From 6464d6107ba148989276371a79ee2f7987b5e259 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Fri, 31 May 2013 10:25:02 -0400 Subject: [PATCH] Update to latest upstream RC release: nfs-utils.1.2.9-rc1 Added GSS_USE_PROXY variable to nfs.sysconfig (bz 967112) Signed-off-by: Steve Dickson --- nfs-utils-1-2-9-rc2.patch | 441 ++++++++++++++++++++++++++++++++++++++ nfs-utils.spec | 8 +- nfs.sysconfig | 2 + 3 files changed, 449 insertions(+), 2 deletions(-) create mode 100644 nfs-utils-1-2-9-rc2.patch diff --git a/nfs-utils-1-2-9-rc2.patch b/nfs-utils-1-2-9-rc2.patch new file mode 100644 index 0000000..d82630f --- /dev/null +++ b/nfs-utils-1-2-9-rc2.patch @@ -0,0 +1,441 @@ +diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h +index a0b80e1..1bfae7a 100644 +--- a/support/include/nfsrpc.h ++++ b/support/include/nfsrpc.h +@@ -156,6 +156,11 @@ extern unsigned long nfs_pmap_getport(const struct sockaddr_in *, + const struct timeval *); + + /* ++ * Use nfs_pmap_getport to see if statd is running locally ++ */ ++extern int nfs_probe_statd(void); ++ ++/* + * Contact a remote RPC service to discover whether it is responding + * to requests. + */ +diff --git a/support/nfs/getport.c b/support/nfs/getport.c +index 3331ad4..081594c 100644 +--- a/support/nfs/getport.c ++++ b/support/nfs/getport.c +@@ -1102,3 +1102,25 @@ unsigned long nfs_pmap_getport(const struct sockaddr_in *sin, + + return port; + } ++ ++static const char *nfs_ns_pgmtbl[] = { ++ "status", ++ NULL, ++}; ++ ++/* ++ * nfs_probe_statd - use nfs_pmap_getport to see if statd is running locally ++ * ++ * Returns non-zero if statd is running locally. ++ */ ++int nfs_probe_statd(void) ++{ ++ struct sockaddr_in addr = { ++ .sin_family = AF_INET, ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl); ++ ++ return nfs_getport_ping((struct sockaddr *)(char *)&addr, sizeof(addr), ++ program, (rpcvers_t)1, IPPROTO_UDP); ++} +diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man +index 1df75c5..ac13fd4 100644 +--- a/utils/gssd/gssd.man ++++ b/utils/gssd/gssd.man +@@ -195,11 +195,28 @@ option when starting + .BR rpc.gssd . + .SH OPTIONS + .TP +-.B -D +-DNS Reverse lookups are not used for determining the +-server names pass to GSSAPI. This option will reverses that and forces +-the use of DNS Reverse resolution of the server's IP address to +-retrieve the server name to use in GSAPI authentication. ++.B \-D ++The server name passed to GSSAPI for authentication is normally the ++name exactly as requested. e.g. for NFS ++it is the server name in the "servername:/path" mount request. Only if this ++servername appears to be an IP address (IPv4 or IPv6) or an ++unqualified name (no dots) will a reverse DNS lookup ++will be performed to get the canoncial server name. ++ ++If ++.B \-D ++is present, a reverse DNS lookup will ++.I always ++be used, even if the server name looks like a canonical name. So it ++is needed if partially qualified, or non canonical names are regularly ++used. ++ ++Using ++.B \-D ++can introduce a security vulnerability, so it is recommended that ++.B \-D ++not be used, and that canonical names always be used when requesting ++services. + .TP + .B -f + Runs +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index af1844c..b7e2bbb 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -67,7 +67,6 @@ + #include + #include + #include +-#include + + #include "gssd.h" + #include "err_util.h" +@@ -176,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr) + char *hostname; + char hbuf[NI_MAXHOST]; + unsigned char buf[sizeof(struct in6_addr)]; +- int servername = 0; + + if (avoid_dns) { + /* +@@ -184,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr) + * If it is an IP address, do the DNS lookup otherwise + * skip the DNS lookup. + */ +- servername = 0; +- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1) +- servername = 1; /* IPv4 */ +- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1) +- servername = 1; /* or IPv6 */ +- +- if (servername) { ++ int is_fqdn = 1; ++ if (strchr(name, '.') == NULL) ++ is_fqdn = 0; /* local name */ ++ else if (inet_pton(AF_INET, name, buf) == 1) ++ is_fqdn = 0; /* IPv4 address */ ++ else if (inet_pton(AF_INET6, name, buf) == 1) ++ is_fqdn = 0; /* IPv6 addrss */ ++ ++ if (is_fqdn) { + return strdup(name); + } ++ /* Sorry, cannot avoid dns after all */ + } + + switch (sa->sa_family) { +diff --git a/utils/mount/network.c b/utils/mount/network.c +index 4be48cd..e2cdcaf 100644 +--- a/utils/mount/network.c ++++ b/utils/mount/network.c +@@ -65,11 +65,6 @@ extern int nfs_mount_data_version; + extern char *progname; + extern int verbose; + +-static const char *nfs_ns_pgmtbl[] = { +- "status", +- NULL, +-}; +- + static const char *nfs_mnt_pgmtbl[] = { + "mount", + "mountd", +@@ -761,18 +756,6 @@ int probe_bothports(clnt_addr_t *mnt_server, clnt_addr_t *nfs_server) + &nfs_server->pmap); + } + +-static int nfs_probe_statd(void) +-{ +- struct sockaddr_in addr = { +- .sin_family = AF_INET, +- .sin_addr.s_addr = htonl(INADDR_LOOPBACK), +- }; +- rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl); +- +- return nfs_getport_ping(SAFE_SOCKADDR(&addr), sizeof(addr), +- program, (rpcvers_t)1, IPPROTO_UDP); +-} +- + /** + * start_statd - attempt to start rpc.statd + * +diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man +index a8ec46c..2a42b93 100644 +--- a/utils/mount/nfs.man ++++ b/utils/mount/nfs.man +@@ -84,6 +84,20 @@ in + .SS "Options supported by all versions" + These options are valid to use with any NFS version. + .TP 1.5i ++.BI nfsvers= n ++The NFS protocol version number used to contact the server's NFS service. ++If the server does not support the requested version, the mount request ++fails. ++If this option is not specified, the client negotiates a suitable version ++with ++the server, trying version 4 first, version 3 second, and version 2 last. ++.TP 1.5i ++.BI vers= n ++This option is an alternative to the ++.B nfsvers ++option. ++It is included for compatibility with other operating systems ++.TP 1.5i + .BR soft " / " hard + Determines the recovery behavior of the NFS client + after an NFS request times out. +@@ -621,18 +635,6 @@ Using this option ensures that + reports the proper maximum component length to applications + in such cases. + .TP 1.5i +-.BI nfsvers= n +-The NFS protocol version number used to contact the server's NFS service. +-If the server does not support the requested version, the mount request fails. +-If this option is not specified, the client negotiates a suitable version with +-the server, trying version 4 first, version 3 second, and version 2 last. +-.TP 1.5i +-.BI vers= n +-This option is an alternative to the +-.B nfsvers +-option. +-It is included for compatibility with other operating systems. +-.TP 1.5i + .BR lock " / " nolock + Selects whether to use the NLM sideband protocol to lock files on the server. + If neither option is specified (or if +diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c +index 737927c..517aa62 100644 +--- a/utils/mountd/cache.c ++++ b/utils/mountd/cache.c +@@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p) + + static int is_subdirectory(char *child, char *parent) + { ++ /* Check is child is strictly a subdirectory of ++ * parent or a more distant descendant. ++ */ + size_t l = strlen(parent); + +- if (strcmp(parent, "/") == 0) ++ if (strcmp(parent, "/") == 0 && child[1] != 0) + return 1; + +- return strcmp(child, parent) == 0 +- || (strncmp(child, parent, l) == 0 && child[l] == '/'); ++ return (strncmp(child, parent, l) == 0 && child[l] == '/'); + } + + static int path_matches(nfs_export *exp, char *path) + { +- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) +- return is_subdirectory(path, exp->m_export.e_path); +- return strcmp(path, exp->m_export.e_path) == 0; ++ /* Does the path match the export? I.e. is it an ++ * exact match, or does the export have CROSSMOUNT, and path ++ * is a descendant? ++ */ ++ return strcmp(path, exp->m_export.e_path) == 0 ++ || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT) ++ && is_subdirectory(path, exp->m_export.e_path)); + } + + static int +@@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai) + return path_matches(exp, path) && client_matches(exp, dom, ai); + } + +-/* True iff e1 is a child of e2 and e2 has crossmnt set: */ ++/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */ + static bool subexport(struct exportent *e1, struct exportent *e2) + { + char *p1 = e1->e_path, *p2 = e2->e_path; +- size_t l2 = strlen(p2); + + return e2->e_flags & NFSEXP_CROSSMOUNT +- && strncmp(p1, p2, l2) == 0 +- && p1[l2] == '/'; ++ && is_subdirectory(p1, p2); + } + + struct parsed_fsid { +diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man +index 47007df..6940788 100644 +--- a/utils/nfsdcltrack/nfsdcltrack.man ++++ b/utils/nfsdcltrack/nfsdcltrack.man +@@ -1,53 +1,3 @@ +-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +-.\" +-.\" Standard preamble: +-.\" ======================================================================== +-.de Sp \" Vertical space (when we can't use .PP) +-.if t .sp .5v +-.if n .sp +-.. +-.de Vb \" Begin verbatim text +-.ft CW +-.nf +-.ne \\$1 +-.. +-.de Ve \" End verbatim text +-.ft R +-.fi +-.. +-.\" Set up some character translations and predefined strings. \*(-- will +-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +-.\" double quote, and \*(R" will give a right double quote. \*(C+ will +-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +-.\" nothing in troff, for use with C<>. +-.tr \(*W- +-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +-.ie n \{\ +-. ds -- \(*W- +-. ds PI pi +-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +-. ds L" "" +-. ds R" "" +-. ds C` "" +-. ds C' "" +-'br\} +-.el\{\ +-. ds -- \|\(em\| +-. ds PI \(*p +-. ds L" `` +-. ds R" '' +-'br\} +-.\" +-.\" Escape single quotes in literal strings from groff's Unicode transform. +-.ie \n(.g .ds Aq \(aq +-.el .ds Aq ' +-.\" +-.\" If the F register is turned on, we'll generate index entries on stderr for +-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +-.\" entries marked with X<> in POD. Of course, you'll have to process the +-.\" output yourself in some meaningful fashion. + .ie \nF \{\ + . de IX + . tm Index:\\$1\t\\n%\t"\\$2" +@@ -59,70 +9,6 @@ + . de IX + .. + .\} +-.\" +-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +-.\" Fear. Run. Save yourself. No user-serviceable parts. +-. \" fudge factors for nroff and troff +-.if n \{\ +-. ds #H 0 +-. ds #V .8m +-. ds #F .3m +-. ds #[ \f1 +-. ds #] \fP +-.\} +-.if t \{\ +-. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +-. ds #V .6m +-. ds #F 0 +-. ds #[ \& +-. ds #] \& +-.\} +-. \" simple accents for nroff and troff +-.if n \{\ +-. ds ' \& +-. ds ` \& +-. ds ^ \& +-. ds , \& +-. ds ~ ~ +-. ds / +-.\} +-.if t \{\ +-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +-.\} +-. \" troff and (daisy-wheel) nroff accents +-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +-.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +-.ds ae a\h'-(\w'a'u*4/10)'e +-.ds Ae A\h'-(\w'A'u*4/10)'E +-. \" corrections for vroff +-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +-. \" for low resolution devices (crt and lpr) +-.if \n(.H>23 .if \n(.V>19 \ +-\{\ +-. ds : e +-. ds 8 ss +-. ds o a +-. ds d- d\h'-1'\(ga +-. ds D- D\h'-1'\(hy +-. ds th \o'bp' +-. ds Th \o'LP' +-. ds ae ae +-. ds Ae AE +-.\} +-.rm #[ #] #H #V #F C +-.\" ======================================================================== +-.\" + .IX Title "NFSDCLTRACK 8" + .TH NFSDCLTRACK 8 "2012-10-24" "" "" + .\" For nroff, turn off justification. Always turn off hyphenation; it makes +diff --git a/utils/nfsidmap/Makefile.am b/utils/nfsidmap/Makefile.am +index c0675c4..737a219 100644 +--- a/utils/nfsidmap/Makefile.am ++++ b/utils/nfsidmap/Makefile.am +@@ -1,9 +1,10 @@ + ## Process this file with automake to produce Makefile.in + + man8_MANS = nfsidmap.man +- + sbin_PROGRAMS = nfsidmap ++ + nfsidmap_SOURCES = nfsidmap.c + nfsidmap_LDADD = $(LIBNFSIDMAP) -lkeyutils ../../support/nfs/libnfs.a + + MAINTAINERCLEANFILES = Makefile.in ++EXTRA_DIST = id_resolver.conf +diff --git a/utils/nfsidmap/id_resolver.conf b/utils/nfsidmap/id_resolver.conf +new file mode 100644 +index 0000000..2c156c6 +--- /dev/null ++++ b/utils/nfsidmap/id_resolver.conf +@@ -0,0 +1 @@ ++create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d +diff --git a/utils/statd/statd.c b/utils/statd/statd.c +index 652546c..8c51bcc 100644 +--- a/utils/statd/statd.c ++++ b/utils/statd/statd.c +@@ -28,6 +28,7 @@ + + #include "statd.h" + #include "nfslib.h" ++#include "nfsrpc.h" + #include "nsm.h" + + /* Socket operations */ +@@ -237,6 +238,12 @@ int main (int argc, char **argv) + /* Set hostname */ + MY_NAME = NULL; + ++ /* Refuse to start if another statd is running */ ++ if (nfs_probe_statd()) { ++ fprintf(stderr, "Statd service already running!\n"); ++ exit(1); ++ } ++ + /* Process command line switches */ + while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:L", longopts, NULL)) != EOF) { + switch (arg) { diff --git a/nfs-utils.spec b/nfs-utils.spec index 820c06a..53c1122 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.2.8 -Release: 1.1%{?dist} +Release: 2.0%{?dist} Epoch: 1 # group all 32bit related archs @@ -36,7 +36,7 @@ Source51: nfs-server.preconfig Source52: nfs-server.postconfig %define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52} -Patch001: nfs-utils-1-2-9-rc1.patch +Patch001: nfs-utils-1-2-9-rc2.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -298,6 +298,10 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Fri May 31 2013 Steve Dickson 1.2.8-2.0 +- Update to latest upstream RC release: nfs-utils.1.2.9-rc1 +- Added GSS_USE_PROXY variable to nfs.sysconfig (bz 967112) + * Tue May 7 2013 Steve Dickson 1.2.8-1.1 systemd: nfs-server.service needs to be split up (bz 769879) diff --git a/nfs.sysconfig b/nfs.sysconfig index 2d33cf3..d908a8f 100644 --- a/nfs.sysconfig +++ b/nfs.sysconfig @@ -28,6 +28,8 @@ RPCIDMAPDARGS="" # # Optional arguments passed to rpc.gssd. See rpc.gssd(8) RPCGSSDARGS="" +# Enable usage of gssproxy. See gssproxy-mech(8). +GSS_USE_PROXY="no" # # Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8) RPCSVCGSSDARGS=""