
|
|
|
|
return check_is_mountpoint(path, nfsd_path_lstat);
|
|
|
|
}
|
|
|
|
diff --git a/utils/nfsdcld/cld-internal.h b/utils/nfsdcld/cld-internal.h
|
|
|
|
index cc283da..3576515 100644
|
|
|
|
--- a/utils/nfsdcld/cld-internal.h
|
|
|
|
+++ b/utils/nfsdcld/cld-internal.h
|
|
|
|
@@ -26,7 +26,7 @@
|
|
|
|
|
|
|
|
struct cld_client {
|
|
|
|
int cl_fd;
|
|
|
|
- struct event cl_event;
|
|
|
|
+ struct event *cl_event;
|
|
|
|
union {
|
|
|
|
struct cld_msg cl_msg;
|
|
|
|
#if UPCALL_VERSION >= 2
|
|
|
|
diff --git a/utils/nfsdcld/legacy.c b/utils/nfsdcld/legacy.c
|
|
|
|
index 3c6bea6..b89374c 100644
|
|
|
|
--- a/utils/nfsdcld/legacy.c
|
|
|
|
+++ b/utils/nfsdcld/legacy.c
|
|
|
|
@@ -48,35 +48,28 @@ legacy_load_clients_from_recdir(int *num_records)
|
|
|
|
int fd;
|
|
|
|
DIR *v4recovery;
|
|
|
|
struct dirent *entry;
|
|
|
|
- char recdirname[PATH_MAX];
|
|
|
|
+ char recdirname[PATH_MAX+1];
|
|
|
|
char buf[NFS4_OPAQUE_LIMIT];
|
|
|
|
- struct stat st;
|
|
|
|
char *nl;
|
|
|
|
+ ssize_t n;
|
|
|
|
|
|
|
|
fd = open(NFSD_RECDIR_FILE, O_RDONLY);
|
|
|
|
if (fd < 0) {
|
|
|
|
xlog(D_GENERAL, "Unable to open %s: %m", NFSD_RECDIR_FILE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
- if (read(fd, recdirname, PATH_MAX) < 0) {
|
|
|
|
+ n = read(fd, recdirname, PATH_MAX);
|
|
|
|
+ close(fd);
|
|
|
|
+ if (n < 0) {
|
|
|
|
xlog(D_GENERAL, "Unable to read from %s: %m", NFSD_RECDIR_FILE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
- close(fd);
|
|
|
|
/* the output from the proc file isn't null-terminated */
|
|
|
|
+ recdirname[PATH_MAX] = '\0';
|
|
|
|
nl = strchr(recdirname, '\n');
|
|
|
|
if (!nl)
|
|
|
|
return;
|
|
|
|
*nl = '\0';
|
|
|
|
- if (stat(recdirname, &st) < 0) {
|
|
|
|
- xlog(D_GENERAL, "Unable to stat %s: %d", recdirname, errno);
|
|
|
|
- return;
|
|
|
|
- }
|
|
|
|
- if (!S_ISDIR(st.st_mode)) {
|
|
|
|
- xlog(D_GENERAL, "%s is not a directory: mode=0%o", recdirname
|
|
|
|
- , st.st_mode);
|
|
|
|
- return;
|
|
|
|
- }
|
|
|
|
v4recovery = opendir(recdirname);
|
|
|
|
if (!v4recovery)
|
|
|
|
return;
|
|
|
|
@@ -123,35 +116,28 @@ legacy_clear_recdir(void)
|
|
|
|
int fd;
|
|
|
|
DIR *v4recovery;
|
|
|
|
struct dirent *entry;
|
|
|
|
- char recdirname[PATH_MAX];
|
|
|
|
+ char recdirname[PATH_MAX+1];
|
|
|
|
char dirname[PATH_MAX];
|
|
|
|
- struct stat st;
|
|
|
|
char *nl;
|
|
|
|
+ ssize_t n;
|
|
|
|
|
|
|
|
fd = open(NFSD_RECDIR_FILE, O_RDONLY);
|
|
|
|
if (fd < 0) {
|
|
|
|
xlog(D_GENERAL, "Unable to open %s: %m", NFSD_RECDIR_FILE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
- if (read(fd, recdirname, PATH_MAX) < 0) {
|
|
|
|
+ n = read(fd, recdirname, PATH_MAX);
|
|
|
|
+ close(fd);
|
|
|
|
+ if (n < 0) {
|
|
|
|
xlog(D_GENERAL, "Unable to read from %s: %m", NFSD_RECDIR_FILE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
- close(fd);
|
|
|
|
/* the output from the proc file isn't null-terminated */
|
|
|
|
+ recdirname[PATH_MAX] = '\0';
|
|
|
|
nl = strchr(recdirname, '\n');
|
|
|
|
if (!nl)
|
|
|
|
return;
|
|
|
|
*nl = '\0';
|
|
|
|
- if (stat(recdirname, &st) < 0) {
|
|
|
|
- xlog(D_GENERAL, "Unable to stat %s: %d", recdirname, errno);
|
|
|
|
- return;
|
|
|
|
- }
|
|
|
|
- if (!S_ISDIR(st.st_mode)) {
|
|
|
|
- xlog(D_GENERAL, "%s is not a directory: mode=0%o", recdirname
|
|
|
|
- , st.st_mode);
|
|
|
|
- return;
|
|
|
|
- }
|
|
|
|
v4recovery = opendir(recdirname);
|
|
|
|
if (!v4recovery)
|
|
|
|
return;
|
|
|
|
diff --git a/utils/nfsdcld/nfsdcld.c b/utils/nfsdcld/nfsdcld.c
|
|
|
|
index be65562..636c398 100644
|
|
|
|
--- a/utils/nfsdcld/nfsdcld.c
|
|
|
|
+++ b/utils/nfsdcld/nfsdcld.c
|
|
|
|
@@ -24,9 +24,10 @@
|
|
|
|
#endif /* HAVE_CONFIG_H */
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
-#include <event.h>
|
|
|
|
+#include <event2/event.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <getopt.h>
|
|
|
|
+#include <signal.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
@@ -66,8 +67,10 @@
|
|
|
|
static char pipefs_dir[PATH_MAX] = DEFAULT_PIPEFS_DIR;
|
|
|
|
static char pipepath[PATH_MAX];
|
|
|
|
static int inotify_fd = -1;
|
|
|
|
-static struct event pipedir_event;
|
|
|
|
+static struct event *pipedir_event;
|
|
|
|
+static struct event_base *evbase;
|
|
|
|
static bool old_kernel = false;
|
|
|
|
+static bool signal_received = false;
|
|
|
|
|
|
|
|
uint64_t current_epoch;
|
|
|
|
uint64_t recovery_epoch;
|
|
|
|
@@ -88,6 +91,19 @@ static struct option longopts[] =
|
|
|
|
/* forward declarations */
|
|
|
|
static void cldcb(int UNUSED(fd), short which, void *data);
|
|
|
|
|
|
|
|
+static void
|
|
|
|
+sig_die(int signal)
|
|
|
|
+{
|
|
|
|
+ if (signal_received) {
|
|
|
|
+ xlog(D_GENERAL, "forced exiting on signal %d\n", signal);
|
|
|
|
+ exit(0);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ signal_received = true;
|
|
|
|
+ xlog(D_GENERAL, "exiting on signal %d\n", signal);
|
|
|
|
+ event_base_loopexit(evbase, NULL);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
static void
|
|
|
|
usage(char *progname)
|
|
|
|
{
|
|
|
|
@@ -141,6 +157,7 @@ static int
|
|
|
|
cld_pipe_open(struct cld_client *clnt)
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
+ struct event *ev;
|
|
|
|
|
|
|
|
xlog(D_GENERAL, "%s: opening upcall pipe %s", __func__, pipepath);
|
|
|
|
fd = open(pipepath, O_RDWR, 0);
|
|
|
|
@@ -149,13 +166,22 @@ cld_pipe_open(struct cld_client *clnt)
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (event_initialized(&clnt->cl_event))
|
|
|
|
- event_del(&clnt->cl_event);
|
|
|
|
+ ev = event_new(evbase, fd, EV_READ, cldcb, clnt);
|
|
|
|
+ if (ev == NULL) {
|
|
|
|
+ xlog(D_GENERAL, "%s: failed to create event for %s", __func__, pipepath);
|
|
|
|
+ close(fd);
|
|
|
|
+ return -ENOMEM;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (clnt->cl_event && event_initialized(clnt->cl_event)) {
|
|
|
|
+ event_del(clnt->cl_event);
|
|
|
|
+ event_free(clnt->cl_event);
|
|
|
|
+ }
|
|
|
|
if (clnt->cl_fd >= 0)
|
|
|
|
close(clnt->cl_fd);
|
|
|
|
|
|
|
|
clnt->cl_fd = fd;
|
|
|
|
- event_set(&clnt->cl_event, clnt->cl_fd, EV_READ, cldcb, clnt);
|
|
|
|
+ clnt->cl_event = ev;
|
|
|
|
/* event_add is done by the caller */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
@@ -208,7 +234,7 @@ cld_inotify_cb(int UNUSED(fd), short which, void *data)
|
|
|
|
switch (ret) {
|
|
|
|
case 0:
|
|
|
|
/* readd the event for the cl_event pipe */
|
|
|
|
- event_add(&clnt->cl_event, NULL);
|
|
|
|
+ event_add(clnt->cl_event, NULL);
|
|
|
|
break;
|
|
|
|
case -ENOENT:
|
|
|
|
/* pipe must have disappeared, wait for it to come back */
|
|
|
|
@@ -221,7 +247,7 @@ cld_inotify_cb(int UNUSED(fd), short which, void *data)
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
- event_add(&pipedir_event, NULL);
|
|
|
|
+ event_add(pipedir_event, NULL);
|
|
|
|
free(dirc);
|
|
|
|
}
|
|
|
|
|
|
|
|
@@ -252,11 +278,12 @@ cld_inotify_setup(void)
|
|
|
|
xlog_err("%s: inotify_add_watch failed: %m", __func__);
|
|
|
|
ret = -errno;
|
|
|
|
goto out_err;
|
|
|
|
- }
|
|
|
|
+ } else
|
|
|
|
+ ret = 0;
|
|
|
|
|
|
|
|
out_free:
|
|
|
|
free(dirc);
|
|
|
|
- return 0;
|
|
|
|
+ return ret;
|
|
|
|
out_err:
|
|
|
|
close(inotify_fd);
|
|
|
|
goto out_free;
|
|
|
|
@@ -286,7 +313,7 @@ cld_pipe_init(struct cld_client *clnt)
|
|
|
|
switch (ret) {
|
|
|
|
case 0:
|
|
|
|
/* add the event and we're good to go */
|
|
|
|
- event_add(&clnt->cl_event, NULL);
|
|
|
|
+ event_add(clnt->cl_event, NULL);
|
|
|
|
break;
|
|
|
|
case -ENOENT:
|
|
|
|
/* ignore this error -- cld_inotify_cb will handle it */
|
|
|
|
@@ -299,8 +326,12 @@ cld_pipe_init(struct cld_client *clnt)
|
|
|
|
}
|
|
|
|
|
|
|
|
/* set event for inotify read */
|
|
|
|
- event_set(&pipedir_event, inotify_fd, EV_READ, cld_inotify_cb, clnt);
|
|
|
|
- event_add(&pipedir_event, NULL);
|
|
|
|
+ pipedir_event = event_new(evbase, inotify_fd, EV_READ, cld_inotify_cb, clnt);
|
|
|
|
+ if (pipedir_event == NULL) {
|
|
|
|
+ close(inotify_fd);
|
|
|
|
+ return -ENOMEM;
|
|
|
|
+ }
|
|
|
|
+ event_add(pipedir_event, NULL);
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
@@ -331,6 +362,7 @@ cld_check_grace_period(void)
|
|
|
|
if (read(fd, &c, 1) < 0) {
|
|
|
|
xlog(L_WARNING, "Unable to read from %s: %m",
|
|
|
|
NFSD_END_GRACE_FILE);
|
|
|
|
+ close(fd);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
close(fd);
|
|
|
|
@@ -737,7 +769,7 @@ cldcb(int UNUSED(fd), short which, void *data)
|
|
|
|
cld_not_implemented(clnt);
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
- event_add(&clnt->cl_event, NULL);
|
|
|
|
+ event_add(clnt->cl_event, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
@@ -762,7 +794,11 @@ main(int argc, char **argv)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
- event_init();
|
|
|
|
+ evbase = event_base_new();
|
|
|
|
+ if (evbase == NULL) {
|
|
|
|
+ fprintf(stderr, "%s: unable to allocate event base.\n", argv[0]);
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
xlog_syslog(0);
|
|
|
|
xlog_stderr(1);
|
|
|
|
|
|
|
|
@@ -795,6 +831,7 @@ main(int argc, char **argv)
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
usage(progname);
|
|
|
|
+ free(progname);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -859,14 +896,27 @@ main(int argc, char **argv)
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
+ signal(SIGINT, sig_die);
|
|
|
|
+ signal(SIGTERM, sig_die);
|
|
|
|
+
|
|
|
|
xlog(D_GENERAL, "%s: Starting event dispatch handler.", __func__);
|
|
|
|
- rc = event_dispatch();
|
|
|
|
+ rc = event_base_dispatch(evbase);
|
|
|
|
if (rc < 0)
|
|
|
|
xlog(L_ERROR, "%s: event_dispatch failed: %m", __func__);
|
|
|
|
|
|
|
|
- close(clnt.cl_fd);
|
|
|
|
- close(inotify_fd);
|
|
|
|
out:
|
|
|
|
+ if (clnt.cl_event)
|
|
|
|
+ event_free(clnt.cl_event);
|
|
|
|
+ if (clnt.cl_fd != -1)
|
|
|
|
+ close(clnt.cl_fd);
|
|
|
|
+ if (pipedir_event)
|
|
|
|
+ event_free(pipedir_event);
|
|
|
|
+ if (inotify_fd != -1)
|
|
|
|
+ close(inotify_fd);
|
|
|
|
+
|
|
|
|
+ event_base_free(evbase);
|
|
|
|
+ sqlite_shutdown();
|
|
|
|
+
|
|
|
|
free(progname);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
diff --git a/utils/nfsdcld/sqlite.c b/utils/nfsdcld/sqlite.c
|
|
|
|
index 6666c86..03016fb 100644
|
|
|
|
--- a/utils/nfsdcld/sqlite.c
|
|
|
|
+++ b/utils/nfsdcld/sqlite.c
|
|
|
|
@@ -48,7 +48,6 @@
|
|
|
|
|
|
|
|
#include <dirent.h>
|
|
|
|
#include <errno.h>
|
|
|
|
-#include <event.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
@@ -380,7 +379,7 @@ sqlite_maindb_init_v4(void)
|
|
|
|
&err);
|
|
|
|
if (ret != SQLITE_OK) {
|
|
|
|
xlog(L_ERROR, "Unable to begin transaction: %s", err);
|
|
|
|
- return ret;
|
|
|
|
+ goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
@@ -831,7 +830,6 @@ sqlite_prepare_dbh(const char *topdir)
|
|
|
|
switch (ret) {
|
|
|
|
case CLD_SQLITE_LATEST_SCHEMA_VERSION:
|
|
|
|
/* DB is already set up. Do nothing */
|
|
|
|
- ret = 0;
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
/* Old DB -- update to new schema */
|
|
|
|
@@ -868,6 +866,8 @@ sqlite_prepare_dbh(const char *topdir)
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = sqlite_startup_query_grace();
|
|
|
|
+ if (ret)
|
|
|
|
+ goto out_close;
|
|
|
|
|
|
|
|
ret = sqlite_query_first_time(&first_time);
|
|
|
|
if (ret)
|
|
|
|
@@ -1330,20 +1330,26 @@ sqlite_iterate_recovery(int (*cb)(struct cld_client *clnt), struct cld_client *c
|
|
|
|
}
|
|
|
|
|
|
|
|
while ((ret = sqlite3_step(stmt)) == SQLITE_ROW) {
|
|
|
|
+ const void *id;
|
|
|
|
+ int id_len;
|
|
|
|
+
|
|
|
|
+ id = sqlite3_column_blob(stmt, 0);
|
|
|
|
+ id_len = sqlite3_column_bytes(stmt, 0);
|
|
|
|
+ if (id_len > NFS4_OPAQUE_LIMIT)
|
|
|
|
+ id_len = NFS4_OPAQUE_LIMIT;
|
|
|
|
+
|
|
|
|
memset(&cmsg->cm_u, 0, sizeof(cmsg->cm_u));
|
|
|
|
#if UPCALL_VERSION >= 2
|
|
|
|
- memcpy(&cmsg->cm_u.cm_clntinfo.cc_name.cn_id,
|
|
|
|
- sqlite3_column_blob(stmt, 0), NFS4_OPAQUE_LIMIT);
|
|
|
|
- cmsg->cm_u.cm_clntinfo.cc_name.cn_len = sqlite3_column_bytes(stmt, 0);
|
|
|
|
+ memcpy(&cmsg->cm_u.cm_clntinfo.cc_name.cn_id, id, id_len);
|
|
|
|
+ cmsg->cm_u.cm_clntinfo.cc_name.cn_len = id_len;
|
|
|
|
if (sqlite3_column_bytes(stmt, 1) > 0) {
|
|
|
|
memcpy(&cmsg->cm_u.cm_clntinfo.cc_princhash.cp_data,
|
|
|
|
sqlite3_column_blob(stmt, 1), SHA256_DIGEST_SIZE);
|
|
|
|
cmsg->cm_u.cm_clntinfo.cc_princhash.cp_len = sqlite3_column_bytes(stmt, 1);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
- memcpy(&cmsg->cm_u.cm_name.cn_id, sqlite3_column_blob(stmt, 0),
|
|
|
|
- NFS4_OPAQUE_LIMIT);
|
|
|
|
- cmsg->cm_u.cm_name.cn_len = sqlite3_column_bytes(stmt, 0);
|
|
|
|
+ memcpy(&cmsg->cm_u.cm_name.cn_id, id, id_len);
|
|
|
|
+ cmsg->cm_u.cm_name.cn_len = id_len;
|
|
|
|
#endif
|
|
|
|
cb(clnt);
|
|
|
|
}
|
|
|
|
@@ -1404,3 +1410,18 @@ sqlite_first_time_done(void)
|
|
|
|
sqlite3_free(err);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
+
|
|
|
|
+/*
|
|
|
|
+ * Closes all sqlite3 resources and shuts down the library.
|
|
|
|
+ *
|
|
|
|
+ */
|
|
|
|
+void
|
|
|
|
+sqlite_shutdown(void)
|
|
|
|
+{
|
|
|
|
+ if (dbh != NULL) {
|
|
|
|
+ sqlite3_close(dbh);
|
|
|
|
+ dbh = NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ sqlite3_shutdown();
|
|
|
|
+}
|
|
|
|
diff --git a/utils/nfsdcld/sqlite.h b/utils/nfsdcld/sqlite.h
|
|
|
|
index 0a26ad6..044236c 100644
|
|
|
|
--- a/utils/nfsdcld/sqlite.h
|
|
|
|
+++ b/utils/nfsdcld/sqlite.h
|
|
|
|
@@ -34,4 +34,5 @@ int sqlite_iterate_recovery(int (*cb)(struct cld_client *clnt), struct cld_clien
|
|
|
|
int sqlite_delete_cltrack_records(void);
|
|
|
|
int sqlite_first_time_done(void);
|
|
|
|
|
|
|
|
+void sqlite_shutdown(void);
|
|
|
|
#endif /* _SQLITE_H */
|
|
|
|
diff --git a/utils/nfsdcltrack/sqlite.c b/utils/nfsdcltrack/sqlite.c
|
|
|
|
index 2801201..f79aebb 100644
|
|
|
|
--- a/utils/nfsdcltrack/sqlite.c
|
|
|
|
+++ b/utils/nfsdcltrack/sqlite.c
|
|
|
|
@@ -40,7 +40,7 @@
|
|
|
|
|
|
|
|
#include <dirent.h>
|
|
|
|
#include <errno.h>
|
|
|
|
-#include <event.h>
|
|
|
|
+#include <stdio.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/stat.h>
|