rpms/nfs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Removing nfs-utils-1.2.0-v4root-rel9.patch

Browse Source
This commit is contained in:
Steve Dickson 2010-01-16 12:34:52 +00:00
parent 80be375668
commit 97d06d17fc
1 changed files with 0 additions and 396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

396
nfs-utils-1.2.0-v4root-rel9.patch
View File

@ -1,396 +0,0 @@
diff --git a/support/export/xtab.c b/support/export/xtab.c
index 3b1dcce..2a43193 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -19,7 +19,9 @@
#include "exportfs.h"
#include "xio.h"
#include "xlog.h"
+#include "v4root.h"
+int v4root_needed;
static void cond_rename(char *newfile, char *oldfile);
static int
@@ -36,6 +38,8 @@ xtab_read(char *xtab, char *lockfn, int is_export)
if ((lockid = xflock(lockfn, "r")) < 0)
return 0;
setexportent(xtab, "r");
+ if (is_export == 1)
+ v4root_needed = 1;
while ((xp = getexportent(is_export==0, 0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
@@ -48,6 +52,8 @@ xtab_read(char *xtab, char *lockfn, int is_export)
case 1:
exp->m_xtabent = 1;
exp->m_mayexport = 1;
+ if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
+ v4root_needed = 0;
break;
case 2:
exp->m_exported = -1;/* may be exported */
diff --git a/support/include/nfs/export.h b/support/include/nfs/export.h
index f7a99ba..76953ac 100644
--- a/support/include/nfs/export.h
+++ b/support/include/nfs/export.h
@@ -24,6 +24,7 @@
#define NFSEXP_FSID 0x2000
#define NFSEXP_CROSSMOUNT 0x4000
#define NFSEXP_NOACL 0x8000 /* reserved for possible ACL related use */
-#define NFSEXP_ALLFLAGS 0xFFFF
+#define NFSEXP_V4ROOT 0x10000
+#define NFSEXP_ALLFLAGS 0x1FFFF
#endif /* _NSF_EXPORT_H */
diff --git a/support/include/pseudoflavors.h b/support/include/pseudoflavors.h
index c21087b..c7ba8a2 100644
--- a/support/include/pseudoflavors.h
+++ b/support/include/pseudoflavors.h
@@ -15,3 +15,4 @@ struct flav_info {
extern struct flav_info flav_map[];
extern const int flav_map_size;
+extern unsigned int flavors_setall(struct exportent *ep);
diff --git a/support/include/v4root.h b/support/include/v4root.h
new file mode 100644
index 0000000..706c15c
--- /dev/null
+++ b/support/include/v4root.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) 2009 Red Hat <nfs@redhat.com>
+ * support/include/v4root.h
+ *
+ * Support routines for dynamic pseudo roots.
+ *
+ */
+
+#ifndef V4ROOT_H
+#define V4ROOT_H
+
+extern int v4root_needed;
+extern void v4root_set(void);
+
+#endif /* V4ROOT_H */
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 1aaebf4..fe9ed3a 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -39,16 +39,18 @@ struct flav_info flav_map[] = {
{ "krb5", RPC_AUTH_GSS_KRB5 },
{ "krb5i", RPC_AUTH_GSS_KRB5I },
{ "krb5p", RPC_AUTH_GSS_KRB5P },
+ { "unix", AUTH_UNIX },
+ { "sys", AUTH_SYS },
+ { "null", AUTH_NULL },
+ { "none", AUTH_NONE },
+#ifdef NOLONGERSUPPORTED
{ "lipkey", RPC_AUTH_GSS_LKEY },
{ "lipkey-i", RPC_AUTH_GSS_LKEYI },
{ "lipkey-p", RPC_AUTH_GSS_LKEYP },
{ "spkm3", RPC_AUTH_GSS_SPKM },
{ "spkm3i", RPC_AUTH_GSS_SPKMI },
{ "spkm3p", RPC_AUTH_GSS_SPKMP },
- { "unix", AUTH_UNIX },
- { "sys", AUTH_SYS },
- { "null", AUTH_NULL },
- { "none", AUTH_NONE },
+#endif
};
const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
@@ -436,6 +438,20 @@ static unsigned int parse_flavors(char *str, struct exportent *ep)
}
return out;
}
+unsigned int flavors_setall(struct exportent *ep)
+{
+ struct flav_info *flav;
+ unsigned int out=0;
+ int bit;
+
+ for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
+ bit = secinfo_addflavor(flav, ep);
+ if (bit < 0)
+ return 0;
+ out |= 1<<bit;
+ }
+ return out;
+}
/* Sets the bits in @mask for the appropriate security flavor flags. */
static void setflags(int mask, unsigned int active, struct exportent *ep)
diff --git a/utils/mountd/Makefile.am b/utils/mountd/Makefile.am
index 1e76cf8..eba81fc 100644
--- a/utils/mountd/Makefile.am
+++ b/utils/mountd/Makefile.am
@@ -8,7 +8,7 @@ KPREFIX = @kprefix@
sbin_PROGRAMS = mountd
mountd_SOURCES = mountd.c mount_dispatch.c auth.c rmtab.c cache.c \
- svc_run.c fsloc.c mountd.h
+ svc_run.c fsloc.c v4root.c mountd.h
mountd_LDADD = ../../support/export/libexport.a \
../../support/nfs/libnfs.a \
../../support/misc/libmisc.a \
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 5a7ff8c..2ed80bc 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -20,6 +20,7 @@
#include "exportfs.h"
#include "mountd.h"
#include "xmalloc.h"
+#include "v4root.h"
enum auth_error
{
@@ -102,6 +103,8 @@ auth_reload()
memset(&my_client, 0, sizeof(my_client));
xtab_export_read();
check_useipaddr();
+ v4root_set();
+
++counter;
return counter;
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 888fd8c..179ef17 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -540,6 +540,10 @@ get_exportlist(void)
for (i = 0; i < MCL_MAXTYPES; i++) {
for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
+ /* Don't show pseudo exports */
+ if (exp->m_export.e_flags & NFSEXP_V4ROOT)
+ continue;
+
for (e = elist; e != NULL; e = e->ex_next) {
if (!strcmp(exp->m_export.e_path, e->ex_dir))
break;
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
new file mode 100644
index 0000000..b1e483a
--- /dev/null
+++ b/utils/mountd/v4root.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) 2009 Red Hat <nfs@redhat.com>
+ *
+ * support/export/v4root.c
+ *
+ * Routines used to support NFSv4 pseudo roots
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/queue.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#include <unistd.h>
+#include <errno.h>
+
+#include "xlog.h"
+#include "exportfs.h"
+#include "nfslib.h"
+#include "misc.h"
+#include "pseudoflavors.h"
+#include "v4root.h"
+
+#ifndef _PATH_PSEUDO_ROOT
+#define _PATH_PSEUDO_ROOT "/"
+#endif
+
+#ifndef _PSEUDO_ROOT_FSID
+#define _PSEUDO_ROOT_FSID 0
+#endif
+
+void v4root_set(void);
+void v4root_unset(void);
+static int v4root_support(void);
+
+static struct exportent *v4root_create(char *, nfs_export *);
+
+int v4root_needed;
+static nfs_export pseudo_root = {
+ .m_next = NULL,
+ .m_client = NULL,
+ .m_export = {
+ .e_hostname = "*",
+ .e_path = _PATH_PSEUDO_ROOT,
+ .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+ | NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
+ | NFSEXP_CROSSMOUNT | NFSEXP_V4ROOT,
+ .e_anonuid = 65534,
+ .e_anongid = 65534,
+ .e_squids = NULL,
+ .e_nsquids = 0,
+ .e_sqgids = NULL,
+ .e_nsqgids = 0,
+ .e_fsid = 0,
+ .e_mountpoint = NULL,
+ .e_secinfo[0].flav = NULL,
+ },
+ .m_exported = 0,
+ .m_xtabent = 1,
+ .m_mayexport = 1,
+ .m_changed = 0,
+ .m_warned = 0,
+};
+
+/*
+ * Create a pseudo export
+ */
+static struct exportent *
+v4root_create(char *path, nfs_export *export)
+{
+ nfs_export *exp;
+ struct exportent eep;
+ struct exportent *curexp = &export->m_export;
+
+ dupexportent(&eep, curexp);
+ eep.e_hostname = strdup(curexp->e_hostname);
+ strncpy(eep.e_path, path, sizeof(eep.e_path));
+ exp = export_create(&eep, 0);
+ if (exp == NULL)
+ return NULL;
+
+ exp->m_export.e_flags |= NFSEXP_V4ROOT;
+ if (strcmp(path, _PATH_PSEUDO_ROOT) != 0)
+ exp->m_export.e_flags &= ~NFSEXP_FSID;
+
+ xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+
+ return &exp->m_export;
+}
+
+/*
+ * Make sure the kernel has pseudo root support.
+ */
+static int
+v4root_support()
+{
+ static int kernel_support = -1;
+ char *ptr, version[64];
+ int major, minor;
+ FILE *fp;
+
+ if (kernel_support != -1)
+ return kernel_support;
+
+ kernel_support = 0;
+ fp = fopen("/proc/fs/nfsd/exports", "r");
+ if (fp == NULL)
+ goto out;
+
+ ptr = fgets(version, 64, fp);
+ fclose(fp);
+ if (ptr == NULL)
+ goto out;
+
+ while(*ptr && isdigit(*ptr) == 0)
+ ptr++;
+ if (*ptr == '\0')
+ goto out;
+
+ major = minor = 0;
+ sscanf(ptr, " %d.%d",&major, &minor);
+ if (major >= 1 && minor >= 2)
+ kernel_support = 1;
+out:
+ if (!kernel_support) {
+ xlog(L_WARNING, "Kernel does not have pseudo root support.");
+ xlog(L_WARNING, "NFS v4 mounts will be disabled unless fsid=0");
+ xlog(L_WARNING, "is specfied in /etc/exports file.");
+ }
+
+ return kernel_support;
+}
+
+/*
+ * Create pseudo exports by running through the real export
+ * looking at the components of the path that make up the export.
+ * Those path components, if not exported, will become pseudo
+ * exports allowing them to be found when the kernel does an upcall
+ * looking for components of the v4 mount.
+ */
+void
+v4root_set()
+{
+ nfs_export *exp, *nxt;
+ struct exportent *proot;
+ int i, insecure = 0, secflavors = 0;
+ char *path, *ptr;
+ char *hostname;
+
+ if (!v4root_needed)
+ return;
+
+ if (!v4root_support())
+ return;
+
+ proot = v4root_create(_PATH_PSEUDO_ROOT, &pseudo_root);
+ if (proot == NULL) {
+ xlog(L_WARNING, "v4root_set: Unable to create "
+ "pseudo export for '%s'", _PATH_PSEUDO_ROOT);
+ return;
+ }
+
+ for (i = 0; i < MCL_MAXTYPES; i++) {
+ for (exp = exportlist[i].p_head; exp; exp = nxt) {
+ nxt = exp->m_next;
+ hostname = exp->m_export.e_hostname;
+
+ path = strdup(exp->m_export.e_path);
+ ptr = path + 1;
+ while ((ptr = strchr(ptr, '/')) != NULL) {
+ *ptr = '\0';
+ if (export_lookup(hostname, path, 0) == NULL)
+ if (v4root_create(path, exp) == NULL) {
+ xlog(L_WARNING, "v4root_set: Unable to create "
+ "pseudo export for '%s'", path);
+ break;
+ }
+ *ptr = '/';
+ ptr++;
+ }
+ /* Make note of insecure exports */
+ if (!insecure)
+ insecure = (exp->m_export.e_flags & NFSEXP_INSECURE_PORT);
+
+ /* Make note of security flavors being set */
+ if (!secflavors)
+ secflavors = (exp->m_export.e_secinfo[0].flav != NULL);
+
+ free(path);
+ }
+ }
+
+ /*
+ * If there are any insecure exports, the pseudo root
+ * also has to be insecure
+ */
+ if (insecure) {
+ proot->e_flags |= NFSEXP_INSECURE_PORT;
+ }
+
+ /*
+ * Make sure the pseudo root is accessible from all
+ * security flavors when it needs to be.
+ */
+ if (secflavors && !flavors_setall(proot)) {
+ xlog(L_WARNING, "v4root_set: Unable to set security "
+ "flavors on pseudo root");
+ }
+
+}
+