Updated to the latest RC release: nfs-utils-2-5-2-rc4

Signed-off-by: Steve Dickson <steved@redhat.com>
This commit is contained in:
Steve Dickson 2020-08-31 11:25:10 -04:00
parent a477c3cd42
commit fd3594d93b
5 changed files with 83 additions and 546 deletions

View File

@ -1,29 +0,0 @@
commit 841abefc91ee870fe7cc8a4e36905b1655410c54
Author: Steve Dickson <steved@redhat.com>
Date: Wed Aug 5 14:59:23 2020 -0400
rpc.idmapd: Turn down the verbosity in flush_inotify()
Commit 27a8e146 introduce a debugging message
that was not cover by a check if verbose
is set, which cause a large number of message
to be logged on every kerberos mount
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1867172
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index 8631414..7d1096d 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -500,7 +500,8 @@ flush_inotify(int fd)
ptr += sizeof(struct inotify_event) + ev->len) {
ev = (const struct inotify_event *)ptr;
- xlog_warn("pipefs inotify: wd=%i, mask=0x%08x, len=%i, name=%s",
+ if (verbose > 1)
+ xlog_warn("pipefs inotify: wd=%i, mask=0x%08x, len=%i, name=%s",
ev->wd, ev->mask, ev->len, ev->len ? ev->name : "");
}
}

View File

@ -318,9 +318,15 @@ index 24118d6..06c1adb 100644
# GSS services dependencies and ordering # GSS services dependencies and ordering
Wants=auth-rpcgss-module.service Wants=auth-rpcgss-module.service
diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py
index 014f38a..1054f69 100755 index 014f38a..00adc96 100755
--- a/tools/mountstats/mountstats.py --- a/tools/mountstats/mountstats.py
+++ b/tools/mountstats/mountstats.py +++ b/tools/mountstats/mountstats.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# -*- python-mode -*-
"""Parse /proc/self/mountstats and display it in human readable form
"""
@@ -560,7 +560,10 @@ class DeviceData: @@ -560,7 +560,10 @@ class DeviceData:
# the reference to them. so we build new lists here # the reference to them. so we build new lists here
# for the result object. # for the result object.
@ -334,9 +340,15 @@ index 014f38a..1054f69 100755
# update the remaining keys # update the remaining keys
if protocol == 'udp': if protocol == 'udp':
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
index b7e98a2..5556f69 100755 index b7e98a2..4f5e8a6 100755
--- a/tools/nfs-iostat/nfs-iostat.py --- a/tools/nfs-iostat/nfs-iostat.py
+++ b/tools/nfs-iostat/nfs-iostat.py +++ b/tools/nfs-iostat/nfs-iostat.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# -*- python-mode -*-
"""Emulate iostat for NFS mount points using /proc/self/mountstats
"""
@@ -213,8 +213,11 @@ class DeviceData: @@ -213,8 +213,11 @@ class DeviceData:
# the reference to them. so we build new lists here # the reference to them. so we build new lists here
# for the result object. # for the result object.
@ -351,6 +363,15 @@ index b7e98a2..5556f69 100755
# update the remaining keys we care about # update the remaining keys we care about
result.__rpc_data['rpcsends'] -= old_stats.__rpc_data['rpcsends'] result.__rpc_data['rpcsends'] -= old_stats.__rpc_data['rpcsends']
@@ -380,6 +383,8 @@ class DeviceData:
sends = float(self.__rpc_data['rpcsends'])
if sample_time == 0:
sample_time = float(self.__nfs_data['age'])
+ if sample_time == 0:
+ sample_time = 1;
return (sends / sample_time)
def display_iostats(self, sample_time, which):
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index a04a789..cde5e51 100644 index a04a789..cde5e51 100644
--- a/utils/exportfs/exportfs.c --- a/utils/exportfs/exportfs.c
@ -846,7 +867,7 @@ index f4f5975..1e8c58d 100644
#endif /* _RPC_GSSD_H_ */ #endif /* _RPC_GSSD_H_ */
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 8fe6605..e830f49 100644 index 8fe6605..2a8b618 100644
--- a/utils/gssd/gssd_proc.c --- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c
@@ -149,9 +149,10 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, @@ -149,9 +149,10 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
@ -898,7 +919,15 @@ index 8fe6605..e830f49 100644
service, srchost); service, srchost);
/* /*
* Get a list of credential cache names and try each * Get a list of credential cache names and try each
@@ -730,7 +731,7 @@ handle_krb5_upcall(struct clnt_upcall_info *info) @@ -686,6 +687,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *srchost,
} else {
get_hostbased_client_buffer(gacceptor, mech, &acceptor);
gss_release_name(&min_stat, &gacceptor);
+ gss_release_oid(&min_stat, &mech);
}
/*
@@ -730,7 +732,7 @@ handle_krb5_upcall(struct clnt_upcall_info *info)
printerr(2, "\n%s: uid %d (%s)\n", __func__, info->uid, clp->relpath); printerr(2, "\n%s: uid %d (%s)\n", __func__, info->uid, clp->relpath);
process_krb5_upcall(clp, info->uid, clp->krb5_fd, NULL, NULL, NULL); process_krb5_upcall(clp, info->uid, clp->krb5_fd, NULL, NULL, NULL);
@ -907,7 +936,7 @@ index 8fe6605..e830f49 100644
} }
void void
@@ -747,8 +748,10 @@ handle_gssd_upcall(struct clnt_upcall_info *info) @@ -747,8 +749,10 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
char *enctypes = NULL; char *enctypes = NULL;
char *upcall_str; char *upcall_str;
char *pbuf = info->lbuf; char *pbuf = info->lbuf;
@ -919,7 +948,7 @@ index 8fe6605..e830f49 100644
upcall_str = strdup(info->lbuf); upcall_str = strdup(info->lbuf);
if (upcall_str == NULL) { if (upcall_str == NULL) {
@@ -830,6 +833,6 @@ handle_gssd_upcall(struct clnt_upcall_info *info) @@ -830,6 +834,6 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
out: out:
free(upcall_str); free(upcall_str);
out_nomem: out_nomem:
@ -2020,7 +2049,7 @@ index 72ec254..b403143 100644
sizeof(in_handle_buf)); sizeof(in_handle_buf));
#ifdef DEBUG #ifdef DEBUG
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index 893159f..cb1478a 100644 index 893159f..f3d2314 100644
--- a/utils/idmapd/idmapd.c --- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c +++ b/utils/idmapd/idmapd.c
@@ -49,7 +49,7 @@ @@ -49,7 +49,7 @@
@ -2094,13 +2123,13 @@ index 893159f..cb1478a 100644
serverstart = 0; serverstart = 0;
} }
+ /* Not needed anymore */ + /* Config memory is no longer needed */
+ conf_cleanup(); + conf_cleanup();
+ +
while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
switch (opt) { switch (opt) {
case 'v': case 'v':
@@ -341,7 +361,9 @@ main(int argc, char **argv) @@ -341,9 +361,11 @@ main(int argc, char **argv)
if (nfs4_init_name_mapping(conf_path)) if (nfs4_init_name_mapping(conf_path))
errx(1, "Unable to create name to user id mappings."); errx(1, "Unable to create name to user id mappings.");
@ -2109,8 +2138,11 @@ index 893159f..cb1478a 100644
+ if (evbase == NULL) + if (evbase == NULL)
+ errx(1, "Failed to create event base."); + errx(1, "Failed to create event base.");
if (verbose > 0) - if (verbose > 0)
+ if (verbose > 1)
xlog_warn("Expiration time is %d seconds.", xlog_warn("Expiration time is %d seconds.",
cache_entry_expiration);
if (serverstart) {
@@ -388,30 +410,44 @@ main(int argc, char **argv) @@ -388,30 +410,44 @@ main(int argc, char **argv)
if (inotify_fd == -1) { if (inotify_fd == -1) {
xlog_err("Unable to initialise inotify_init1: %s\n", strerror(errno)); xlog_err("Unable to initialise inotify_init1: %s\n", strerror(errno));
@ -2167,7 +2199,7 @@ index 893159f..cb1478a 100644
} }
if (nfsdret != 0 && wd < 0) if (nfsdret != 0 && wd < 0)
@@ -419,15 +455,59 @@ main(int argc, char **argv) @@ -419,15 +455,60 @@ main(int argc, char **argv)
daemon_ready(); daemon_ready();
@ -2219,7 +2251,8 @@ index 893159f..cb1478a 100644
+ ptr += sizeof(struct inotify_event) + ev->len) { + ptr += sizeof(struct inotify_event) + ev->len) {
+ +
+ ev = (const struct inotify_event *)ptr; + ev = (const struct inotify_event *)ptr;
+ xlog_warn("pipefs inotify: wd=%i, mask=0x%08x, len=%i, name=%s", + if (verbose > 2)
+ xlog_warn("pipefs inotify: wd=%i, mask=0x%08x, len=%i, name=%s",
+ ev->wd, ev->mask, ev->len, ev->len ? ev->name : ""); + ev->wd, ev->mask, ev->len, ev->len ? ev->name : "");
+ } + }
+ } + }
@ -2230,7 +2263,7 @@ index 893159f..cb1478a 100644
{ {
int nent, i; int nent, i;
struct dirent **ents; struct dirent **ents;
@@ -435,6 +515,13 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data) @@ -435,6 +516,13 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
char path[PATH_MAX+256]; /* + sizeof(d_name) */ char path[PATH_MAX+256]; /* + sizeof(d_name) */
struct idmap_clientq *icq = data; struct idmap_clientq *icq = data;
@ -2244,7 +2277,7 @@ index 893159f..cb1478a 100644
nent = scandir(pipefsdir, &ents, NULL, alphasort); nent = scandir(pipefsdir, &ents, NULL, alphasort);
if (nent == -1) { if (nent == -1) {
xlog_warn("dirscancb: scandir(%s): %s", pipefsdir, strerror(errno)); xlog_warn("dirscancb: scandir(%s): %s", pipefsdir, strerror(errno));
@@ -468,15 +555,15 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data) @@ -468,15 +556,15 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
strlcat(path, "/idmap", sizeof(path)); strlcat(path, "/idmap", sizeof(path));
strlcpy(ic->ic_path, path, sizeof(ic->ic_path)); strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
@ -2257,13 +2290,13 @@ index 893159f..cb1478a 100644
goto out; goto out;
} }
+ if (verbose > 0) + if (verbose > 2)
+ xlog_warn("New client: %s", ic->ic_clid); + xlog_warn("New client: %s", ic->ic_clid);
+ +
ic->ic_id = "Client"; ic->ic_id = "Client";
TAILQ_INSERT_TAIL(icq, ic, ic_next); TAILQ_INSERT_TAIL(icq, ic, ic_next);
@@ -490,17 +577,19 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data) @@ -490,17 +578,19 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
while(ic != NULL) { while(ic != NULL) {
nextic=TAILQ_NEXT(ic, ic_next); nextic=TAILQ_NEXT(ic, ic_next);
if (!ic->ic_scanned) { if (!ic->ic_scanned) {
@ -2277,7 +2310,8 @@ index 893159f..cb1478a 100644
+ if (ic->ic_dirfd != -1) + if (ic->ic_dirfd != -1)
+ close(ic->ic_dirfd); + close(ic->ic_dirfd);
TAILQ_REMOVE(icq, ic, ic_next); TAILQ_REMOVE(icq, ic, ic_next);
if (verbose > 0) { - if (verbose > 0) {
+ if (verbose > 2) {
xlog_warn("Stale client: %s", ic->ic_clid); xlog_warn("Stale client: %s", ic->ic_clid);
xlog_warn("\t-> closed %s", ic->ic_path); xlog_warn("\t-> closed %s", ic->ic_path);
} }
@ -2288,7 +2322,7 @@ index 893159f..cb1478a 100644
ic = nextic; ic = nextic;
} }
@@ -546,7 +635,7 @@ nfsdcb(int UNUSED(fd), short which, void *data) @@ -546,7 +636,7 @@ nfsdcb(int UNUSED(fd), short which, void *data)
unsigned long tmp; unsigned long tmp;
if (which != EV_READ) if (which != EV_READ)
@ -2297,7 +2331,7 @@ index 893159f..cb1478a 100644
len = read(ic->ic_fd, buf, sizeof(buf)); len = read(ic->ic_fd, buf, sizeof(buf));
if (len == 0) if (len == 0)
@@ -569,11 +658,11 @@ nfsdcb(int UNUSED(fd), short which, void *data) @@ -569,13 +659,13 @@ nfsdcb(int UNUSED(fd), short which, void *data)
/* Authentication name -- ignored for now*/ /* Authentication name -- ignored for now*/
if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) { if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
xlog_warn("nfsdcb: bad authentication name in upcall\n"); xlog_warn("nfsdcb: bad authentication name in upcall\n");
@ -2309,9 +2343,12 @@ index 893159f..cb1478a 100644
- goto out; - goto out;
+ return; + return;
} }
if (verbose > 0) - if (verbose > 0)
+ if (verbose > 2)
xlog_warn("nfsdcb: authbuf=%s authtype=%s", xlog_warn("nfsdcb: authbuf=%s authtype=%s",
@@ -587,26 +676,26 @@ nfsdcb(int UNUSED(fd), short which, void *data) authbuf, typebuf);
@@ -587,26 +677,26 @@ nfsdcb(int UNUSED(fd), short which, void *data)
im.im_conv = IDMAP_CONV_NAMETOID; im.im_conv = IDMAP_CONV_NAMETOID;
if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) { if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
xlog_warn("nfsdcb: bad name in upcall\n"); xlog_warn("nfsdcb: bad name in upcall\n");
@ -2342,7 +2379,7 @@ index 893159f..cb1478a 100644
} }
imconv(ic, &im); imconv(ic, &im);
@@ -667,7 +756,7 @@ nfsdcb(int UNUSED(fd), short which, void *data) @@ -667,7 +757,7 @@ nfsdcb(int UNUSED(fd), short which, void *data)
break; break;
default: default:
xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which); xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
@ -2351,7 +2388,7 @@ index 893159f..cb1478a 100644
} }
bsiz = sizeof(buf) - bsiz; bsiz = sizeof(buf) - bsiz;
@@ -675,9 +764,6 @@ nfsdcb(int UNUSED(fd), short which, void *data) @@ -675,9 +765,6 @@ nfsdcb(int UNUSED(fd), short which, void *data)
if (atomicio((void*)write, ic->ic_fd, buf, bsiz) != bsiz) if (atomicio((void*)write, ic->ic_fd, buf, bsiz) != bsiz)
xlog_warn("nfsdcb: write(%s) failed: errno %d (%s)", xlog_warn("nfsdcb: write(%s) failed: errno %d (%s)",
ic->ic_path, errno, strerror(errno)); ic->ic_path, errno, strerror(errno));
@ -2361,7 +2398,7 @@ index 893159f..cb1478a 100644
} }
static void static void
@@ -721,14 +807,12 @@ nfscb(int UNUSED(fd), short which, void *data) @@ -721,14 +808,12 @@ nfscb(int UNUSED(fd), short which, void *data)
struct idmap_msg im; struct idmap_msg im;
if (which != EV_READ) if (which != EV_READ)
@ -2378,7 +2415,7 @@ index 893159f..cb1478a 100644
} }
imconv(ic, &im); imconv(ic, &im);
@@ -742,8 +826,19 @@ nfscb(int UNUSED(fd), short which, void *data) @@ -742,8 +827,19 @@ nfscb(int UNUSED(fd), short which, void *data)
if (atomicio((void*)write, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) if (atomicio((void*)write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
xlog_warn("nfscb: write(%s): %s", ic->ic_path, strerror(errno)); xlog_warn("nfscb: write(%s): %s", ic->ic_path, strerror(errno));
@ -2400,7 +2437,12 @@ index 893159f..cb1478a 100644
} }
static void static void
@@ -755,14 +850,18 @@ nfsdreopen_one(struct idmap_client *ic) @@ -751,18 +847,22 @@ nfsdreopen_one(struct idmap_client *ic)
{
int fd;
- if (verbose > 0)
+ if (verbose > 2)
xlog_warn("ReOpening %s", ic->ic_path); xlog_warn("ReOpening %s", ic->ic_path);
if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) { if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
@ -2426,7 +2468,7 @@ index 893159f..cb1478a 100644
} else { } else {
xlog_warn("nfsdreopen: Opening '%s' failed: errno %d (%s)", xlog_warn("nfsdreopen: Opening '%s' failed: errno %d (%s)",
ic->ic_path, errno, strerror(errno)); ic->ic_path, errno, strerror(errno));
@@ -784,6 +883,13 @@ nfsdopen(void) @@ -784,6 +884,13 @@ nfsdopen(void)
nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1); nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1);
} }
@ -2440,7 +2482,7 @@ index 893159f..cb1478a 100644
static int static int
nfsdopenone(struct idmap_client *ic) nfsdopenone(struct idmap_client *ic)
{ {
@@ -795,8 +901,16 @@ nfsdopenone(struct idmap_client *ic) @@ -795,10 +902,18 @@ nfsdopenone(struct idmap_client *ic)
return (-1); return (-1);
} }
@ -2457,9 +2499,12 @@ index 893159f..cb1478a 100644
+ } + }
+ event_add(ic->ic_event, NULL); + event_add(ic->ic_event, NULL);
if (verbose > 0) - if (verbose > 0)
+ if (verbose > 2)
xlog_warn("Opened %s", ic->ic_path); xlog_warn("Opened %s", ic->ic_path);
@@ -808,25 +922,34 @@ static int
return (0);
@@ -808,25 +923,35 @@ static int
nfsopen(struct idmap_client *ic) nfsopen(struct idmap_client *ic)
{ {
if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) { if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
@ -2481,7 +2526,8 @@ index 893159f..cb1478a 100644
+ *slash = 0; + *slash = 0;
+ inotify_add_watch(inotify_fd, ic->ic_path, IN_CREATE | IN_ONLYDIR | IN_ONESHOT); + inotify_add_watch(inotify_fd, ic->ic_path, IN_CREATE | IN_ONLYDIR | IN_ONESHOT);
+ *slash = '/'; + *slash = '/';
+ xlog_warn("Path %s not available. waiting...", ic->ic_path); + if (verbose > 2)
+ xlog_warn("Path %s not available. waiting...", ic->ic_path);
+ return -1; + return -1;
} }
- } else { - } else {
@ -2504,7 +2550,7 @@ index 893159f..cb1478a 100644
+ return -1; + return -1;
+ } + }
+ event_add(ic->ic_event, NULL); + event_add(ic->ic_event, NULL);
+ if (verbose > 0) + if (verbose > 2)
+ xlog_warn("Opened %s", ic->ic_path); + xlog_warn("Opened %s", ic->ic_path);
+ +
return (0); return (0);

View File

@ -1,146 +0,0 @@
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index a1c43d2..8c73748 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -484,7 +484,7 @@ gssd_get_single_krb5_cred(krb5_context context,
if (ccache)
krb5_cc_close(context, ccache);
krb5_free_cred_contents(context, &my_creds);
- free(k5err);
+ krb5_free_string(context, k5err);
return (code);
}
@@ -723,7 +723,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
"we failed to unparse principal name: %s\n",
k5err);
k5_free_kt_entry(context, kte);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -770,7 +770,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
if (retval < 0)
retval = 0;
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -799,7 +799,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
int tried_all = 0, tried_default = 0, tried_upper = 0;
krb5_principal princ;
const char *notsetstr = "not set";
- char *adhostoverride;
+ char *adhostoverride = NULL;
/* Get full target hostname */
@@ -827,7 +827,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
adhostoverride);
/* No overflow: Windows cannot handle strings longer than 19 chars */
strcpy(myhostad, adhostoverride);
- free(adhostoverride);
} else {
strcpy(myhostad, myhostname);
for (i = 0; myhostad[i] != 0; ++i) {
@@ -836,6 +835,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
myhostad[i] = '$';
myhostad[i+1] = 0;
}
+ if (adhostoverride)
+ krb5_free_string(context, adhostoverride);
if (!srchost) {
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
@@ -926,7 +927,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(1, "%s while building principal for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -936,7 +937,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
/*
* We tried the active directory machine account
@@ -985,7 +986,7 @@ out:
k5_free_default_realm(context, default_realm);
if (realmnames)
krb5_free_host_realm(context, realmnames);
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -1248,7 +1249,7 @@ gssd_destroy_krb5_machine_creds(void)
printerr(0, "WARNING: %s while resolving credential "
"cache '%s' for destruction\n", k5err,
ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -1257,13 +1258,13 @@ gssd_destroy_krb5_machine_creds(void)
k5err = gssd_k5_err_msg(context, code);
printerr(0, "WARNING: %s while destroying credential "
"cache '%s'\n", k5err, ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
}
}
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
}
/*
@@ -1346,7 +1347,7 @@ out_free_kt:
out_free_context:
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
diff --git a/utils/mount/mount.c b/utils/mount/mount.c
index 2be3dc2..b98f9e0 100644
--- a/utils/mount/mount.c
+++ b/utils/mount/mount.c
@@ -393,11 +393,6 @@ int main(int argc, char *argv[])
if(!strncmp(progname, "umount", strlen("umount")))
exit(nfsumount(argc, argv));
- if ((argc < 3)) {
- mount_usage();
- exit(EX_USAGE);
- }
-
mount_config_init(progname);
while ((c = getopt_long(argc, argv, "rvVwfno:hs",
@@ -437,6 +432,11 @@ int main(int argc, char *argv[])
}
}
+ if ((argc < 3)) {
+ mount_usage();
+ exit(EX_USAGE);
+ }
+
/*
* Extra non-option words at the end are bogus...
*/

View File

@ -1,336 +0,0 @@
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
index d55bfe1..3d13610 100644
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -429,9 +429,9 @@ conf_parse_line(int trans, char *line, const char *filename, int lineno, char **
subconf = conf_readfile(relpath);
if (subconf == NULL) {
- xlog_warn("config error at %s:%d: "
- "error loading included config",
- filename, lineno);
+ if (!optional)
+ xlog_warn("config error at %s:%d: error loading included config",
+ filename, lineno);
if (relpath)
free(relpath);
return;
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index e3a16f6..1d17184 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -494,6 +494,33 @@ export entry for
.B /home/joe
in the example section below, which maps all requests to uid 150 (which
is supposedly that of user joe).
+
+.SS Subdirectory Exports
+
+Normally you should only export only the root of a filesystem. The NFS
+server will also allow you to export a subdirectory of a filesystem,
+however, this has drawbacks:
+
+First, it may be possible for a malicious user to access files on the
+filesystem outside of the exported subdirectory, by guessing filehandles
+for those other files. The only way to prevent this is by using the
+.IR no_subtree_check
+option, which can cause other problems.
+
+Second, export options may not be enforced in the way that you would
+expect. For example, the
+.IR security_label
+option will not work on subdirectory exports, and if nested subdirectory
+exports change the
+.IR security_label
+or
+.IR sec=
+options, NFSv4 clients will normally see only the options on the parent
+export. Also, where security options differ, a malicious client may use
+filehandle-guessing attacks to access the files from one subdirectory
+using the options from another.
+
+
.SS Extra Export Tables
After reading
.I /etc/exports
diff --git a/utils/exportfs/nfsd.man b/utils/exportfs/nfsd.man
index 9efa29f..514153f 100644
--- a/utils/exportfs/nfsd.man
+++ b/utils/exportfs/nfsd.man
@@ -13,14 +13,8 @@ nfsd \- special filesystem for controlling Linux NFS server
The
.B nfsd
filesystem is a special filesystem which provides access to the Linux
-NFS server. The filesystem consists of a single directory which
-contains a number of files. These files are actually gateways into
-the NFS server. Writing to them can affect the server. Reading from
-them can provide information about the server.
-.P
-This file system is only available in Linux 2.6 and later series
-kernels (and in the later parts of the 2.5 development series leading
-up to 2.6). This man page does not apply to 2.4 and earlier.
+NFS server. Writing to files in this filesystem can affect the server.
+Reading from them can provide information about the server.
.P
As well as this filesystem, there are a collection of files in the
.B procfs
@@ -38,13 +32,10 @@ filesystem mounted at
.B /proc/fs/nfsd
or
.BR /proc/fs/nfs .
-If it is not mounted, they will fall-back on 2.4 style functionality.
-This involves accessing the NFS server via a systemcall. This
-systemcall is scheduled to be removed after the 2.6 kernel series.
.SH DETAILS
-The three files in the
+Files in the
.B nfsd
-filesystem are:
+filesystem include:
.TP
.B exports
This file contains a list of filesystems that are currently exported
@@ -90,6 +81,16 @@ for that path as exported to the given client. The filehandle's length
will be at most the number of bytes given.
The filehandle will be represented in hex with a leading '\ex'.
+
+.TP
+.B clients/
+This directory contains a subdirectory for each NFSv4 client. Each file
+under that subdirectory gives some details about the client in YAML
+format. In addition, writing "expire\\n" to the
+.B ctl
+file will force the server to immediately revoke all state held by that
+client.
+
.PP
The directory
.B /proc/net/rpc
@@ -191,6 +192,16 @@ number represents a bit-pattern where bits that are set cause certain
classes of tracing to be enabled. Consult the kernel header files to
find out what number correspond to what tracing.
+.SH NOTES
+This file system is only available in Linux 2.6 and later series
+kernels (and in the later parts of the 2.5 development series leading
+up to 2.6). This man page does not apply to 2.4 and earlier.
+.P
+Previously the nfsctl systemcall was used for communication between nfsd
+and user utilities. That systemcall was removed in kernel version 3.1.
+Older nfs-utils versions were able to fall back to nfsctl if necessary;
+that was removed from nfs-utils 1.3.5.
+
.SH SEE ALSO
.BR nfsd (8),
.BR rpc.nfsd (8),
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index c38dedb..588da0f 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -493,8 +493,8 @@ gssd_get_clnt(struct topdir *tdi, const char *name)
clp->wd = inotify_add_watch(inotify_fd, clp->relpath, IN_CREATE | IN_DELETE);
if (clp->wd < 0) {
if (errno != ENOENT)
- printerr(0, "ERROR: inotify_add_watch failed for %s: %s\n",
- clp->relpath, strerror(errno));
+ printerr(0, "ERROR: %s: inotify_add_watch failed for %s: %s\n",
+ __FUNCTION__, clp->relpath, strerror(errno));
goto out;
}
@@ -523,8 +523,9 @@ gssd_scan_clnt(struct clnt_info *clp)
clntfd = openat(pipefs_fd, clp->relpath, O_RDONLY);
if (clntfd < 0) {
- printerr(0, "ERROR: can't openat %s: %s\n",
- clp->relpath, strerror(errno));
+ if (errno != ENOENT)
+ printerr(0, "ERROR: %s: can't openat %s: %s\n",
+ __FUNCTION__, clp->relpath, strerror(errno));
return -1;
}
@@ -588,8 +589,8 @@ gssd_get_topdir(const char *name)
tdi->wd = inotify_add_watch(inotify_fd, name, IN_CREATE);
if (tdi->wd < 0) {
- printerr(0, "ERROR: inotify_add_watch failed for top dir %s: %s\n",
- tdi->name, strerror(errno));
+ printerr(0, "ERROR: %s: inotify_add_watch failed for top dir %s: %s\n",
+ __FUNCTION__, tdi->name, strerror(errno));
free(tdi);
return NULL;
}
@@ -616,8 +617,9 @@ gssd_scan_topdir(const char *name)
dfd = openat(pipefs_fd, tdi->name, O_RDONLY);
if (dfd < 0) {
- printerr(0, "ERROR: can't openat %s: %s\n",
- tdi->name, strerror(errno));
+ if (errno != ENOENT)
+ printerr(0, "ERROR: %s: can't openat %s: %s\n",
+ __FUNCTION__, tdi->name, strerror(errno));
return;
}
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index a1c43d2..8c73748 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -484,7 +484,7 @@ gssd_get_single_krb5_cred(krb5_context context,
if (ccache)
krb5_cc_close(context, ccache);
krb5_free_cred_contents(context, &my_creds);
- free(k5err);
+ krb5_free_string(context, k5err);
return (code);
}
@@ -723,7 +723,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
"we failed to unparse principal name: %s\n",
k5err);
k5_free_kt_entry(context, kte);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -770,7 +770,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
if (retval < 0)
retval = 0;
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -799,7 +799,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
int tried_all = 0, tried_default = 0, tried_upper = 0;
krb5_principal princ;
const char *notsetstr = "not set";
- char *adhostoverride;
+ char *adhostoverride = NULL;
/* Get full target hostname */
@@ -827,7 +827,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
adhostoverride);
/* No overflow: Windows cannot handle strings longer than 19 chars */
strcpy(myhostad, adhostoverride);
- free(adhostoverride);
} else {
strcpy(myhostad, myhostname);
for (i = 0; myhostad[i] != 0; ++i) {
@@ -836,6 +835,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
myhostad[i] = '$';
myhostad[i+1] = 0;
}
+ if (adhostoverride)
+ krb5_free_string(context, adhostoverride);
if (!srchost) {
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
@@ -926,7 +927,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(1, "%s while building principal for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -936,7 +937,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
/*
* We tried the active directory machine account
@@ -985,7 +986,7 @@ out:
k5_free_default_realm(context, default_realm);
if (realmnames)
krb5_free_host_realm(context, realmnames);
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -1248,7 +1249,7 @@ gssd_destroy_krb5_machine_creds(void)
printerr(0, "WARNING: %s while resolving credential "
"cache '%s' for destruction\n", k5err,
ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -1257,13 +1258,13 @@ gssd_destroy_krb5_machine_creds(void)
k5err = gssd_k5_err_msg(context, code);
printerr(0, "WARNING: %s while destroying credential "
"cache '%s'\n", k5err, ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
}
}
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
}
/*
@@ -1346,7 +1347,7 @@ out_free_kt:
out_free_context:
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
diff --git a/utils/mount/error.c b/utils/mount/error.c
index 986f066..73295bf 100644
--- a/utils/mount/error.c
+++ b/utils/mount/error.c
@@ -210,8 +210,7 @@ void mount_error(const char *spec, const char *mount_point, int error)
nfs_error(_("%s: an incorrect mount option was specified"), progname);
break;
case EOPNOTSUPP:
- nfs_error(_("%s: requested NFS version or transport"
- " protocol is not supported"),
+ nfs_error(_("%s: requested NFS version or transport protocol is not supported"),
progname);
break;
case ENOTDIR:
diff --git a/utils/mount/mount.c b/utils/mount/mount.c
index 2be3dc2..b98f9e0 100644
--- a/utils/mount/mount.c
+++ b/utils/mount/mount.c
@@ -393,11 +393,6 @@ int main(int argc, char *argv[])
if(!strncmp(progname, "umount", strlen("umount")))
exit(nfsumount(argc, argv));
- if ((argc < 3)) {
- mount_usage();
- exit(EX_USAGE);
- }
-
mount_config_init(progname);
while ((c = getopt_long(argc, argv, "rvVwfno:hs",
@@ -437,6 +432,11 @@ int main(int argc, char *argv[])
}
}
+ if ((argc < 3)) {
+ mount_usage();
+ exit(EX_USAGE);
+ }
+
/*
* Extra non-option words at the end are bogus...
*/

View File

@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
Name: nfs-utils Name: nfs-utils
URL: http://linux-nfs.org/ URL: http://linux-nfs.org/
Version: 2.5.1 Version: 2.5.1
Release: 2.rc3%{?dist} Release: 2.rc4%{?dist}
Epoch: 1 Epoch: 1
# group all 32bit related archs # group all 32bit related archs
@ -16,8 +16,7 @@ Source4: nfsconvert.py
Source5: nfsconvert.sh Source5: nfsconvert.sh
Source6: nfs-convert.service Source6: nfs-convert.service
Patch001: nfs-utils-2.5.2-rc3.patch Patch001: nfs-utils-2.5.2-rc4.patch
Patch002: nfs-utils-2.5.1-rpcidmap-nodebug-msg.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@ -366,6 +365,9 @@ fi
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount %{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
%changelog %changelog
* Mon Aug 31 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc4
- Updated to the latest RC release: nfs-utils-2-5-2-rc4
* Fri Aug 07 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc3 * Fri Aug 07 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc3
- rpc.idmapd: Turn down the verbosity in flush_inotify() (bz 1867172) - rpc.idmapd: Turn down the verbosity in flush_inotify() (bz 1867172)
- Don't modify /etc/group on upgrades (bz 1856890) - Don't modify /etc/group on upgrades (bz 1856890)