rpms/nfs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
a5619894ec
nfs-utils/nfs-utils-1.3.4-rc1.patch

421 lines
13 KiB
Diff
Raw Normal View History

Updated to the latest RC release: nfs-utils-1-3-4-rc1 Signed-off-by: Steve Dickson <steved@redhat.com>
2015-11-04 21:34:10 +00:00
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
index b7de636..27368ff 100644
--- a/aclocal/libtirpc.m4
+++ b/aclocal/libtirpc.m4
@@ -20,6 +20,12 @@ AC_DEFUN([AC_LIBTIRPC], [
[Define to 1 if your rpcsec library provides authgss_free_private_data])],,
[${LIBS}])])
+ AS_IF([test -n "${LIBTIRPC}"],
+ [AC_CHECK_LIB([tirpc], [libtirpc_set_debug],
+ [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1],
+ [Define to 1 if your tirpc library provides libtirpc_set_debug])],,
+ [${LIBS}])])
+
AC_SUBST([AM_CPPFLAGS])
AC_SUBST(LIBTIRPC)
diff --git a/support/export/client.c b/support/export/client.c
index 95156f0..af9e6bb 100644
--- a/support/export/client.c
+++ b/support/export/client.c
@@ -686,6 +686,21 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
}
}
+ /* check whether the IP itself is in the netgroup */
+ for (tmp = (struct addrinfo *)ai ; tmp != NULL ; tmp = tmp->ai_next) {
+ free(hname);
+ hname = calloc(INET6_ADDRSTRLEN, 1);
+
+ if (inet_ntop(tmp->ai_family, &(((struct sockaddr_in *)tmp->ai_addr)->sin_addr), hname, INET6_ADDRSTRLEN) != hname) {
+ xlog(D_GENERAL, " %s: unable to inet_ntop addrinfo %p: %m", __func__, tmp, errno);
+ goto out;
+ }
+ if (innetgr(netgroup, hname, NULL, NULL)) {
+ match = 1;
+ goto out;
+ }
+ }
+
/* Okay, strip off the domain (if we have one) */
dot = strchr(hname, '.');
if (dot == NULL)
diff --git a/support/export/hostname.c b/support/export/hostname.c
index 169baa5..7a44d42 100644
--- a/support/export/hostname.c
+++ b/support/export/hostname.c
@@ -134,6 +134,8 @@ host_pton(const char *paddr)
break;
}
return ai;
+ case EAI_NONAME:
+ break;
case EAI_SYSTEM:
xlog(D_GENERAL, "%s: failed to convert %s: (%d) %m",
__func__, paddr, errno);
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
index c9a13cb..ddd71ac 100644
--- a/support/include/nfslib.h
+++ b/support/include/nfslib.h
@@ -176,6 +176,9 @@ size_t strlcpy(char *, const char *, size_t);
ssize_t atomicio(ssize_t (*f) (int, void*, size_t),
int, void *, size_t);
+#ifdef HAVE_LIBTIRPC_SET_DEBUG
+void libtirpc_set_debug(char *name, int level, int use_stderr);
+#endif
#define UNUSED(x) UNUSED_ ## x __attribute__((unused))
diff --git a/support/nfs/mydaemon.c b/support/nfs/mydaemon.c
index 3391eff..343e80b 100644
--- a/support/nfs/mydaemon.c
+++ b/support/nfs/mydaemon.c
@@ -49,6 +49,7 @@
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
+#include <syslog.h>
#include <xlog.h>
#include "nfslib.h"
@@ -122,6 +123,7 @@ daemon_init(bool fg)
dup2(tempfd, 0);
dup2(tempfd, 1);
dup2(tempfd, 2);
+ closelog();
dup2(pipefds[1], 3);
pipefds[1] = 3;
closeall(4);
diff --git a/systemd/Makefile.am b/systemd/Makefile.am
index 0331926..03f96e9 100644
--- a/systemd/Makefile.am
+++ b/systemd/Makefile.am
@@ -28,9 +28,13 @@ endif
if CONFIG_GSS
unit_files += \
auth-rpcgss-module.service \
- rpc-gssd.service \
+ rpc-gssd.service
+
+if CONFIG_SVCGSS
+unit_files += \
rpc-svcgssd.service
endif
+endif
EXTRA_DIST = $(unit_files)
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index 8758231..c7a79a6 100644
--- a/utils/exportfs/exportfs.c
+++ b/utils/exportfs/exportfs.c
@@ -499,9 +499,10 @@ unexportfs(char *arg, int verbose)
static int can_test(void)
{
- char buf[1024];
+ char buf[1024] = { 0 };
int fd;
int n;
+ size_t bufsiz = sizeof(buf);
fd = open("/proc/net/rpc/auth.unix.ip/channel", O_WRONLY);
if (fd < 0)
@@ -514,9 +515,9 @@ static int can_test(void)
* commit 2f74f972 (sunrpc: prepare NFS for 2038).
*/
if (time(NULL) > INT_TO_LONG_THRESHOLD_SECS)
- sprintf(buf, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX);
+ snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX);
else
- sprintf(buf, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX);
+ snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX);
n = write(fd, buf, strlen(buf));
close(fd);
@@ -532,7 +533,8 @@ static int can_test(void)
static int test_export(char *path, int with_fsid)
{
- char buf[1024];
+ /* beside max path, buf size should take protocol str into account */
+ char buf[NFS_MAXPATHLEN+1+64] = { 0 };
char *bp = buf;
int len = sizeof(buf);
int fd, n;
@@ -758,7 +760,8 @@ dumpopt(char c, char *fmt, ...)
static void
dump(int verbose, int export_format)
{
- char buf[1024];
+ /* buf[] size should >= sizeof(struct exportent->e_path) */
+ char buf[NFS_MAXPATHLEN+1] = { 0 };
char *bp;
int len;
nfs_export *exp;
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index e480349..078e558 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -869,6 +869,13 @@ main(int argc, char *argv[])
if (verbosity && rpc_verbosity == 0)
rpc_verbosity = verbosity;
authgss_set_debug_level(rpc_verbosity);
+#elif HAVE_LIBTIRPC_SET_DEBUG
+ /*
+ * Only set the libtirpc debug level if explicitly requested via -r...
+ * gssd is chatty enough as it is.
+ */
+ if (rpc_verbosity > 0)
+ libtirpc_set_debug(progname, rpc_verbosity, fg);
#else
if (rpc_verbosity > 0)
printerr(0, "Warning: rpcsec_gss library does not "
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 11168b2..cee8991 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -348,16 +348,9 @@ create_auth_rpc_client(struct clnt_info *clp,
printerr(2, "creating %s client for server %s\n", clp->protocol,
clp->servername);
- if ((strcmp(clp->protocol, "tcp")) == 0) {
- protocol = IPPROTO_TCP;
- } else if ((strcmp(clp->protocol, "udp")) == 0) {
+ protocol = IPPROTO_TCP;
+ if ((strcmp(clp->protocol, "udp")) == 0)
protocol = IPPROTO_UDP;
- } else {
- printerr(0, "WARNING: unrecognized protocol, '%s', requested "
- "for connection to server %s for user with uid %d\n",
- clp->protocol, clp->servername, uid);
- goto out_fail;
- }
switch (addr->sa_family) {
case AF_INET:
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index ecf17a2..f48de2c 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -801,7 +801,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
char *default_realm = NULL;
char *realm;
char *k5err = NULL;
- int tried_all = 0, tried_default = 0;
+ int tried_all = 0, tried_default = 0, tried_upper = 0;
krb5_principal princ;
const char *notsetstr = "not set";
char *adhostoverride;
@@ -835,7 +835,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
strcpy(myhostad, myhostname);
for (i = 0; myhostad[i] != 0; ++i) {
if (myhostad[i] == '.') break;
- myhostad[i] = toupper(myhostad[i]);
}
myhostad[i] = '$';
myhostad[i+1] = 0;
@@ -936,6 +935,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
+ /*
+ * We tried the active directory machine account
+ * with the hostname part as-is and failed...
+ * convert it to uppercase and try again before
+ * moving on to the svcname
+ */
+ if (strcmp(svcnames[j],"$") == 0 && !tried_upper) {
+ for (i = 0; myhostad[i] != '$'; ++i) {
+ myhostad[i] = toupper(myhostad[i]);
+ }
+ j--;
+ tried_upper = 1;
+ }
} else {
printerr(3, "Success getting keytab entry for '%s'\n",spn);
retval = 0;
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index f1b4347..0fe7c6d 100644
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -135,6 +135,13 @@ main(int argc, char *argv[])
if (verbosity && rpc_verbosity == 0)
rpc_verbosity = verbosity;
authgss_set_debug_level(rpc_verbosity);
+#elif HAVE_LIBTIRPC_SET_DEBUG
+ /*
+ * Only set the libtirpc debug level if explicitly requested via -r...
+ * svcgssd is chatty enough as it is.
+ */
+ if (rpc_verbosity > 0)
+ libtirpc_set_debug(progname, rpc_verbosity, fg);
#else
if (rpc_verbosity > 0)
printerr(0, "Warning: rpcsec_gss library does not "
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 330cab5..894a7a5 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -85,7 +85,7 @@ auth_reload()
{
struct stat stb;
static ino_t last_inode;
- static int last_fd;
+ static int last_fd = -1;
static unsigned int counter;
int fd;
@@ -93,11 +93,22 @@ auth_reload()
xlog(L_FATAL, "couldn't open %s", _PATH_ETAB);
} else if (fstat(fd, &stb) < 0) {
xlog(L_FATAL, "couldn't stat %s", _PATH_ETAB);
- } else if (stb.st_ino == last_inode) {
+ close(fd);
+ } else if (last_fd != -1 && stb.st_ino == last_inode) {
+ /* We opened the etab file before, and its inode
+ * number hasn't changed since then.
+ */
close(fd);
return counter;
} else {
- close(last_fd);
+ /* Need to process entries from the etab file. Close
+ * the file descriptor from the previous open (last_fd),
+ * and keep the current file descriptor open to prevent
+ * the file system reusing the current inode number
+ * (last_inode).
+ */
+ if (last_fd != -1)
+ close(last_fd);
last_fd = fd;
last_inode = stb.st_ino;
}
diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
index a2b11d8..e8efd06 100644
--- a/utils/nfsd/nfssvc.c
+++ b/utils/nfsd/nfssvc.c
@@ -168,22 +168,22 @@ nfssvc_setfds(const struct addrinfo *hints, const char *node, const char *port)
continue;
}
- xlog(D_GENERAL, "Creating %s %s socket.", family, proto);
-
/* open socket and prepare to hand it off to kernel */
sockfd = socket(addr->ai_family, addr->ai_socktype,
addr->ai_protocol);
if (sockfd < 0) {
- if (errno == EAFNOSUPPORT)
- xlog(L_NOTICE, "address family %s not "
- "supported by protocol %s",
- family, proto);
- else
+ if (errno != EAFNOSUPPORT) {
xlog(L_ERROR, "unable to create %s %s socket: "
"errno %d (%m)", family, proto, errno);
- rc = errno;
- goto error;
+ rc = errno;
+ goto error;
+ }
+ addr = addr->ai_next;
+ continue;
}
+
+ xlog(D_GENERAL, "Created %s %s socket.", family, proto);
+
#ifdef IPV6_SUPPORTED
if (addr->ai_family == AF_INET6 &&
setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on))) {
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
index 45c84f9..c4f6364 100644
--- a/utils/statd/rmtcall.c
+++ b/utils/statd/rmtcall.c
@@ -113,7 +113,6 @@ statd_get_socket(void)
if (sockfd < 0)
return -1;
- FD_SET(sockfd, &SVC_FDSET);
return sockfd;
}
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 2b7a167..e5b4c98 100644
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -247,6 +247,7 @@ int main (int argc, char **argv)
int port = 0, out_port = 0;
int nlm_udp = 0, nlm_tcp = 0;
struct rlimit rlim;
+ int notify_sockfd;
/* Default: daemon mode, no other options */
run_mode = 0;
@@ -437,7 +438,7 @@ int main (int argc, char **argv)
}
/* Make sure we have a privilege port for calling into the kernel */
- if (statd_get_socket() < 0)
+ if ((notify_sockfd = statd_get_socket()) < 0)
exit(1);
/* If sm-notify didn't take all the state files, load
@@ -484,7 +485,7 @@ int main (int argc, char **argv)
* Handle incoming requests: SM_NOTIFY socket requests, as
* well as callbacks from lockd.
*/
- my_svc_run(); /* I rolled my own, Olaf made it better... */
+ my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */
/* Only get here when simulating a crash so we should probably
* start sm-notify running again. As we have already dropped
diff --git a/utils/statd/statd.h b/utils/statd/statd.h
index a1d8035..231ac7e 100644
--- a/utils/statd/statd.h
+++ b/utils/statd/statd.h
@@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf,
__attribute__((__malloc__))
extern char * statd_canonical_name(const char *hostname);
-extern void my_svc_run(void);
+extern void my_svc_run(int);
extern void notify_hosts(void);
extern void shuffle_dirs(void);
extern int statd_get_socket(void);
diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c
index d98ecee..28c1ad6 100644
--- a/utils/statd/svc_run.c
+++ b/utils/statd/svc_run.c
@@ -78,7 +78,7 @@ my_svc_exit(void)
* The heart of the server. A crib from libc for the most part...
*/
void
-my_svc_run(void)
+my_svc_run(int sockfd)
{
FD_SET_TYPE readfds;
int selret;
@@ -96,6 +96,8 @@ my_svc_run(void)
}
readfds = SVC_FDSET;
+ /* Set notify sockfd for waiting for reply */
+ FD_SET(sockfd, &readfds);
if (notify) {
struct timeval tv;
@@ -125,8 +127,10 @@ my_svc_run(void)
default:
selret -= process_reply(&readfds);
- if (selret)
+ if (selret) {
+ FD_CLR(sockfd, &readfds);
svc_getreqset(&readfds);
+ }
}
}
}
Reference in New Issue Copy Permalink