diff --git a/nfs-server.service b/nfs-server.service index fe88585..bba6676 100644 --- a/nfs-server.service +++ b/nfs-server.service @@ -12,6 +12,7 @@ ExecStartPre=-/usr/sbin/rpc.rquotad $RPCRQUOTADOPTS ExecStartPre=/usr/sbin/exportfs -r ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS ${RPCNFSDCOUNT} ExecStartPost=/usr/sbin/rpc.mountd $RPCMOUNTDOPTS +ExecStartPost=/usr/sbin/rpc.idmapd $RPCIDMAPDARGS ExecStartPost=-/usr/lib/nfs-utils/scripts/nfs-server.postconfig ExecStop=/usr/sbin/rpc.nfsd 0 ExecStopPost=/usr/sbin/exportfs -f diff --git a/nfs-utils-1.2.5-idmap-errmsg.patch b/nfs-utils-1.2.5-idmap-errmsg.patch new file mode 100644 index 0000000..8e00ed7 --- /dev/null +++ b/nfs-utils-1.2.5-idmap-errmsg.patch @@ -0,0 +1,12 @@ +diff -up nfs-utils-1.2.5/utils/nfsidmap/nfsidmap.c.orig nfs-utils-1.2.5/utils/nfsidmap/nfsidmap.c +--- nfs-utils-1.2.5/utils/nfsidmap/nfsidmap.c.orig 2011-12-13 15:01:26.311660000 -0500 ++++ nfs-utils-1.2.5/utils/nfsidmap/nfsidmap.c 2011-12-13 15:32:48.167354000 -0500 +@@ -261,7 +261,7 @@ int main(int argc, char **argv) + + xlog_stderr(0); + if ((argc - optind) != 2) { +- xlog_err("Bad arg count. Check /etc/request-key.conf"); ++ xlog_err("Bad arg count. Check /etc/request-key.d/id_resolver.conf"); + xlog_warn(usage, progname); + return 1; + } diff --git a/nfs-utils-1.2.6-rc2.patch b/nfs-utils-1.2.6-rc2.patch deleted file mode 100644 index 9c793f3..0000000 --- a/nfs-utils-1.2.6-rc2.patch +++ /dev/null @@ -1,147 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 80fb39d..f101b86 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -265,6 +265,12 @@ if test "$enable_nfsv4" = yes; then - AC_RPCSEC_VERSION - fi - fi -+ -+if test "$enable_nfsv41" = yes; then -+ AC_CHECK_LIB([devmapper], [dm_task_create], [LIBDEVMAPPER="-ldevmapper"], AC_MSG_ERROR([libdevmapper needed])) -+ AC_CHECK_HEADER(libdevmapper.h, , AC_MSG_ERROR([Cannot find devmapper header file libdevmapper.h])) -+fi -+ - dnl enable nfsidmap when its support by libnfsidmap - AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) - -diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c -index 27ff374..652a7a8 100644 ---- a/utils/blkmapd/device-process.c -+++ b/utils/blkmapd/device-process.c -@@ -296,7 +296,7 @@ decode_blk_volume(uint32_t **pp, uint32_t *end, struct bl_volume *vols, int voln - off_t stripe_unit = vol->param.bv_stripe_unit; - /* Check limitations imposed by device-mapper */ - if ((stripe_unit & (stripe_unit - 1)) != 0 -- || stripe_unit < (off_t) (PAGE_SIZE >> 9)) -+ || stripe_unit < (off_t) (sysconf(_SC_PAGE_SIZE) >> 9)) - return -EIO; - BLK_READBUF(p, end, 4); - READ32(vol->bv_vol_n); -diff --git a/utils/exportfs/exportfs.man b/utils/exportfs/exportfs.man -index 364f247..8853486 100644 ---- a/utils/exportfs/exportfs.man -+++ b/utils/exportfs/exportfs.man -@@ -177,7 +177,7 @@ In this way - .B exportfs - can be used to modify the export options of an already exported directory. - .SS Unexporting Directories --The third synopsis shows how to unexported a currently exported directory. -+The third synopsis shows how to unexport a currently exported directory. - When using - .BR "exportfs -ua" , - all entries listed in -diff --git a/utils/exportfs/nfsd.man b/utils/exportfs/nfsd.man -index 7365a1b..47b73be 100644 ---- a/utils/exportfs/nfsd.man -+++ b/utils/exportfs/nfsd.man -@@ -12,7 +12,7 @@ nfsd \- special filesystem for controlling Linux NFS server - .SH DESCRIPTION - The - .B nfsd --filesytem is a special filesystem which provides access to the Linux -+filesystem is a special filesystem which provides access to the Linux - NFS server. The filesystem consists of a single directory which - contains a number of files. These files are actually gateways into - the NFS server. Writing to them can affect the server. Reading from -@@ -86,7 +86,7 @@ should be followed by a newline, with white-space separating the - fields, and octal quoting of special characters. - - On writing this, the program will be able to read back a filehandle --for that path as exported to the given client. The filehandles length -+for that path as exported to the given client. The filehandle's length - will be at most the number of bytes given. - - The filehandle will be represented in hex with a leading '\ex'. -@@ -165,7 +165,7 @@ file. The user-space program might then write - .ti +5 - nfsd 127.0.0.1 1057206953 localhost - .br --to indicate that 127.0.0.1 should map to localhost, atleast for now. -+to indicate that 127.0.0.1 should map to localhost, at least for now. - - If the program uses select(2) or poll(2) to discover if it can read - from the -diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c -index 19d9114..e80efb4 100644 ---- a/utils/idmapd/idmapd.c -+++ b/utils/idmapd/idmapd.c -@@ -778,8 +778,8 @@ nfsopen(struct idmap_client *ic) - } else { - event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic); - event_add(&ic->ic_event, NULL); -- fcntl(ic->ic_dirfd, F_SETSIG, 0); - fcntl(ic->ic_dirfd, F_NOTIFY, 0); -+ fcntl(ic->ic_dirfd, F_SETSIG, 0); - if (verbose > 0) - xlog_warn("Opened %s", ic->ic_path); - } -diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man -index ce40933..2ad92d1 100644 ---- a/utils/mount/nfs.man -+++ b/utils/mount/nfs.man -@@ -1561,10 +1561,10 @@ To ensure that the saved mount options are not erased during a remount, - specify either the local mount directory, or the server hostname and - export pathname, but not both, during a remount. For example, - .P --.NF --.TA 2.5i -+.nf -+.ta 8n - mount -o remount,ro /mnt --.FI -+.fi - .P - merges the mount option - .B ro -diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c -index 314a806..4032bf3 100644 ---- a/utils/mount/stropts.c -+++ b/utils/mount/stropts.c -@@ -665,9 +665,10 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi) - case EHOSTUNREACH: - continue; - default: -- break; -+ goto out; - } - } -+out: - return ret; - } - -@@ -751,9 +752,10 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi) - case EHOSTUNREACH: - continue; - default: -- break; -+ goto out; - } - } -+out: - return ret; - } - -diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man -index d8988d2..1cf9296 100644 ---- a/utils/nfsd/nfsd.man -+++ b/utils/nfsd/nfsd.man -@@ -38,7 +38,7 @@ request on all known network addresses. This may change in future - releases of the Linux Kernel. - .TP - .B \-p " or " \-\-port port --specify a diferent port to listen on for NFS requests. By default, -+specify a different port to listen on for NFS requests. By default, - .B rpc.nfsd - will listen on port 2049. - .TP diff --git a/nfs-utils-1.2.6-rc4.patch b/nfs-utils-1.2.6-rc4.patch new file mode 100644 index 0000000..028856c --- /dev/null +++ b/nfs-utils-1.2.6-rc4.patch @@ -0,0 +1,587 @@ +diff --git a/configure.ac b/configure.ac +index 80fb39d..f101b86 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -265,6 +265,12 @@ if test "$enable_nfsv4" = yes; then + AC_RPCSEC_VERSION + fi + fi ++ ++if test "$enable_nfsv41" = yes; then ++ AC_CHECK_LIB([devmapper], [dm_task_create], [LIBDEVMAPPER="-ldevmapper"], AC_MSG_ERROR([libdevmapper needed])) ++ AC_CHECK_HEADER(libdevmapper.h, , AC_MSG_ERROR([Cannot find devmapper header file libdevmapper.h])) ++fi ++ + dnl enable nfsidmap when its support by libnfsidmap + AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) + +diff --git a/support/include/nfs/debug.h b/support/include/nfs/debug.h +index d391e91..dbec5ba 100644 +--- a/support/include/nfs/debug.h ++++ b/support/include/nfs/debug.h +@@ -76,6 +76,9 @@ enum { + #define NFSDBG_CALLBACK 0x0100 + #define NFSDBG_CLIENT 0x0200 + #define NFSDBG_MOUNT 0x0400 ++#define NFSDBG_FSCACHE 0x0800 ++#define NFSDBG_PNFS 0x1000 ++#define NFSDBG_PNFS_LD 0x2000 + #define NFSDBG_ALL 0xFFFF + + #endif /* _NFS_DEBUG_H */ +diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c +index fa0dc6b..3990578 100644 +--- a/support/nfs/conffile.c ++++ b/support/nfs/conffile.c +@@ -256,13 +256,14 @@ conf_parse_line(int trans, char *line, size_t sz) + val++, j++; + if (*val) + i = j; +- section = malloc(i); ++ section = malloc(i+1); + if (!section) { + xlog_warn("conf_parse_line: %d: malloc (%lu) failed", ln, + (unsigned long)i); + return; + } + strncpy(section, line, i); ++ section[i] = '\0'; + + if (arg) + free(arg); +diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c +index 275a491..444616d 100644 +--- a/tools/rpcdebug/rpcdebug.c ++++ b/tools/rpcdebug/rpcdebug.c +@@ -167,6 +167,9 @@ static struct flagmap { + FLAG(NFS, CALLBACK), + FLAG(NFS, CLIENT), + FLAG(NFS, MOUNT), ++ FLAG(NFS, FSCACHE), ++ FLAG(NFS, PNFS), ++ FLAG(NFS, PNFS_LD), + FLAG(NFS, ALL), + + /* nfsd */ +diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c +index 27ff374..652a7a8 100644 +--- a/utils/blkmapd/device-process.c ++++ b/utils/blkmapd/device-process.c +@@ -296,7 +296,7 @@ decode_blk_volume(uint32_t **pp, uint32_t *end, struct bl_volume *vols, int voln + off_t stripe_unit = vol->param.bv_stripe_unit; + /* Check limitations imposed by device-mapper */ + if ((stripe_unit & (stripe_unit - 1)) != 0 +- || stripe_unit < (off_t) (PAGE_SIZE >> 9)) ++ || stripe_unit < (off_t) (sysconf(_SC_PAGE_SIZE) >> 9)) + return -EIO; + BLK_READBUF(p, end, 4); + READ32(vol->bv_vol_n); +diff --git a/utils/exportfs/exportfs.man b/utils/exportfs/exportfs.man +index 364f247..8853486 100644 +--- a/utils/exportfs/exportfs.man ++++ b/utils/exportfs/exportfs.man +@@ -177,7 +177,7 @@ In this way + .B exportfs + can be used to modify the export options of an already exported directory. + .SS Unexporting Directories +-The third synopsis shows how to unexported a currently exported directory. ++The third synopsis shows how to unexport a currently exported directory. + When using + .BR "exportfs -ua" , + all entries listed in +diff --git a/utils/exportfs/nfsd.man b/utils/exportfs/nfsd.man +index 7365a1b..47b73be 100644 +--- a/utils/exportfs/nfsd.man ++++ b/utils/exportfs/nfsd.man +@@ -12,7 +12,7 @@ nfsd \- special filesystem for controlling Linux NFS server + .SH DESCRIPTION + The + .B nfsd +-filesytem is a special filesystem which provides access to the Linux ++filesystem is a special filesystem which provides access to the Linux + NFS server. The filesystem consists of a single directory which + contains a number of files. These files are actually gateways into + the NFS server. Writing to them can affect the server. Reading from +@@ -86,7 +86,7 @@ should be followed by a newline, with white-space separating the + fields, and octal quoting of special characters. + + On writing this, the program will be able to read back a filehandle +-for that path as exported to the given client. The filehandles length ++for that path as exported to the given client. The filehandle's length + will be at most the number of bytes given. + + The filehandle will be represented in hex with a leading '\ex'. +@@ -165,7 +165,7 @@ file. The user-space program might then write + .ti +5 + nfsd 127.0.0.1 1057206953 localhost + .br +-to indicate that 127.0.0.1 should map to localhost, atleast for now. ++to indicate that 127.0.0.1 should map to localhost, at least for now. + + If the program uses select(2) or poll(2) to discover if it can read + from the +diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c +index 19d9114..e80efb4 100644 +--- a/utils/idmapd/idmapd.c ++++ b/utils/idmapd/idmapd.c +@@ -778,8 +778,8 @@ nfsopen(struct idmap_client *ic) + } else { + event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic); + event_add(&ic->ic_event, NULL); +- fcntl(ic->ic_dirfd, F_SETSIG, 0); + fcntl(ic->ic_dirfd, F_NOTIFY, 0); ++ fcntl(ic->ic_dirfd, F_SETSIG, 0); + if (verbose > 0) + xlog_warn("Opened %s", ic->ic_path); + } +diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man +index ce40933..2ad92d1 100644 +--- a/utils/mount/nfs.man ++++ b/utils/mount/nfs.man +@@ -1561,10 +1561,10 @@ To ensure that the saved mount options are not erased during a remount, + specify either the local mount directory, or the server hostname and + export pathname, but not both, during a remount. For example, + .P +-.NF +-.TA 2.5i ++.nf ++.ta 8n + mount -o remount,ro /mnt +-.FI ++.fi + .P + merges the mount option + .B ro +diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c +index 314a806..d52e21a 100644 +--- a/utils/mount/stropts.c ++++ b/utils/mount/stropts.c +@@ -540,6 +540,8 @@ nfs_rewrite_pmap_mount_options(struct mount_options *options) + errno = EOPNOTSUPP; + else if (rpc_createerr.cf_stat == RPC_AUTHERROR) + errno = EACCES; ++ else if (rpc_createerr.cf_stat == RPC_TIMEDOUT) ++ errno = ETIMEDOUT; + else if (rpc_createerr.cf_error.re_errno != 0) + errno = rpc_createerr.cf_error.re_errno; + return 0; +@@ -665,9 +667,10 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi) + case EHOSTUNREACH: + continue; + default: +- break; ++ goto out; + } + } ++out: + return ret; + } + +@@ -751,9 +754,10 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi) + case EHOSTUNREACH: + continue; + default: +- break; ++ goto out; + } + } ++out: + return ret; + } + +diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man +index d8988d2..1cf9296 100644 +--- a/utils/nfsd/nfsd.man ++++ b/utils/nfsd/nfsd.man +@@ -38,7 +38,7 @@ request on all known network addresses. This may change in future + releases of the Linux Kernel. + .TP + .B \-p " or " \-\-port port +-specify a diferent port to listen on for NFS requests. By default, ++specify a different port to listen on for NFS requests. By default, + .B rpc.nfsd + will listen on port 2049. + .TP +diff --git a/utils/nfsidmap/Makefile.am b/utils/nfsidmap/Makefile.am +index f837b91..037aa79 100644 +--- a/utils/nfsidmap/Makefile.am ++++ b/utils/nfsidmap/Makefile.am +@@ -4,6 +4,6 @@ man8_MANS = nfsidmap.man + + sbin_PROGRAMS = nfsidmap + nfsidmap_SOURCES = nfsidmap.c +-nfsidmap_LDADD = -lnfsidmap -lkeyutils ++nfsidmap_LDADD = -lnfsidmap -lkeyutils ../../support/nfs/libnfs.a + + MAINTAINERCLEANFILES = Makefile.in +diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c +index 2d87381..ce8cf3e 100644 +--- a/utils/nfsidmap/nfsidmap.c ++++ b/utils/nfsidmap/nfsidmap.c +@@ -9,15 +9,25 @@ + #include + #include + +-#include ++#include ++#include "xlog.h" + +-/* gcc nfsidmap.c -o nfsidmap -l nfsidmap -l keyutils */ ++int verbose = 0; ++char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; + + #define MAX_ID_LEN 11 + #define IDMAP_NAMESZ 128 + #define USER 1 + #define GROUP 0 + ++#define PROCKEYS "/proc/keys" ++#ifndef DEFAULT_KEYRING ++#define DEFAULT_KEYRING "id_resolver" ++#endif ++ ++ ++#define UIDKEYS 0x1 ++#define GIDKEYS 0x2 + + /* + * Find either a user or group id based on the name@domain string +@@ -36,9 +46,15 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type) + rc = nfs4_group_owner_to_gid(name_at_domain, &gid); + sprintf(id, "%u", gid); + } ++ if (rc < 0) ++ xlog_err("id_lookup: %s: failed: %m", ++ (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid")); + +- if (rc == 0) ++ if (rc == 0) { + rc = keyctl_instantiate(key, id, strlen(id) + 1, 0); ++ if (rc < 0) ++ xlog_err("id_lookup: keyctl_instantiate failed: %m"); ++ } + + return rc; + } +@@ -57,6 +73,7 @@ int name_lookup(char *id, key_serial_t key, int type) + rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN); + if (rc != 0) { + rc = -1; ++ xlog_err("name_lookup: nfs4_get_default_domain failed: %m"); + goto out; + } + +@@ -67,39 +84,206 @@ int name_lookup(char *id, key_serial_t key, int type) + gid = atoi(id); + rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ); + } ++ if (rc < 0) ++ xlog_err("name_lookup: %s: failed: %m", ++ (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name")); + +- if (rc == 0) ++ if (rc == 0) { + rc = keyctl_instantiate(key, &name, strlen(name), 0); +- ++ if (rc < 0) ++ xlog_err("name_lookup: keyctl_instantiate failed: %m"); ++ } + out: + return rc; + } ++/* ++ * Clear all the keys on the given keyring ++ */ ++static int keyring_clear(char *keyring) ++{ ++ FILE *fp; ++ char buf[BUFSIZ]; ++ key_serial_t key; ++ ++ xlog_syslog(0); ++ if (keyring == NULL) ++ keyring = DEFAULT_KEYRING; ++ ++ if ((fp = fopen(PROCKEYS, "r")) == NULL) { ++ xlog_err("fopen(%s) failed: %m", PROCKEYS); ++ return 1; ++ } ++ ++ while(fgets(buf, BUFSIZ, fp) != NULL) { ++ if (strstr(buf, "keyring") == NULL) ++ continue; ++ if (strstr(buf, keyring) == NULL) ++ continue; ++ if (verbose) { ++ *(strchr(buf, '\n')) = '\0'; ++ xlog_warn("clearing '%s'", buf); ++ } ++ /* ++ * The key is the first arugment in the string ++ */ ++ *(strchr(buf, ' ')) = '\0'; ++ sscanf(buf, "%x", &key); ++ if (keyctl_clear(key) < 0) { ++ xlog_err("keyctl_clear(0x%x) failed: %m", key); ++ fclose(fp); ++ return 1; ++ } ++ fclose(fp); ++ return 0; ++ } ++ xlog_err("'%s' keyring was not found.", keyring); ++ fclose(fp); ++ return 1; ++} ++/* ++ * Revoke a key ++ */ ++static int key_revoke(char *keystr, int keymask) ++{ ++ FILE *fp; ++ char buf[BUFSIZ], *ptr; ++ key_serial_t key; ++ int mask; ++ ++ xlog_syslog(0); ++ ++ if ((fp = fopen(PROCKEYS, "r")) == NULL) { ++ xlog_err("fopen(%s) failed: %m", PROCKEYS); ++ return 1; ++ } ++ ++ while(fgets(buf, BUFSIZ, fp) != NULL) { ++ if (strstr(buf, "keyring") != NULL) ++ continue; ++ ++ mask = 0; ++ if ((ptr = strstr(buf, "uid:")) != NULL) ++ mask = UIDKEYS; ++ else if ((ptr = strstr(buf, "gid:")) != NULL) ++ mask = GIDKEYS; ++ else ++ continue; ++ ++ if ((keymask & mask) == 0) ++ continue; ++ ++ if (strncmp(ptr+4, keystr, strlen(keystr)) != NULL) ++ continue; ++ ++ if (verbose) { ++ *(strchr(buf, '\n')) = '\0'; ++ xlog_warn("revoking '%s'", buf); ++ } ++ /* ++ * The key is the first arugment in the string ++ */ ++ *(strchr(buf, ' ')) = '\0'; ++ sscanf(buf, "%x", &key); ++ ++ if (keyctl_revoke(key) < 0) { ++ xlog_err("keyctl_revoke(0x%x) failed: %m", key); ++ fclose(fp); ++ return 1; ++ } ++ ++ keymask &= ~mask; ++ if (keymask == 0) { ++ fclose(fp); ++ return 0; ++ } ++ } ++ xlog_err("'%s' key was not found.", keystr); ++ fclose(fp); ++ return 1; ++} + + int main(int argc, char **argv) + { + char *arg; + char *value; + char *type; +- int rc = 1; ++ int rc = 1, opt; + int timeout = 600; + key_serial_t key; ++ char *progname, *keystr = NULL; ++ int clearing = 0, keymask = 0; ++ ++ /* Set the basename */ ++ if ((progname = strrchr(argv[0], '/')) != NULL) ++ progname++; ++ else ++ progname = argv[0]; + +- if (argc < 3) ++ xlog_open(progname); ++ ++ while ((opt = getopt(argc, argv, "u:g:r:ct:v")) != -1) { ++ switch (opt) { ++ case 'u': ++ keymask = UIDKEYS; ++ keystr = strdup(optarg); ++ break; ++ case 'g': ++ keymask = GIDKEYS; ++ keystr = strdup(optarg); ++ break; ++ case 'r': ++ keymask = GIDKEYS|UIDKEYS; ++ keystr = strdup(optarg); ++ break; ++ case 'c': ++ clearing++; ++ break; ++ case 'v': ++ verbose++; ++ break; ++ case 't': ++ timeout = atoi(optarg); ++ break; ++ default: ++ xlog_warn(usage, progname); ++ break; ++ } ++ } ++ ++ if (keystr) { ++ rc = key_revoke(keystr, keymask); ++ return rc; ++ } ++ if (clearing) { ++ rc = keyring_clear(DEFAULT_KEYRING); ++ return rc; ++ } ++ ++ xlog_stderr(0); ++ if ((argc - optind) != 2) { ++ xlog_err("Bad arg count. Check /etc/request-key.conf"); ++ xlog_warn(usage, progname); + return 1; ++ } ++ ++ if (verbose) ++ nfs4_set_debug(verbose, NULL); ++ ++ key = strtol(argv[optind++], NULL, 10); + +- arg = malloc(sizeof(char) * strlen(argv[2]) + 1); +- strcpy(arg, argv[2]); ++ arg = strdup(argv[optind]); ++ if (arg == NULL) { ++ xlog_err("strdup failed: %m"); ++ return 1; ++ } + type = strtok(arg, ":"); + value = strtok(NULL, ":"); + +- if (argc == 4) { +- timeout = atoi(argv[3]); +- if (timeout < 0) +- timeout = 0; ++ if (verbose) { ++ xlog_warn("key: %ld type: %s value: %s timeout %ld", ++ key, type, value, timeout); + } + +- key = strtol(argv[1], NULL, 10); +- + if (strcmp(type, "uid") == 0) + rc = id_lookup(value, key, USER); + else if (strcmp(type, "gid") == 0) +@@ -109,7 +293,7 @@ int main(int argc, char **argv) + else if (strcmp(type, "group") == 0) + rc = name_lookup(value, key, GROUP); + +- /* Set timeout to 5 (600 seconds) minutes */ ++ /* Set timeout to 10 (600 seconds) minutes */ + if (rc == 0) + keyctl_set_timeout(key, timeout); + +diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man +index 2381908..3a3a523 100644 +--- a/utils/nfsidmap/nfsidmap.man ++++ b/utils/nfsidmap/nfsidmap.man +@@ -5,6 +5,12 @@ + .TH nfsidmap 5 "1 October 2010" + .SH NAME + nfsidmap \- The NFS idmapper upcall program ++.SH SYNOPSIS ++.B "nfsidmap [-v] [-t timeout] key desc" ++.br ++.B "nfsidmap [-v] [-c]" ++.br ++.B "nfsidmap [-v] [-u|-g|-r user]" + .SH DESCRIPTION + The file + .I /usr/sbin/nfsidmap +@@ -12,11 +18,36 @@ is used by the NFS idmapper to translate user and group ids into names, and to + translate user and group names into ids. Idmapper uses request-key to perform + the upcall and cache the result. + .I /usr/sbin/nfsidmap +-should only be called by request-key, and will perform the translation and ++is called by /sbin/request-key, and will perform the translation and + initialize a key with the resulting information. + .PP +-NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this +-feature. ++.I nfsidmap ++can also used to clear the keyring of all the keys or ++revoke one particular key. ++This is useful when the id mappings have failed to due ++to a lookup error resulting in all the cached uids/gids to be set ++to the user id nobody. ++.SH OPTIONS ++.TP ++.B -c ++Clear the keyring of all the keys. ++.TP ++.B -g user ++Revoke the gid key of the given user. ++.TP ++.B -r user ++Revoke both the uid and gid key of the given user. ++.TP ++.B -t timeout ++Set the expiration timer, in seconds, on the key. ++The default is 600 seconds (10 mins). ++.TP ++.B -u user ++Revoke the uid key of the given user. ++.TP ++.B -v ++Increases the verbosity of the output to syslog ++(can be specified multiple times). + .SH CONFIGURING + The file + .I /etc/request-key.conf +@@ -25,11 +56,13 @@ will need to be modified so + can properly direct the upcall. The following line should be added before a call + to keyctl negate: + .PP +-create id_resolver * * /usr/sbin/nfsidmap %k %d 600 ++create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d + .PP + This will direct all id_resolver requests to the program +-.I /usr/sbin/nfsidmap +-The last parameter, 600, defines how many seconds into the future the key will ++.I /usr/sbin/nfsidmap. ++The ++.B -t 600 ++defines how many seconds into the future the key will + expire. This is an optional parameter for + .I /usr/sbin/nfsidmap + and will default to 600 seconds when not specified. +@@ -48,9 +81,9 @@ You can choose to handle any of these individually, rather than using the + generic upcall program. If you would like to use your own program for a uid + lookup then you would edit your request-key.conf so it looks similar to this: + .PP +-create id_resolver uid:* * /some/other/program %k %d 600 ++create id_resolver uid:* * /some/other/program %k %d + .br +-create id_resolver * * /usr/sbin/nfsidmap %k %d 600 ++create id_resolver * * /usr/sbin/nfsidmap %k %d + .PP + Notice that the new line was added above the line for the generic program. + request-key will find the first matching line and run the corresponding program. diff --git a/nfs-utils.spec b/nfs-utils.spec index f2c67fd..6d33592 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.2.5 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 1 # group all 32bit related archs @@ -10,6 +10,7 @@ Epoch: 1 Source0: http://www.kernel.org/pub/linux/utils/nfs/%{name}-%{version}.tar.bz2 +Source9: id_resolver.conf Source10: nfs.sysconfig Source11: nfs-lock.service Source12: nfs-secure.service @@ -28,12 +29,13 @@ Source51: nfs-server.preconfig Source52: nfs-server.postconfig %define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52} -Patch001: nfs-utils-1.2.6-rc3.patch +Patch001: nfs-utils-1.2.6-rc4.patch Patch002: nfs-utils-1.2.4-mountshortcut.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch Patch102: nfs-utils-1.2.3-sm-notify-res_init.patch +Patch103: nfs-utils-1.2.5-idmap-errmsg.patch Group: System Environment/Daemons Provides: exportfs = %{epoch}:%{version}-%{release} @@ -91,6 +93,7 @@ This package also contains the mount.nfs and umount.nfs program. %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 # Remove .orig files find . -name "*.orig" | xargs rm -f @@ -124,9 +127,11 @@ mkdir -p $RPM_BUILD_ROOT{/sbin,/usr/sbin,/lib/systemd/system} mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}/scripts mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 mkdir -p $RPM_BUILD_ROOT/etc/sysconfig +mkdir -p $RPM_BUILD_ROOT/etc/request-key.d make DESTDIR=$RPM_BUILD_ROOT install install -s -m 755 tools/rpcdebug/rpcdebug $RPM_BUILD_ROOT/usr/sbin install -m 644 utils/mount/nfsmount.conf $RPM_BUILD_ROOT/etc +install -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc/request-key.d install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/sysconfig/nfs for service in %{nfs_services} ; do @@ -244,6 +249,7 @@ fi %config(noreplace) /var/lib/nfs/xtab %config(noreplace) /var/lib/nfs/etab %config(noreplace) /var/lib/nfs/rmtab +%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf %doc linux-nfs/ChangeLog linux-nfs/KNOWNBUGS linux-nfs/NEW linux-nfs/README %doc linux-nfs/THANKS linux-nfs/TODO /sbin/rpc.statd @@ -274,6 +280,10 @@ fi %attr(0755,root,root) /sbin/umount.nfs4 %changelog +* Tue Dec 13 2011 Steve Dickson 1.2.5-6 +- Enabled new idmaping by installing the id_resolver.conf file. +- Update to upstream RC release: nfs-utils-1.2.6-rc4 + * Fri Nov 18 2011 Steve Dickson 1.2.5-6 - Remove RQUOTAD_PORT and RQUOTAD from /etc/sysconfig/nfs (bz 754496) - Ensured nfs-idmap service is started after the named is up (bz 748275)