From 85ed8ab7ef4caf117a967f92e2def1473c8ba7b7 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Thu, 8 May 2008 11:17:09 +0000 Subject: [PATCH] - Added 10 (101 thru 110) upstream patches that fixed things mostly in the mount and gssd code. --- nfs-utils-1.1.2-exportfs-man-typo.patch | 21 ++ nfs-utils-1.1.2-gssd-creds.patch | 235 +++++++++++++++++++++ nfs-utils-1.1.2-gssd-des-types.patch | 25 +++ nfs-utils-1.1.2-gssd-getport.patch | 84 ++++++++ nfs-utils-1.1.2-gssd-getverbose.patch | 35 +++ nfs-utils-1.1.2-mount-bg-fix.patch | 42 ++++ nfs-utils-1.1.2-mount-chk-setuid.patch | 30 +++ nfs-utils-1.1.2-mount-remove-bg-host.patch | 51 +++++ nfs-utils-1.1.2-mount-retry.patch | 73 +++++++ nfs-utils-1.1.2-tcpwrapper-fix.patch | 28 +++ nfs-utils.spec | 28 ++- 11 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 nfs-utils-1.1.2-exportfs-man-typo.patch create mode 100644 nfs-utils-1.1.2-gssd-creds.patch create mode 100644 nfs-utils-1.1.2-gssd-des-types.patch create mode 100644 nfs-utils-1.1.2-gssd-getport.patch create mode 100644 nfs-utils-1.1.2-gssd-getverbose.patch create mode 100644 nfs-utils-1.1.2-mount-bg-fix.patch create mode 100644 nfs-utils-1.1.2-mount-chk-setuid.patch create mode 100644 nfs-utils-1.1.2-mount-remove-bg-host.patch create mode 100644 nfs-utils-1.1.2-mount-retry.patch create mode 100644 nfs-utils-1.1.2-tcpwrapper-fix.patch diff --git a/nfs-utils-1.1.2-exportfs-man-typo.patch b/nfs-utils-1.1.2-exportfs-man-typo.patch new file mode 100644 index 0000000..db918b7 --- /dev/null +++ b/nfs-utils-1.1.2-exportfs-man-typo.patch @@ -0,0 +1,21 @@ +commit 7ef076fb98233783843d6019b2edbb48e2d18914 +Author: Oren Held +Date: Thu May 8 05:23:10 2008 -0400 + + Fixed smail typo in exportfs man page + + Signed-off-by: Steve Dickson + +diff --git a/utils/exportfs/exportfs.man b/utils/exportfs/exportfs.man +index a8fdb05..c7b230a 100644 +--- a/utils/exportfs/exportfs.man ++++ b/utils/exportfs/exportfs.man +@@ -198,7 +198,7 @@ and pushes the resulting export entries into the kernel: + To export the + .B /usr/tmp + directory to host +-.BR djando , ++.BR django , + allowing asynchronous writes, one would do this: + .P + .nf diff --git a/nfs-utils-1.1.2-gssd-creds.patch b/nfs-utils-1.1.2-gssd-creds.patch new file mode 100644 index 0000000..57428a5 --- /dev/null +++ b/nfs-utils-1.1.2-gssd-creds.patch @@ -0,0 +1,235 @@ +commit 25cd5f9101b8969f9e1f9d7d486f11c215d0eeb4 +Author: Vince Busam +Date: Wed May 7 15:24:53 2008 -0400 + + Kerberos credentials may be stored in multiple places. Make it + possible to search several directories for valid credentials when + making NFS requests. + + Original patch from Vince Busam + + Signed-off-by: Kevin Coffman . + Signed-off-by: Steve Dickson + +diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c +index bbcad20..e8612a5 100644 +--- a/utils/gssd/gssd.c ++++ b/utils/gssd/gssd.c +@@ -57,6 +57,7 @@ char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR; + char pipefs_nfsdir[PATH_MAX] = GSSD_PIPEFS_DIR; + char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE; + char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR; ++char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1]; + int use_memcache = 0; + int root_uses_machine_creds = 1; + +@@ -93,9 +94,11 @@ main(int argc, char *argv[]) + int verbosity = 0; + int rpc_verbosity = 0; + int opt; ++ int i; + extern char *optarg; + char *progname; + ++ memset(ccachesearch, 0, sizeof(ccachesearch)); + while ((opt = getopt(argc, argv, "fvrmnMp:k:d:")) != -1) { + switch (opt) { + case 'f': +@@ -136,6 +139,13 @@ main(int argc, char *argv[]) + break; + } + } ++ ++ i = 0; ++ ccachesearch[i++] = strtok(ccachedir, ":"); ++ do { ++ ccachesearch[i++] = strtok(NULL, ":"); ++ } while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH); ++ + snprintf(pipefs_nfsdir, sizeof(pipefs_nfsdir), "%s/%s", + pipefs_dir, GSSD_SERVICE_NAME); + if (pipefs_nfsdir[sizeof(pipefs_nfsdir)-1] != '\0') +diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h +index 6f14c34..0f9f428 100644 +--- a/utils/gssd/gssd.h ++++ b/utils/gssd/gssd.h +@@ -50,6 +50,7 @@ + #define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab" + #define GSSD_SERVICE_NAME "nfs" + #define GSSD_SERVICE_NAME_LEN 3 ++#define GSSD_MAX_CCACHE_SEARCH 16 + + /* + * The gss mechanisms that we can handle +@@ -61,7 +62,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY}; + extern char pipefs_dir[PATH_MAX]; + extern char pipefs_nfsdir[PATH_MAX]; + extern char keytabfile[PATH_MAX]; +-extern char ccachedir[PATH_MAX]; ++extern char *ccachesearch[]; + extern int use_memcache; + extern int root_uses_machine_creds; + +diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man +index 2fa749e..8fa4f4a 100644 +--- a/utils/gssd/gssd.man ++++ b/utils/gssd/gssd.man +@@ -74,7 +74,11 @@ where to look for the rpc_pipefs filesystem. The default value is + .B -d directory + Tells + .B rpc.gssd +-where to look for kerberos credential files. The default value is "/tmp". ++where to look for Kerberos credential files. The default value is "/tmp". ++This can also be a colon separated list of directories to be searched ++for Kerberos credential files. Note that if machine credentials are being ++stored in files, then the first directory on this list is where the ++machine credentials are stored. + .TP + .B -v + Increases the verbosity of the output (can be specified multiple times). +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index bac7295..be6f440 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -685,6 +685,7 @@ handle_krb5_upcall(struct clnt_info *clp) + gss_buffer_desc token; + char **credlist = NULL; + char **ccname; ++ char **dirname; + int create_resp = -1; + + printerr(1, "handling krb5 upcall\n"); +@@ -701,10 +702,14 @@ handle_krb5_upcall(struct clnt_info *clp) + + if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0)) { + /* Tell krb5 gss which credentials cache to use */ +- gssd_setup_krb5_user_gss_ccache(uid, clp->servername); ++ for (dirname = ccachesearch; *dirname != NULL; dirname++) { ++ gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname); + +- create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, +- AUTHTYPE_KRB5); ++ create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, ++ AUTHTYPE_KRB5); ++ if (create_resp == 0) ++ break; ++ } + } + if (create_resp != 0) { + if (uid == 0 && root_uses_machine_creds == 1) { +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index 0589cd8..512c1cf 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -131,7 +131,8 @@ struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL; + /*==========================*/ + + static int select_krb5_ccache(const struct dirent *d); +-static int gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d); ++static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, ++ struct dirent **d); + static int gssd_get_single_krb5_cred(krb5_context context, + krb5_keytab kt, struct gssd_k5_kt_princ *ple); + +@@ -159,7 +160,7 @@ select_krb5_ccache(const struct dirent *d) + } + + /* +- * Look in the ccachedir for files that look like they ++ * Look in directory "dirname" for files that look like they + * are Kerberos Credential Cache files for a given UID. Return + * non-zero and the dirent pointer for the entry most likely to be + * what we want. Otherwise, return zero and no dirent pointer. +@@ -170,7 +171,7 @@ select_krb5_ccache(const struct dirent *d) + * 1 => found an existing entry + */ + static int +-gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) ++gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) + { + struct dirent **namelist; + int n; +@@ -181,9 +182,10 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) + + memset(&best_match_stat, 0, sizeof(best_match_stat)); + *d = NULL; +- n = scandir(ccachedir, &namelist, select_krb5_ccache, 0); ++ n = scandir(dirname, &namelist, select_krb5_ccache, 0); + if (n < 0) { +- perror("scandir looking for krb5 credentials caches"); ++ printerr(1, "Error doing scandir on directory '%s': %s\n", ++ dirname, strerror(errno)); + } + else if (n > 0) { + char statname[1024]; +@@ -191,7 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) + printerr(3, "CC file '%s' being considered\n", + namelist[i]->d_name); + snprintf(statname, sizeof(statname), +- "%s/%s", ccachedir, namelist[i]->d_name); ++ "%s/%s", dirname, namelist[i]->d_name); + if (lstat(statname, &tmp_stat)) { + printerr(0, "Error doing stat on file '%s'\n", + statname); +@@ -291,8 +293,9 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid) + &credh, NULL, NULL); + + if (maj_stat != GSS_S_COMPLETE) { +- pgsserr("gss_acquire_cred", +- maj_stat, min_stat, &krb5oid); ++ if (get_verbosity() > 0) ++ pgsserr("gss_acquire_cred", ++ maj_stat, min_stat, &krb5oid); + return -1; + } + +@@ -406,7 +409,7 @@ gssd_get_single_krb5_cred(krb5_context context, + cache_type = "FILE"; + snprintf(cc_name, sizeof(cc_name), "%s:%s/%s%s_%s", + cache_type, +- ccachedir, GSSD_DEFAULT_CRED_PREFIX, ++ ccachesearch[0], GSSD_DEFAULT_CRED_PREFIX, + GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm); + ple->endtime = my_creds.times.endtime; + if (ple->ccname != NULL) +@@ -894,7 +897,7 @@ out: + * void + */ + void +-gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername) ++gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname) + { + char buf[MAX_NETOBJ_SZ]; + struct dirent *d; +@@ -902,14 +905,13 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername) + printerr(2, "getting credentials for client with uid %u for " + "server %s\n", uid, servername); + memset(buf, 0, sizeof(buf)); +- if (gssd_find_existing_krb5_ccache(uid, &d)) { +- snprintf(buf, sizeof(buf), "FILE:%s/%s", +- ccachedir, d->d_name); ++ if (gssd_find_existing_krb5_ccache(uid, dirname, &d)) { ++ snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name); + free(d); + } + else + snprintf(buf, sizeof(buf), "FILE:%s/%s%u", +- ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid); ++ dirname, GSSD_DEFAULT_CRED_PREFIX, uid); + printerr(2, "using %s as credentials cache for client with " + "uid %u for server %s\n", buf, uid, servername); + gssd_set_krb5_ccache_name(buf); +diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h +index 78ad45c..431fdaf 100644 +--- a/utils/gssd/krb5_util.h ++++ b/utils/gssd/krb5_util.h +@@ -17,7 +17,8 @@ struct gssd_k5_kt_princ { + }; + + +-void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername); ++void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, ++ char *dirname); + int gssd_get_krb5_machine_cred_list(char ***list); + void gssd_free_krb5_machine_cred_list(char **list); + void gssd_setup_krb5_machine_gss_ccache(char *servername); diff --git a/nfs-utils-1.1.2-gssd-des-types.patch b/nfs-utils-1.1.2-gssd-des-types.patch new file mode 100644 index 0000000..4a97414 --- /dev/null +++ b/nfs-utils-1.1.2-gssd-des-types.patch @@ -0,0 +1,25 @@ +commit 313ab396c04afe160ee6764e28b5e61ce19c46d9 +Author: Kevin Coffman +Date: Wed May 7 14:32:45 2008 -0400 + + Add the other two DES encryption types to the default list of + Kerberos encryption types that may be negotiated. + + Signed-off-by: Kevin Coffman + Signed-off-by: Steve Dickson + +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index 3cf27ca..0589cd8 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -277,7 +277,9 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid) + u_int maj_stat, min_stat; + gss_cred_id_t credh; + gss_OID_set_desc desired_mechs; +- krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC }; ++ krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC, ++ ENCTYPE_DES_CBC_MD5, ++ ENCTYPE_DES_CBC_MD4 }; + int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]); + + /* We only care about getting a krb5 cred */ diff --git a/nfs-utils-1.1.2-gssd-getport.patch b/nfs-utils-1.1.2-gssd-getport.patch new file mode 100644 index 0000000..f266c3f --- /dev/null +++ b/nfs-utils-1.1.2-gssd-getport.patch @@ -0,0 +1,84 @@ +commit a04f8b5a3ea94b7a9d96d339b6ccde5f2e67a2d1 +Author: Olga Kornievskaia +Date: Wed May 7 10:54:51 2008 -0400 + + Check the info file nfs/rpc_pipefs/nfs/clnt?/info to + see if a port number was supplied. If so, use it rather + than the default port number. + + Signed-off-by: Olga Kornievskaia + Signed-off-by: Kevin Coffman + Signed-off-by: Steve Dickson + +diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h +index e17edde..6f14c34 100644 +--- a/utils/gssd/gssd.h ++++ b/utils/gssd/gssd.h +@@ -80,6 +80,7 @@ struct clnt_info { + int krb5_poll_index; + int spkm3_fd; + int spkm3_poll_index; ++ int port; + }; + + void init_client_list(void); +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index 6860cc8..bac7295 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -102,7 +102,7 @@ int pollsize; /* the size of pollaray (in pollfd's) */ + /* XXX buffer problems: */ + static int + read_service_info(char *info_file_name, char **servicename, char **servername, +- int *prog, int *vers, char **protocol) { ++ int *prog, int *vers, char **protocol, int *port) { + #define INFOBUFLEN 256 + char buf[INFOBUFLEN]; + static char dummy[128]; +@@ -112,6 +112,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername, + char program[16]; + char version[16]; + char protoname[16]; ++ char cb_port[128]; ++ char *p; + in_addr_t inaddr; + int fd = -1; + struct hostent *ent = NULL; +@@ -143,6 +145,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername, + goto fail; + } + ++ cb_port[0] = '\0'; ++ if ((p = strstr(buf, "port")) != NULL) ++ sscanf(p, "port: %127s\n", cb_port); ++ + /* check service, program, and version */ + if(memcmp(service, "nfs", 3)) return -1; + *prog = atoi(program + 1); /* skip open paren */ +@@ -163,6 +169,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername, + if (!(*servicename = calloc(strlen(buf) + 1, 1))) + goto fail; + memcpy(*servicename, buf, strlen(buf)); ++ if (cb_port[0] != '\0') ++ *port = atoi(cb_port); + + if (!(*protocol = strdup(protoname))) + goto fail; +@@ -238,7 +246,7 @@ process_clnt_dir_files(struct clnt_info * clp) + if ((clp->servicename == NULL) && + read_service_info(info_file_name, &clp->servicename, + &clp->servername, &clp->prog, &clp->vers, +- &clp->protocol)) ++ &clp->protocol, &clp->port)) + return -1; + return 0; + } +@@ -587,6 +595,8 @@ int create_auth_rpc_client(struct clnt_info *clp, + clp->servername, uid); + goto out_fail; + } ++ if (clp->port) ++ ((struct sockaddr_in *)a->ai_addr)->sin_port = htons(clp->port); + if (a->ai_protocol == IPPROTO_TCP) { + if ((rpc_clnt = clnttcp_create( + (struct sockaddr_in *) a->ai_addr, diff --git a/nfs-utils-1.1.2-gssd-getverbose.patch b/nfs-utils-1.1.2-gssd-getverbose.patch new file mode 100644 index 0000000..3983220 --- /dev/null +++ b/nfs-utils-1.1.2-gssd-getverbose.patch @@ -0,0 +1,35 @@ +commit 73f9b4402ec6625618967f947c99e6e417322d36 +Author: Kevin Coffman +Date: Wed May 7 14:38:47 2008 -0400 + + Add a new function to retrieve the current verbosity level + so that some messages that would otherwise always print may + be silenced. + + Signed-off-by: Kevin Coffman + Signed-off-by: Steve Dickson + +diff --git a/utils/gssd/err_util.c b/utils/gssd/err_util.c +index 5644db6..2583e06 100644 +--- a/utils/gssd/err_util.c ++++ b/utils/gssd/err_util.c +@@ -60,3 +60,8 @@ void printerr(int priority, char *format, ...) + xlog_backend(L_ERROR, format, args); + va_end(args); + } ++ ++int get_verbosity(void) ++{ ++ return verbosity; ++} +diff --git a/utils/gssd/err_util.h b/utils/gssd/err_util.h +index 5e5af48..c4df32d 100644 +--- a/utils/gssd/err_util.h ++++ b/utils/gssd/err_util.h +@@ -33,5 +33,6 @@ + + void initerr(char *progname, int verbosity, int fg); + void printerr(int priority, char *format, ...); ++int get_verbosity(void); + + #endif /* _ERR_UTIL_H_ */ diff --git a/nfs-utils-1.1.2-mount-bg-fix.patch b/nfs-utils-1.1.2-mount-bg-fix.patch new file mode 100644 index 0000000..a3eb0ee --- /dev/null +++ b/nfs-utils-1.1.2-mount-bg-fix.patch @@ -0,0 +1,42 @@ +commit 281ca299724f24e7b19c1eca04bba03410e2a306 +Author: Jeff Layton +Date: Wed May 7 10:35:30 2008 -0400 + + The bg option is essentially ignored with nfs4 currently. nfs4mount() + will never exit with EX_BG, so the mount will never be backgrounded. + Fix it so that when bg is specified that we error out with EX_BG as + soon as possible after the first failed mount attempt. + + Signed-off-by: Jeff Layton + Signed-off-by: Steve Dickson + +diff --git a/utils/mount/nfs4mount.c b/utils/mount/nfs4mount.c +index af70551..2b0fe2e 100644 +--- a/utils/mount/nfs4mount.c ++++ b/utils/mount/nfs4mount.c +@@ -188,10 +188,9 @@ int nfs4mount(const char *spec, const char *node, int flags, + int bg, soft, intr; + int nocto, noac, unshared; + int retry; +- int retval; ++ int retval = EX_FAIL; + time_t timeout, t; + +- retval = EX_FAIL; + if (strlen(spec) >= sizeof(hostdir)) { + nfs_error(_("%s: excessively long host:dir argument\n"), + progname); +@@ -443,6 +442,13 @@ int nfs4mount(const char *spec, const char *node, int flags, + rpc_mount_errors(hostname, 0, bg); + goto fail; + } ++ ++ if (bg && !running_bg) { ++ if (retry > 0) ++ retval = EX_BG; ++ goto fail; ++ } ++ + t = time(NULL); + if (t >= timeout) { + rpc_mount_errors(hostname, 0, bg); diff --git a/nfs-utils-1.1.2-mount-chk-setuid.patch b/nfs-utils-1.1.2-mount-chk-setuid.patch new file mode 100644 index 0000000..3cc1f07 --- /dev/null +++ b/nfs-utils-1.1.2-mount-chk-setuid.patch @@ -0,0 +1,30 @@ +commit 0930b25ee3a1eb28b957cdc70c9a1958812d895f +Author: NeilBrown +Date: Thu May 8 05:18:25 2008 -0400 + + If mount.nfs is not installed setuid, an attempt to perform a "user" + or "users" mount will fail with a fairly obscure error message, + typically about getting "permission denied" from the server. + + This patch gives a more helpful message in that case. + + Signed-off-by: NeilBrown + Signed-off-by: Steve Dickson + +diff --git a/utils/mount/mount.c b/utils/mount/mount.c +index 5076468..d7271a1 100644 +--- a/utils/mount/mount.c ++++ b/utils/mount/mount.c +@@ -539,6 +539,12 @@ int main(int argc, char *argv[]) + mnt_err = EX_USAGE; + goto out; + } ++ ++ if (geteuid() != 0) { ++ nfs_error(_("%s: not installed setuid - " ++ "\"user\" NFS mounts not supported."), progname); ++ exit(EX_FAIL); ++ } + } + + if (chk_mountpoint(mount_point)) { diff --git a/nfs-utils-1.1.2-mount-remove-bg-host.patch b/nfs-utils-1.1.2-mount-remove-bg-host.patch new file mode 100644 index 0000000..4c5c554 --- /dev/null +++ b/nfs-utils-1.1.2-mount-remove-bg-host.patch @@ -0,0 +1,51 @@ +commit 5fb4042ce4eb4fd5e50e3fb0f78bbd20b4d46e78 +Author: Jeff Layton +Date: Wed May 7 10:37:40 2008 -0400 + + The prev_bg_host stuff made sense when NFS didn't have its own mount + handler. Now though, each mount.nfs invocation is really a one-shot + affair, and this check no longer works. It also leaked memory. Remove + it. + + Signed-off-by: Jeff Layton + Signed-off-by: Steve Dickson + +diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c +index a9dd917..6a04518 100644 +--- a/utils/mount/nfsmount.c ++++ b/utils/mount/nfsmount.c +@@ -494,7 +494,6 @@ int + nfsmount(const char *spec, const char *node, int flags, + char **extra_opts, int fake, int running_bg) + { +- static char *prev_bg_host; + char hostdir[1024]; + char *hostname, *dirname, *old_opts, *mounthost = NULL; + char new_opts[1024], cbuf[1024]; +@@ -628,18 +627,6 @@ nfsmount(const char *spec, const char *node, int flags, + if (flags & MS_REMOUNT) + goto out_ok; + +- /* +- * If the previous mount operation on the same host was +- * backgrounded, and the "bg" for this mount is also set, +- * give up immediately, to avoid the initial timeout. +- */ +- if (bg && !running_bg && +- prev_bg_host && strcmp(hostname, prev_bg_host) == 0) { +- if (retry > 0) +- retval = EX_BG; +- return retval; +- } +- + /* create mount deamon client */ + + /* +@@ -708,7 +695,6 @@ nfsmount(const char *spec, const char *node, int flags, + continue; + } + if (!running_bg) { +- prev_bg_host = xstrdup(hostname); + if (retry > 0) + retval = EX_BG; + goto fail; diff --git a/nfs-utils-1.1.2-mount-retry.patch b/nfs-utils-1.1.2-mount-retry.patch new file mode 100644 index 0000000..81c00fb --- /dev/null +++ b/nfs-utils-1.1.2-mount-retry.patch @@ -0,0 +1,73 @@ +commit 5f7cc524008a7dc548a71f4c7b0d39759371a37a +Author: Jeff Layton +Date: Wed May 7 10:27:53 2008 -0400 + + Currently nfs4mount() sets the retry value to 10000 on both fg and bg + mounts. It should be 2 for fg and 10000 for bg. nfsmount() sets it + properly, but there is a potential corner case. If someone explicitly + sets retry=10000 on a fg mount, then it will be reset to 2. + + Fix this by having retry default to -1 for both flavors, and then reset if + needed after the mount options have been parsed. + + Signed-off-by: Jeff Layton + Signed-off-by: Steve Dickson + +diff --git a/utils/mount/nfs4mount.c b/utils/mount/nfs4mount.c +index 311e5a0..af70551 100644 +--- a/utils/mount/nfs4mount.c ++++ b/utils/mount/nfs4mount.c +@@ -238,7 +238,7 @@ int nfs4mount(const char *spec, const char *node, int flags, + nocto = 0; + noac = 0; + unshared = 0; +- retry = 10000; /* 10000 minutes ~ 1 week */ ++ retry = -1; + + /* + * NFSv4 specifies that the default port should be 2049 +@@ -332,6 +332,14 @@ int nfs4mount(const char *spec, const char *node, int flags, + } + } + ++ /* if retry is still -1, then it wasn't set via an option */ ++ if (retry == -1) { ++ if (bg) ++ retry = 10000; /* 10000 mins == ~1 week */ ++ else ++ retry = 2; /* 2 min default on fg mounts */ ++ } ++ + data.flags = (soft ? NFS4_MOUNT_SOFT : 0) + | (intr ? NFS4_MOUNT_INTR : 0) + | (nocto ? NFS4_MOUNT_NOCTO : 0) +diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c +index 6c0c365..a9dd917 100644 +--- a/utils/mount/nfsmount.c ++++ b/utils/mount/nfsmount.c +@@ -571,7 +571,7 @@ nfsmount(const char *spec, const char *node, int flags, + #endif + + bg = 0; +- retry = 10000; /* 10000 minutes ~ 1 week */ ++ retry = -1; + + memset(mnt_pmap, 0, sizeof(*mnt_pmap)); + mnt_pmap->pm_prog = MOUNTPROG; +@@ -585,9 +585,13 @@ nfsmount(const char *spec, const char *node, int flags, + goto fail; + if (!nfsmnt_check_compat(nfs_pmap, mnt_pmap)) + goto fail; +- +- if (retry == 10000 && !bg) +- retry = 2; /* reset for fg mounts */ ++ ++ if (retry == -1) { ++ if (bg) ++ retry = 10000; /* 10000 mins == ~1 week*/ ++ else ++ retry = 2; /* 2 min default on fg mounts */ ++ } + + #ifdef NFS_MOUNT_DEBUG + printf(_("rsize = %d, wsize = %d, timeo = %d, retrans = %d\n"), diff --git a/nfs-utils-1.1.2-tcpwrapper-fix.patch b/nfs-utils-1.1.2-tcpwrapper-fix.patch new file mode 100644 index 0000000..28a99de --- /dev/null +++ b/nfs-utils-1.1.2-tcpwrapper-fix.patch @@ -0,0 +1,28 @@ +commit ad1fc3feae447685a8ec8c7db0ad913fe3c4de5c +Author: Sten Spans +Date: Mon May 5 14:04:58 2008 -0400 + + Fixed arguments to the hosts_ctl() call in the good_client() routine + used in the tcpwrapper support. + + Signe-off-by: Steve Dickson + +diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c +index 0cc9335..e4f453b 100644 +--- a/support/misc/tcpwrapper.c ++++ b/support/misc/tcpwrapper.c +@@ -125,12 +125,12 @@ struct sockaddr_in *addr; + return 0; + + /* Check the official name first. */ +- if (hosts_ctl(daemon, "", hp->h_name, "")) ++ if (hosts_ctl(daemon, hp->h_name, "", "")) + return 1; + + /* Check aliases. */ + for (sp = hp->h_aliases; *sp ; sp++) { +- if (hosts_ctl(daemon, "", *sp, "")) ++ if (hosts_ctl(daemon, *sp, "", "")) + return 1; + } + diff --git a/nfs-utils.spec b/nfs-utils.spec index af577ec..a3a5235 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.1.2 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 # group all 32bit related archs @@ -32,6 +32,17 @@ Patch06: nfs-utils-1.1.0-exportfs-man-update.patch Patch07: nfs-utils-1.1.2-multi-auth-flavours.patch Patch08: nfs-utils-1.1.2-mount-eacces.patch +Patch101: nfs-utils-1.1.2-tcpwrapper-fix.patch +Patch102: nfs-utils-1.1.2-mount-retry.patch +Patch103: nfs-utils-1.1.2-mount-bg-fix.patch +Patch104: nfs-utils-1.1.2-mount-remove-bg-host.patch +Patch105: nfs-utils-1.1.2-gssd-getport.patch +Patch106: nfs-utils-1.1.2-gssd-des-types.patch +Patch107: nfs-utils-1.1.2-gssd-getverbose.patch +Patch108: nfs-utils-1.1.2-gssd-creds.patch +Patch109: nfs-utils-1.1.2-mount-chk-setuid.patch +Patch110: nfs-utils-1.1.2-exportfs-man-typo.patch + %if %{enablefscache} Patch90: nfs-utils-1.1.0-mount-fsc.patch %endif @@ -91,6 +102,17 @@ This package also contains the mount.nfs and umount.nfs program. %patch07 -p1 %patch08 -p1 +%patch101 -p1 +%patch102 -p1 +%patch103 -p1 +%patch104 -p1 +%patch105 -p1 +%patch106 -p1 +%patch107 -p1 +%patch108 -p1 +%patch109 -p1 +%patch110 -p1 + %if %{enablefscache} %patch90 -p1 %endif @@ -257,6 +279,10 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Thu May 8 2008 Steve Dickson 1.1.2-5 +- Added 10 (101 thru 110) upstream patches that fixed + things mostly in the mount and gssd code. + * Wed May 7 2008 Steve Dickson 1.1.2-4 - Added ppc arch to the all_32bit_archs list (bz 442847)