Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/nfs-utils-2.3.3.tar.xz
|
||||
SOURCES/nfs-utils-2.5.4.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
a60aa17b057734c63bf7ce1598898e83f2132644 SOURCES/nfs-utils-2.3.3.tar.xz
|
||||
1b097d511c85f95671619f51b37abd75d56ea777 SOURCES/nfs-utils-2.5.4.tar.xz
|
||||
|
9
SOURCES/10-nfsv4.conf
Normal file
9
SOURCES/10-nfsv4.conf
Normal file
@ -0,0 +1,9 @@
|
||||
[ NFSMount_Global_Options ]
|
||||
# This statically named section defines global mount
|
||||
# options that can be applied on all NFS mount.
|
||||
#
|
||||
# Setting this option makes it mandatory the server supports the
|
||||
# given version. The mount will fail if the given version is
|
||||
# not support by the server.
|
||||
Nfsvers=4
|
||||
|
@ -1,24 +0,0 @@
|
||||
[Unit]
|
||||
Description=Preprocess NFS configuration convertion
|
||||
DefaultDependencies=no
|
||||
|
||||
Before=nfs-server.service nfs-mountd.service nfs-idmapd.service
|
||||
Before=nfs-blkmap.service rpc-statd.service rpc-gssd.service
|
||||
Before=rpc-statd-notify.service
|
||||
|
||||
After=initrd-root-fs.target
|
||||
|
||||
ConditionPathExists=/etc/sysconfig/nfs
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/libexec/nfs-utils/nfsconvert.sh
|
||||
|
||||
[Install]
|
||||
RequiredBy=nfs-server.service
|
||||
RequiredBy=nfs-mountd.service
|
||||
RequiredBy=nfs-idmapd.service
|
||||
RequiredBy=nfs-blkmap.service
|
||||
RequiredBy=rpc-statd.service
|
||||
RequiredBy=rpc-gssd.service
|
||||
RequiredBy=rpc-statd-notify.service
|
@ -1,6 +1,6 @@
|
||||
diff -up nfs-utils-2.1.1/utils/statd/sm-notify.man.orig nfs-utils-2.1.1/utils/statd/sm-notify.man
|
||||
--- nfs-utils-2.1.1/utils/statd/sm-notify.man.orig 2017-04-26 12:45:14.205742654 -0400
|
||||
+++ nfs-utils-2.1.1/utils/statd/sm-notify.man 2017-04-26 12:45:44.042630801 -0400
|
||||
diff -up nfs-utils-2.5.4/utils/statd/sm-notify.man.orig nfs-utils-2.5.4/utils/statd/sm-notify.man
|
||||
--- nfs-utils-2.5.4/utils/statd/sm-notify.man.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/utils/statd/sm-notify.man 2021-06-24 14:46:32.413626193 -0400
|
||||
@@ -184,7 +184,7 @@ where NSM state information resides.
|
||||
If this option is not specified,
|
||||
.B sm-notify
|
||||
@ -10,7 +10,7 @@ diff -up nfs-utils-2.1.1/utils/statd/sm-notify.man.orig nfs-utils-2.1.1/utils/st
|
||||
by default.
|
||||
.IP
|
||||
After starting,
|
||||
@@ -330,13 +330,13 @@ Currently, the
|
||||
@@ -338,13 +338,13 @@ Currently, the
|
||||
command supports sending notification only via datagram transport protocols.
|
||||
.SH FILES
|
||||
.TP 2.5i
|
||||
@ -27,10 +27,10 @@ diff -up nfs-utils-2.1.1/utils/statd/sm-notify.man.orig nfs-utils-2.1.1/utils/st
|
||||
NSM state number for this host
|
||||
.TP 2.5i
|
||||
.I /proc/sys/fs/nfs/nsm_local_state
|
||||
diff -up nfs-utils-2.1.1/utils/statd/statd.man.orig nfs-utils-2.1.1/utils/statd/statd.man
|
||||
--- nfs-utils-2.1.1/utils/statd/statd.man.orig 2017-01-12 10:21:39.000000000 -0500
|
||||
+++ nfs-utils-2.1.1/utils/statd/statd.man 2017-04-26 12:45:44.043630798 -0400
|
||||
@@ -253,7 +253,7 @@ where NSM state information resides.
|
||||
diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/statd.man
|
||||
--- nfs-utils-2.5.4/utils/statd/statd.man.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/utils/statd/statd.man 2021-06-24 14:46:32.414626197 -0400
|
||||
@@ -251,7 +251,7 @@ where NSM state information resides.
|
||||
If this option is not specified,
|
||||
.B rpc.statd
|
||||
uses
|
||||
@ -39,7 +39,7 @@ diff -up nfs-utils-2.1.1/utils/statd/statd.man.orig nfs-utils-2.1.1/utils/statd/
|
||||
by default.
|
||||
.IP
|
||||
After starting,
|
||||
@@ -425,13 +425,13 @@ If set to a positive integer, has the sa
|
||||
@@ -431,13 +431,13 @@ If set to a positive integer, has the sa
|
||||
.IR \-\-no\-notify .
|
||||
.SH FILES
|
||||
.TP 2.5i
|
||||
@ -55,4 +55,4 @@ diff -up nfs-utils-2.1.1/utils/statd/statd.man.orig nfs-utils-2.1.1/utils/statd/
|
||||
+.I /var/lib/nfs/statd/state
|
||||
NSM state number for this host
|
||||
.TP 2.5i
|
||||
.I /var/run/run.statd.pid
|
||||
.I /run/run.statd.pid
|
||||
|
12
SOURCES/nfs-utils-1.2.5-idmap-errmsg.patch
Normal file
12
SOURCES/nfs-utils-1.2.5-idmap-errmsg.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c.orig nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c
|
||||
--- nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c.orig 2019-11-11 14:15:50.000000000 -0500
|
||||
+++ nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c 2019-11-11 14:29:47.355661037 -0500
|
||||
@@ -434,7 +434,7 @@ int main(int argc, char **argv)
|
||||
|
||||
xlog_stderr(verbose);
|
||||
if ((argc - optind) != 2) {
|
||||
- xlog_warn("Bad arg count. Check /etc/request-key.conf");
|
||||
+ xlog_warn("Bad arg count. Check /etc/request-key.d/request-key.conf");
|
||||
xlog_warn(USAGE, progname);
|
||||
return EXIT_FAILURE;
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
|
||||
--- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2020-12-11 09:05:23.499222371 -0500
|
||||
+++ nfs-utils-2.3.3/systemd/nfs-server.service 2020-12-11 09:06:38.970186395 -0500
|
||||
diff -up nfs-utils-2.5.2/systemd/nfs-server.service.orig nfs-utils-2.5.2/systemd/nfs-server.service
|
||||
--- nfs-utils-2.5.2/systemd/nfs-server.service.orig 2020-12-16 12:31:27.677558163 -0500
|
||||
+++ nfs-utils-2.5.2/systemd/nfs-server.service 2020-12-16 12:33:56.751806659 -0500
|
||||
@@ -23,6 +23,7 @@ Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStartPre=-/usr/sbin/exportfs -r
|
||||
|
@ -1,65 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/systemd/auth-rpcgss-module.service.orig nfs-utils-2.3.3/systemd/auth-rpcgss-module.service
|
||||
--- nfs-utils-2.3.3/systemd/auth-rpcgss-module.service.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/auth-rpcgss-module.service 2018-10-17 10:42:17.682830880 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
-# We want to start gss-proxy on kernels that support it and rpc.svcgssd
|
||||
-# on those that don't. Those services check for support by checking
|
||||
+# We want to start gss-proxy on kernels that support it
|
||||
+# Those services check for support by checking
|
||||
# for existence of the path /proc/net/rpc/use-gss-proxy. Before they
|
||||
# can perform that check, they need this module loaded. (Unless
|
||||
# rpcsec_gss support is built directly into the kernel, in which case this
|
||||
@@ -7,8 +7,8 @@
|
||||
[Unit]
|
||||
Description=Kernel Module supporting RPCSEC_GSS
|
||||
DefaultDependencies=no
|
||||
-Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
|
||||
-Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
|
||||
+Before=gssproxy.service rpc-gssd.service
|
||||
+Wants=gssproxy.service rpc-gssd.service
|
||||
ConditionPathExists=/etc/krb5.keytab
|
||||
|
||||
[Service]
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs-client.target.orig nfs-utils-2.3.3/systemd/nfs-client.target
|
||||
--- nfs-utils-2.3.3/systemd/nfs-client.target.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/nfs-client.target 2018-10-17 10:42:17.682830880 -0400
|
||||
@@ -9,7 +9,7 @@ Wants=rpc-statd-notify.service
|
||||
|
||||
# GSS services dependencies and ordering
|
||||
Wants=auth-rpcgss-module.service
|
||||
-After=rpc-gssd.service rpc-svcgssd.service gssproxy.service
|
||||
+After=rpc-gssd.service gssproxy.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
|
||||
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2018-10-17 10:42:17.682830880 -0400
|
||||
@@ -226,15 +226,6 @@ See
|
||||
for details.
|
||||
|
||||
.TP
|
||||
-.B svcgssd
|
||||
-Recognized values:
|
||||
-.BR principal .
|
||||
-
|
||||
-See
|
||||
-.BR rpc.svcgssd (8)
|
||||
-for details.
|
||||
-
|
||||
-.TP
|
||||
.B exportfs
|
||||
Only
|
||||
.B debug=
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
|
||||
--- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2018-10-17 10:41:24.347121069 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/nfs-server.service 2018-10-17 10:42:17.683830874 -0400
|
||||
@@ -14,7 +14,7 @@ Before= rpc-statd-notify.service
|
||||
|
||||
# GSS services dependencies and ordering
|
||||
Wants=auth-rpcgss-module.service
|
||||
-After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
|
||||
+After=rpc-gssd.service gssproxy.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
@ -1,597 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/configure.ac.orig nfs-utils-2.3.3/configure.ac
|
||||
--- nfs-utils-2.3.3/configure.ac.orig 2019-09-18 10:57:14.190810677 -0400
|
||||
+++ nfs-utils-2.3.3/configure.ac 2019-09-18 10:57:56.715567641 -0400
|
||||
@@ -561,6 +561,7 @@ my_am_cflags="\
|
||||
-Werror=parentheses \
|
||||
-Werror=aggregate-return \
|
||||
-Werror=unused-result \
|
||||
+ -Wno-cast-function-type \
|
||||
-fno-strict-aliasing \
|
||||
"
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/junction/path.c.orig nfs-utils-2.3.3/support/junction/path.c
|
||||
--- nfs-utils-2.3.3/support/junction/path.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/junction/path.c 2019-09-18 10:57:56.715567641 -0400
|
||||
@@ -163,8 +163,10 @@ nsdb_count_components(const char *pathna
|
||||
break;
|
||||
next = strchrnul(component, '/');
|
||||
tmp = (size_t)(next - component);
|
||||
- if (tmp > 255)
|
||||
+ if (tmp > 255) {
|
||||
+ free(start);
|
||||
return false;
|
||||
+ }
|
||||
length += XDR_UINT_BYTES + (nsdb_quadlen(tmp) << 2);
|
||||
count++;
|
||||
|
||||
@@ -328,11 +330,13 @@ nsdb_posix_to_path_array(const char *pat
|
||||
length = (size_t)(next - component);
|
||||
if (length > 255) {
|
||||
nsdb_free_string_array(result);
|
||||
+ free(normalized);
|
||||
return FEDFS_ERR_SVRFAULT;
|
||||
}
|
||||
|
||||
result[i] = strndup(component, length);
|
||||
if (result[i] == NULL) {
|
||||
+ free(normalized);
|
||||
nsdb_free_string_array(result);
|
||||
return FEDFS_ERR_SVRFAULT;
|
||||
}
|
||||
diff -up nfs-utils-2.3.3/support/nfs/exports.c.orig nfs-utils-2.3.3/support/nfs/exports.c
|
||||
--- nfs-utils-2.3.3/support/nfs/exports.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/exports.c 2019-09-18 10:57:56.715567641 -0400
|
||||
@@ -714,6 +714,7 @@ parsesquash(char *list, int **idp, int *
|
||||
}
|
||||
if (id0 == -1 || id1 == -1) {
|
||||
syntaxerr("uid/gid -1 not permitted");
|
||||
+ xfree(id);
|
||||
return -1;
|
||||
}
|
||||
if ((len % 8) == 0)
|
||||
@@ -724,6 +725,7 @@ parsesquash(char *list, int **idp, int *
|
||||
break;
|
||||
if (*cp != ',') {
|
||||
syntaxerr("bad uid/gid list");
|
||||
+ xfree(id);
|
||||
return -1;
|
||||
}
|
||||
cp++;
|
||||
diff -up nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c
|
||||
--- nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c 2019-09-18 10:57:56.716567635 -0400
|
||||
@@ -406,8 +406,10 @@ int nfs4_init_name_mapping(char *conffil
|
||||
nfs4_methods = conf_get_list("Translation", "Method");
|
||||
if (nfs4_methods) {
|
||||
IDMAP_LOG(1, ("libnfsidmap: processing 'Method' list"));
|
||||
- if (load_plugins(nfs4_methods, &nfs4_plugins) == -1)
|
||||
+ if (load_plugins(nfs4_methods, &nfs4_plugins) == -1) {
|
||||
+ conf_free_list(nfs4_methods);
|
||||
return -ENOENT;
|
||||
+ }
|
||||
} else {
|
||||
struct conf_list list;
|
||||
struct conf_list_node node;
|
||||
@@ -475,11 +477,15 @@ out:
|
||||
if (ret) {
|
||||
if (nfs4_plugins)
|
||||
unload_plugins(nfs4_plugins);
|
||||
- if (gss_plugins)
|
||||
+ if (gss_plugins) {
|
||||
unload_plugins(gss_plugins);
|
||||
+ }
|
||||
nfs4_plugins = gss_plugins = NULL;
|
||||
}
|
||||
|
||||
+ if (gss_methods)
|
||||
+ conf_free_list(gss_methods);
|
||||
+
|
||||
return ret ? -ENOENT: 0;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/nfsidmap/static.c.orig nfs-utils-2.3.3/support/nfsidmap/static.c
|
||||
--- nfs-utils-2.3.3/support/nfsidmap/static.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfsidmap/static.c 2019-09-18 10:57:56.716567635 -0400
|
||||
@@ -347,6 +347,7 @@ static int static_init(void) {
|
||||
warnx("static_init: calloc (1, %lu) failed",
|
||||
(unsigned long)sizeof *unode);
|
||||
free(pw);
|
||||
+ conf_free_list(princ_list);
|
||||
return -ENOMEM;
|
||||
}
|
||||
unode->uid = pw->pw_uid;
|
||||
@@ -355,6 +356,9 @@ static int static_init(void) {
|
||||
unode->localname = conf_get_str("Static", cln->field);
|
||||
if (!unode->localname) {
|
||||
free(pw);
|
||||
+ free(unode->principal);
|
||||
+ free(unode);
|
||||
+ conf_free_list(princ_list);
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
@@ -379,6 +383,7 @@ static int static_init(void) {
|
||||
warnx("static_init: calloc (1, %lu) failed",
|
||||
(unsigned long)sizeof *gnode);
|
||||
free(gr);
|
||||
+ conf_free_list(princ_list);
|
||||
return -ENOMEM;
|
||||
}
|
||||
gnode->gid = gr->gr_gid;
|
||||
@@ -387,6 +392,9 @@ static int static_init(void) {
|
||||
gnode->localgroup = conf_get_str("Static", cln->field);
|
||||
if (!gnode->localgroup) {
|
||||
free(gr);
|
||||
+ free(gnode->principal);
|
||||
+ free(gnode);
|
||||
+ conf_free_list(princ_list);
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
@@ -394,6 +402,8 @@ static int static_init(void) {
|
||||
|
||||
LIST_INSERT_HEAD (&gid_mappings[gid_hash(gnode->gid)], gnode, link);
|
||||
}
|
||||
+
|
||||
+ conf_free_list(princ_list);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/nfs/mydaemon.c.orig nfs-utils-2.3.3/support/nfs/mydaemon.c
|
||||
--- nfs-utils-2.3.3/support/nfs/mydaemon.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/mydaemon.c 2019-09-18 10:57:56.716567635 -0400
|
||||
@@ -123,6 +123,7 @@ daemon_init(bool fg)
|
||||
dup2(tempfd, 0);
|
||||
dup2(tempfd, 1);
|
||||
dup2(tempfd, 2);
|
||||
+ close(tempfd);
|
||||
closelog();
|
||||
dup2(pipefds[1], 3);
|
||||
pipefds[1] = 3;
|
||||
diff -up nfs-utils-2.3.3/support/nfs/rpcmisc.c.orig nfs-utils-2.3.3/support/nfs/rpcmisc.c
|
||||
--- nfs-utils-2.3.3/support/nfs/rpcmisc.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/rpcmisc.c 2019-09-18 10:57:56.716567635 -0400
|
||||
@@ -102,6 +102,7 @@ makesock(int port, int proto)
|
||||
if (bind(sock, (struct sockaddr *) &sin, sizeof(sin)) == -1) {
|
||||
xlog(L_FATAL, "Could not bind name to socket: %s",
|
||||
strerror(errno));
|
||||
+ close(sock);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/nfs/svc_socket.c.orig nfs-utils-2.3.3/support/nfs/svc_socket.c
|
||||
--- nfs-utils-2.3.3/support/nfs/svc_socket.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/svc_socket.c 2019-09-18 10:57:56.717567629 -0400
|
||||
@@ -134,6 +134,7 @@ svc_socket (u_long number, int type, int
|
||||
if (ret < 0)
|
||||
{
|
||||
xlog(L_ERROR, "svc_socket: socket reuse problem: %m");
|
||||
+ (void) __close(sock);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
diff -up nfs-utils-2.3.3/support/nfs/xcommon.c.orig nfs-utils-2.3.3/support/nfs/xcommon.c
|
||||
--- nfs-utils-2.3.3/support/nfs/xcommon.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/xcommon.c 2019-09-18 10:57:56.717567629 -0400
|
||||
@@ -53,14 +53,17 @@ char *
|
||||
xstrconcat3 (const char *s, const char *t, const char *u) {
|
||||
char *res;
|
||||
|
||||
- if (!s) s = "";
|
||||
+ int dofree = 1;
|
||||
+
|
||||
+ if (!s) s = "", dofree=0;
|
||||
if (!t) t = "";
|
||||
if (!u) u = "";
|
||||
res = xmalloc(strlen(s) + strlen(t) + strlen(u) + 1);
|
||||
strcpy(res, s);
|
||||
strcat(res, t);
|
||||
strcat(res, u);
|
||||
- free((void *) s);
|
||||
+ if (dofree)
|
||||
+ free((void *) s);
|
||||
return res;
|
||||
}
|
||||
|
||||
@@ -69,7 +72,9 @@ char *
|
||||
xstrconcat4 (const char *s, const char *t, const char *u, const char *v) {
|
||||
char *res;
|
||||
|
||||
- if (!s) s = "";
|
||||
+ int dofree = 1;
|
||||
+
|
||||
+ if (!s) s = "", dofree=0;
|
||||
if (!t) t = "";
|
||||
if (!u) u = "";
|
||||
if (!v) v = "";
|
||||
@@ -78,7 +83,8 @@ xstrconcat4 (const char *s, const char *
|
||||
strcat(res, t);
|
||||
strcat(res, u);
|
||||
strcat(res, v);
|
||||
- free((void *) s);
|
||||
+ if (dofree)
|
||||
+ free((void *) s);
|
||||
return res;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/nfs/xlog.c.orig nfs-utils-2.3.3/support/nfs/xlog.c
|
||||
--- nfs-utils-2.3.3/support/nfs/xlog.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/xlog.c 2019-09-18 10:57:56.717567629 -0400
|
||||
@@ -135,10 +135,14 @@ xlog_from_conffile(char *service)
|
||||
struct conf_list_node *n;
|
||||
|
||||
kinds = conf_get_list(service, "debug");
|
||||
- if (!kinds || !kinds->cnt)
|
||||
+ if (!kinds || !kinds->cnt) {
|
||||
+ free(kinds);
|
||||
return;
|
||||
+ }
|
||||
TAILQ_FOREACH(n, &(kinds->fields), link)
|
||||
xlog_sconfig(n->field, 1);
|
||||
+
|
||||
+ conf_free_list(kinds);
|
||||
}
|
||||
|
||||
int
|
||||
diff -up nfs-utils-2.3.3/support/nsm/file.c.orig nfs-utils-2.3.3/support/nsm/file.c
|
||||
--- nfs-utils-2.3.3/support/nsm/file.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nsm/file.c 2019-09-18 10:57:56.717567629 -0400
|
||||
@@ -533,6 +533,7 @@ nsm_update_kernel_state(const int state)
|
||||
len = snprintf(buf, sizeof(buf), "%d", state);
|
||||
if (error_check(len, sizeof(buf))) {
|
||||
xlog_warn("Failed to form NSM state number string");
|
||||
+ close(fd);
|
||||
return;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c.orig nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c
|
||||
--- nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c 2019-09-18 10:57:56.717567629 -0400
|
||||
@@ -69,12 +69,16 @@ int generate_target(char *pipefs_path, c
|
||||
return 1;
|
||||
|
||||
ret = generate_mount_unit(pipefs_path, pipefs_unit, dirname);
|
||||
- if (ret)
|
||||
+ if (ret) {
|
||||
+ free(pipefs_unit);
|
||||
return ret;
|
||||
+ }
|
||||
|
||||
path = malloc(strlen(dirname) + 1 + sizeof(filebase));
|
||||
- if (!path)
|
||||
+ if (!path) {
|
||||
+ free(pipefs_unit);
|
||||
return 2;
|
||||
+ }
|
||||
sprintf(path, "%s", dirname);
|
||||
mkdir(path, 0755);
|
||||
strcat(path, filebase);
|
||||
@@ -82,6 +86,7 @@ int generate_target(char *pipefs_path, c
|
||||
if (!f)
|
||||
{
|
||||
free(path);
|
||||
+ free(pipefs_unit);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -90,6 +95,7 @@ int generate_target(char *pipefs_path, c
|
||||
fprintf(f, "After=%s\n", pipefs_unit);
|
||||
fclose(f);
|
||||
free(path);
|
||||
+ free(pipefs_unit);
|
||||
|
||||
return 0;
|
||||
}
|
||||
diff -up nfs-utils-2.3.3/utils/blkmapd/device-discovery.c.orig nfs-utils-2.3.3/utils/blkmapd/device-discovery.c
|
||||
--- nfs-utils-2.3.3/utils/blkmapd/device-discovery.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/blkmapd/device-discovery.c 2019-09-18 10:58:54.444237714 -0400
|
||||
@@ -186,8 +186,11 @@ static void bl_add_disk(char *filepath)
|
||||
}
|
||||
}
|
||||
|
||||
- if (disk && diskpath)
|
||||
+ if (disk && diskpath) {
|
||||
+ if (serial)
|
||||
+ free(serial);
|
||||
return;
|
||||
+ }
|
||||
|
||||
/* add path */
|
||||
path = malloc(sizeof(struct bl_disk_path));
|
||||
@@ -223,6 +226,8 @@ static void bl_add_disk(char *filepath)
|
||||
disk->size = size;
|
||||
disk->valid_path = path;
|
||||
}
|
||||
+ if (serial)
|
||||
+ free(serial);
|
||||
}
|
||||
return;
|
||||
|
||||
@@ -232,6 +237,9 @@ static void bl_add_disk(char *filepath)
|
||||
free(path->full_path);
|
||||
free(path);
|
||||
}
|
||||
+ if (serial)
|
||||
+ free(serial);
|
||||
+
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -375,7 +383,12 @@ static void bl_rpcpipe_cb(void)
|
||||
if (event->mask & IN_CREATE) {
|
||||
BL_LOG_WARNING("nfs pipe dir created\n");
|
||||
bl_watch_dir(nfspipe_dir, &nfs_pipedir_wfd);
|
||||
+ if (bl_pipe_fd >= 0)
|
||||
+ close(bl_pipe_fd);
|
||||
bl_pipe_fd = open(bl_pipe_file, O_RDWR);
|
||||
+ if (bl_pipe_fd < 0)
|
||||
+ BL_LOG_ERR("open %s failed: %s\n",
|
||||
+ event->name, strerror(errno));
|
||||
} else if (event->mask & IN_DELETE) {
|
||||
BL_LOG_WARNING("nfs pipe dir deleted\n");
|
||||
inotify_rm_watch(bl_watch_fd, nfs_pipedir_wfd);
|
||||
@@ -388,6 +401,8 @@ static void bl_rpcpipe_cb(void)
|
||||
continue;
|
||||
if (event->mask & IN_CREATE) {
|
||||
BL_LOG_WARNING("blocklayout pipe file created\n");
|
||||
+ if (bl_pipe_fd >= 0)
|
||||
+ close(bl_pipe_fd);
|
||||
bl_pipe_fd = open(bl_pipe_file, O_RDWR);
|
||||
if (bl_pipe_fd < 0)
|
||||
BL_LOG_ERR("open %s failed: %s\n",
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2019-09-18 10:57:56.718567624 -0400
|
||||
@@ -698,6 +698,8 @@ gssd_search_krb5_keytab(krb5_context con
|
||||
"we failed to unparse principal name: %s\n",
|
||||
k5err);
|
||||
k5_free_kt_entry(context, kte);
|
||||
+ free(k5err);
|
||||
+ k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
printerr(4, "Processing keytab entry for principal '%s'\n",
|
||||
@@ -899,6 +901,8 @@ find_keytab_entry(krb5_context context,
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(1, "%s while building principal for '%s'\n",
|
||||
k5err, spn);
|
||||
+ free(k5err);
|
||||
+ k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
code = krb5_kt_get_entry(context, kt, princ, 0, 0, kte);
|
||||
@@ -1168,7 +1172,8 @@ gssd_get_krb5_machine_cred_list(char ***
|
||||
*list = l;
|
||||
retval = 0;
|
||||
goto out;
|
||||
- }
|
||||
+ } else
|
||||
+ free((void *)l);
|
||||
out:
|
||||
return retval;
|
||||
}
|
||||
@@ -1216,6 +1221,8 @@ gssd_destroy_krb5_machine_creds(void)
|
||||
printerr(0, "WARNING: %s while resolving credential "
|
||||
"cache '%s' for destruction\n", k5err,
|
||||
ple->ccname);
|
||||
+ free(k5err);
|
||||
+ k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/mount/configfile.c.orig nfs-utils-2.3.3/utils/mount/configfile.c
|
||||
--- nfs-utils-2.3.3/utils/mount/configfile.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/configfile.c 2019-09-18 10:57:56.718567624 -0400
|
||||
@@ -404,7 +404,7 @@ char *conf_get_mntopts(char *spec, char
|
||||
|
||||
/* list_size + optlen + ',' + '\0' */
|
||||
config_opts = calloc(1, (list_size+optlen+2));
|
||||
- if (server == NULL) {
|
||||
+ if (config_opts == NULL) {
|
||||
xlog_warn("conf_get_mountops: Unable calloc memory for config_opts");
|
||||
free_all();
|
||||
return mount_opts;
|
||||
diff -up nfs-utils-2.3.3/utils/mountd/cache.c.orig nfs-utils-2.3.3/utils/mountd/cache.c
|
||||
--- nfs-utils-2.3.3/utils/mountd/cache.c.orig 2019-09-18 10:57:14.190810677 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mountd/cache.c 2019-09-18 10:57:56.718567624 -0400
|
||||
@@ -1240,7 +1240,7 @@ static struct exportent *lookup_junction
|
||||
goto out;
|
||||
}
|
||||
status = nfs_get_basic_junction(pathname, &locations);
|
||||
- switch (status) {
|
||||
+ if (status) {
|
||||
xlog(L_WARNING, "Dangling junction %s: %s",
|
||||
pathname, strerror(status));
|
||||
goto out;
|
||||
@@ -1248,10 +1248,11 @@ static struct exportent *lookup_junction
|
||||
|
||||
parent = lookup_parent_export(dom, pathname, ai);
|
||||
if (parent == NULL)
|
||||
- goto out;
|
||||
+ goto free_locations;
|
||||
|
||||
exp = locations_to_export(locations, pathname, parent);
|
||||
|
||||
+free_locations:
|
||||
nfs_free_locations(locations->ns_list);
|
||||
free(locations);
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/mountd/fsloc.c.orig nfs-utils-2.3.3/utils/mountd/fsloc.c
|
||||
--- nfs-utils-2.3.3/utils/mountd/fsloc.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mountd/fsloc.c 2019-09-18 10:57:56.719567618 -0400
|
||||
@@ -102,6 +102,7 @@ static struct servers *parse_list(char *
|
||||
cp = strchr(list[i], '@');
|
||||
if ((!cp) || list[i][0] != '/') {
|
||||
xlog(L_WARNING, "invalid entry '%s'", list[i]);
|
||||
+ free(mp);
|
||||
continue; /* XXX Need better error handling */
|
||||
}
|
||||
res->h_mp[i] = mp;
|
||||
diff -up nfs-utils-2.3.3/utils/mount/nfsmount.c.orig nfs-utils-2.3.3/utils/mount/nfsmount.c
|
||||
--- nfs-utils-2.3.3/utils/mount/nfsmount.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/nfsmount.c 2019-09-18 10:57:56.730567555 -0400
|
||||
@@ -452,6 +452,7 @@ parse_options(char *old_opts, struct nfs
|
||||
nfs_error(_("%s: Bad nfs mount parameter: %s\n"), progname, opt);
|
||||
out_bad:
|
||||
free(tmp_opts);
|
||||
+ free(mounthost);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
|
||||
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2019-09-18 10:57:14.183810717 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2019-09-18 10:57:56.730567555 -0400
|
||||
@@ -982,8 +982,11 @@ static int nfs_try_mount(struct nfsmount
|
||||
}
|
||||
|
||||
if (!nfs_append_addr_option(address->ai_addr,
|
||||
- address->ai_addrlen, mi->options))
|
||||
+ address->ai_addrlen, mi->options)) {
|
||||
+ freeaddrinfo(address);
|
||||
+ errno = ENOMEM;
|
||||
return 0;
|
||||
+ }
|
||||
mi->address = address;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c.orig nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c
|
||||
--- nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c 2019-09-18 10:57:56.731567549 -0400
|
||||
@@ -215,6 +215,8 @@ sqlite_maindb_init_v2(void)
|
||||
&err);
|
||||
if (ret != SQLITE_OK) {
|
||||
xlog(L_ERROR, "Unable to begin transaction: %s", err);
|
||||
+ if (err)
|
||||
+ sqlite3_free(err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c
|
||||
--- nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig 2019-11-11 08:49:06.044870974 -0500
|
||||
+++ nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c 2019-11-11 09:19:10.391896845 -0500
|
||||
@@ -486,6 +486,9 @@ out:
|
||||
if (gss_methods)
|
||||
conf_free_list(gss_methods);
|
||||
|
||||
+ if (nfs4_methods)
|
||||
+ conf_free_list(nfs4_methods);
|
||||
+
|
||||
return ret ? -ENOENT: 0;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2019-11-11 08:49:06.045870979 -0500
|
||||
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2019-11-11 09:19:10.393896856 -0500
|
||||
@@ -911,6 +911,8 @@ find_keytab_entry(krb5_context context,
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(3, "%s while getting keytab entry for '%s'\n",
|
||||
k5err, spn);
|
||||
+ free(k5err);
|
||||
+ k5err = NULL;
|
||||
/*
|
||||
* We tried the active directory machine account
|
||||
* with the hostname part as-is and failed...
|
||||
@@ -1013,6 +1015,8 @@ query_krb5_ccache(const char* cred_cache
|
||||
char *str = NULL;
|
||||
char *princstring;
|
||||
|
||||
+ *ret_princname = *ret_realm = NULL;
|
||||
+
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret)
|
||||
return 0;
|
||||
@@ -1047,7 +1051,7 @@ err_princ:
|
||||
krb5_cc_close(context, ccache);
|
||||
err_cache:
|
||||
krb5_free_context(context);
|
||||
- return found;
|
||||
+ return (*ret_princname && *ret_realm);
|
||||
}
|
||||
|
||||
/*==========================*/
|
||||
@@ -1230,6 +1234,8 @@ gssd_destroy_krb5_machine_creds(void)
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(0, "WARNING: %s while destroying credential "
|
||||
"cache '%s'\n", k5err, ple->ccname);
|
||||
+ free(k5err);
|
||||
+ k5err = NULL;
|
||||
}
|
||||
}
|
||||
krb5_free_context(context);
|
||||
diff -up nfs-utils-2.3.3/utils/idmapd/idmapd.c.orig nfs-utils-2.3.3/utils/idmapd/idmapd.c
|
||||
--- nfs-utils-2.3.3/utils/idmapd/idmapd.c.orig 2019-11-11 08:49:06.029870889 -0500
|
||||
+++ nfs-utils-2.3.3/utils/idmapd/idmapd.c 2019-11-11 09:19:10.393896856 -0500
|
||||
@@ -517,14 +517,16 @@ static void
|
||||
clntscancb(int UNUSED(fd), short UNUSED(which), void *data)
|
||||
{
|
||||
struct idmap_clientq *icq = data;
|
||||
- struct idmap_client *ic;
|
||||
+ struct idmap_client *ic, *ic_next;
|
||||
|
||||
- TAILQ_FOREACH(ic, icq, ic_next)
|
||||
+ for (ic = TAILQ_FIRST(icq); ic != NULL; ic = ic_next) {
|
||||
+ ic_next = TAILQ_NEXT(ic, ic_next);
|
||||
if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
|
||||
close(ic->ic_dirfd);
|
||||
TAILQ_REMOVE(icq, ic, ic_next);
|
||||
free(ic);
|
||||
}
|
||||
+ }
|
||||
}
|
||||
|
||||
static void
|
||||
diff -up nfs-utils-2.3.3/utils/statd/monitor.c.orig nfs-utils-2.3.3/utils/statd/monitor.c
|
||||
--- nfs-utils-2.3.3/utils/statd/monitor.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/statd/monitor.c 2019-11-11 09:19:10.393896856 -0500
|
||||
@@ -66,7 +66,7 @@ sm_mon_1_svc(struct mon *argp, struct sv
|
||||
*my_name = argp->mon_id.my_id.my_name;
|
||||
struct my_id *id = &argp->mon_id.my_id;
|
||||
char *cp;
|
||||
- notify_list *clnt;
|
||||
+ notify_list *clnt = NULL;
|
||||
struct sockaddr_in my_addr = {
|
||||
.sin_family = AF_INET,
|
||||
.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
|
||||
@@ -223,6 +224,7 @@ sm_mon_1_svc(struct mon *argp, struct sv
|
||||
|
||||
failure:
|
||||
xlog_warn("STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
|
||||
+ free(clnt);
|
||||
return (&result);
|
||||
}
|
||||
|
||||
@@ -242,6 +244,7 @@ load_one_host(const char *hostname,
|
||||
clnt->dns_name = strdup(hostname);
|
||||
if (clnt->dns_name == NULL) {
|
||||
nlist_free(NULL, clnt);
|
||||
+ free(clnt);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/statd/notlist.c.orig nfs-utils-2.3.3/utils/statd/notlist.c
|
||||
--- nfs-utils-2.3.3/utils/statd/notlist.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/statd/notlist.c 2019-11-11 09:19:10.394896861 -0500
|
||||
@@ -210,7 +210,6 @@ nlist_free(notify_list **head, notify_li
|
||||
if (NL_MON_NAME(entry))
|
||||
free(NL_MON_NAME(entry));
|
||||
free(entry->dns_name);
|
||||
- free(entry);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -219,8 +218,14 @@ nlist_free(notify_list **head, notify_li
|
||||
void
|
||||
nlist_kill(notify_list **head)
|
||||
{
|
||||
- while (*head)
|
||||
+ notify_list *next;
|
||||
+
|
||||
+ while (*head) {
|
||||
+ next = (*head)->next;
|
||||
nlist_free(head, *head);
|
||||
+ free(*head);
|
||||
+ *head = next;
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
@ -1,25 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/support/export/client.c.orig nfs-utils-2.3.3/support/export/client.c
|
||||
--- nfs-utils-2.3.3/support/export/client.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/export/client.c 2023-01-12 08:59:44.171609492 -0500
|
||||
@@ -689,6 +689,9 @@ check_netgroup(const nfs_client *clp, co
|
||||
|
||||
/* check whether the IP itself is in the netgroup */
|
||||
ip = calloc(INET6_ADDRSTRLEN, 1);
|
||||
+ if (ip == NULL)
|
||||
+ goto out;
|
||||
+
|
||||
if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
|
||||
if (innetgr(netgroup, ip, NULL, NULL)) {
|
||||
free(hname);
|
||||
diff -up nfs-utils-2.3.3/tools/nfsrahead/main.c.orig nfs-utils-2.3.3/tools/nfsrahead/main.c
|
||||
--- nfs-utils-2.3.3/tools/nfsrahead/main.c.orig 2023-01-12 08:58:28.297466979 -0500
|
||||
+++ nfs-utils-2.3.3/tools/nfsrahead/main.c 2023-01-12 09:00:37.988419866 -0500
|
||||
@@ -167,7 +167,7 @@ int main(int argc, char **argv)
|
||||
if ((ret = get_device_info(argv[optind], &device)) == 0)
|
||||
break;
|
||||
|
||||
- if (ret != 0) {
|
||||
+ if (ret != 0 || device.fstype == NULL) {
|
||||
xlog(D_GENERAL, "unable to find device %s\n", argv[optind]);
|
||||
goto out;
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
From c9305f75070abe76155d6db29889bf5dead218c2 Mon Sep 17 00:00:00 2001
|
||||
From: Steve Dickson <steved@redhat.com>
|
||||
Date: Fri, 7 Feb 2020 10:18:21 -0500
|
||||
Subject: [PATCH] query_krb5_ccache: Removed dead code that was flagged by a
|
||||
covscan
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/krb5_util.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index bff759f..a1c43d2 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -1066,8 +1066,6 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
|
||||
*ret_realm = strdup(str+1);
|
||||
}
|
||||
k5_free_unparsed_name(context, princstring);
|
||||
- } else {
|
||||
- found = 0;
|
||||
}
|
||||
}
|
||||
krb5_free_principal(context, principal);
|
||||
--
|
||||
2.24.1
|
||||
|
@ -1,50 +0,0 @@
|
||||
commit 7d5dcd2358df55353eed94a0e84b77bb3597634e
|
||||
Author: J. Bruce Fields <bfields@redhat.com>
|
||||
Date: Fri Mar 27 13:11:28 2020 -0400
|
||||
|
||||
exports man page: warn about subdirectory exports
|
||||
|
||||
Subdirectory exports have a number of problems which have been poorly
|
||||
documented.
|
||||
|
||||
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
|
||||
index e3a16f6b..1d171849 100644
|
||||
--- a/utils/exportfs/exports.man
|
||||
+++ b/utils/exportfs/exports.man
|
||||
@@ -494,6 +494,33 @@ export entry for
|
||||
.B /home/joe
|
||||
in the example section below, which maps all requests to uid 150 (which
|
||||
is supposedly that of user joe).
|
||||
+
|
||||
+.SS Subdirectory Exports
|
||||
+
|
||||
+Normally you should only export only the root of a filesystem. The NFS
|
||||
+server will also allow you to export a subdirectory of a filesystem,
|
||||
+however, this has drawbacks:
|
||||
+
|
||||
+First, it may be possible for a malicious user to access files on the
|
||||
+filesystem outside of the exported subdirectory, by guessing filehandles
|
||||
+for those other files. The only way to prevent this is by using the
|
||||
+.IR no_subtree_check
|
||||
+option, which can cause other problems.
|
||||
+
|
||||
+Second, export options may not be enforced in the way that you would
|
||||
+expect. For example, the
|
||||
+.IR security_label
|
||||
+option will not work on subdirectory exports, and if nested subdirectory
|
||||
+exports change the
|
||||
+.IR security_label
|
||||
+or
|
||||
+.IR sec=
|
||||
+options, NFSv4 clients will normally see only the options on the parent
|
||||
+export. Also, where security options differ, a malicious client may use
|
||||
+filehandle-guessing attacks to access the files from one subdirectory
|
||||
+using the options from another.
|
||||
+
|
||||
+
|
||||
.SS Extra Export Tables
|
||||
After reading
|
||||
.I /etc/exports
|
@ -1,43 +0,0 @@
|
||||
commit ac266e2edc4f40eef810d52c72657b645e4010db
|
||||
Author: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Tue Apr 6 15:57:37 2021 -0400
|
||||
|
||||
exportfs: fix unexporting of '/'
|
||||
|
||||
The code that has been added to strip trailing slashes from path in
|
||||
unexportfs_parsed() forgot to account for the case of the root
|
||||
directory, which is simply '/'. In that case it accesses path[-1] and
|
||||
reduces the path to an empty string, which then fails to match any
|
||||
export.
|
||||
|
||||
Fix it by stopping the stripping when the path is just a single
|
||||
character - it doesn't matter if it's a '/' or not, we want to keep it
|
||||
either way in that case.
|
||||
|
||||
Reproducer:
|
||||
|
||||
exportfs localhost:/
|
||||
exportfs -u localhost:/
|
||||
|
||||
Without this patch, the unexport step fails with "exportfs: Could not
|
||||
find 'localhost:/' to unexport."
|
||||
|
||||
Fixes: a9a7728d8743 ("exportfs: Deal with path's trailing "/" in unexportfs_parsed()")
|
||||
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1941171
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
|
||||
index 262dd19a..25d757d8 100644
|
||||
--- a/utils/exportfs/exportfs.c
|
||||
+++ b/utils/exportfs/exportfs.c
|
||||
@@ -383,7 +383,7 @@ unexportfs_parsed(char *hname, char *path, int verbose)
|
||||
* so need to deal with it.
|
||||
*/
|
||||
size_t nlen = strlen(path);
|
||||
- while (path[nlen - 1] == '/')
|
||||
+ while ((nlen > 1) && (path[nlen - 1] == '/'))
|
||||
nlen--;
|
||||
|
||||
for (exp = exportlist[htype].p_head; exp; exp = exp->m_next) {
|
@ -1,30 +0,0 @@
|
||||
commit ba90d61be3abca5a699765ce08759ca6b986781d
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Thu Dec 10 14:05:23 2020 -0500
|
||||
|
||||
exports.man: Remove some outdated verbiage
|
||||
|
||||
Years ago, commit 6a7d90cea765 removed the warning
|
||||
this verbiage was talking about, but was never
|
||||
removed from the man page.
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
|
||||
index 1d171849..54b3f877 100644
|
||||
--- a/utils/exportfs/exports.man
|
||||
+++ b/utils/exportfs/exports.man
|
||||
@@ -169,13 +169,6 @@ default. In all releases after 1.0.0,
|
||||
is the default, and
|
||||
.I async
|
||||
must be explicitly requested if needed.
|
||||
-To help make system administrators aware of this change,
|
||||
-.B exportfs
|
||||
-will issue a warning if neither
|
||||
-.I sync
|
||||
-nor
|
||||
-.I async
|
||||
-is specified.
|
||||
.TP
|
||||
.IR no_wdelay
|
||||
This option has no effect if
|
@ -1,290 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/err_util.c.orig nfs-utils-2.3.3/utils/gssd/err_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/err_util.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/err_util.c 2021-07-19 12:29:21.366829573 -0400
|
||||
@@ -70,3 +70,17 @@ int get_verbosity(void)
|
||||
{
|
||||
return verbosity;
|
||||
}
|
||||
+
|
||||
+char *
|
||||
+sec2time(int value)
|
||||
+{
|
||||
+ static char buf[BUFSIZ];
|
||||
+ int hr, min, sec;
|
||||
+
|
||||
+ hr = (value / 3600);
|
||||
+ min = (value - (3600*hr))/60;
|
||||
+ sec = (value - (3600*hr) - (min*60));
|
||||
+ sprintf(buf, "%dh:%dm:%ds", hr, min, sec);
|
||||
+ return(buf);
|
||||
+}
|
||||
+
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/err_util.h.orig nfs-utils-2.3.3/utils/gssd/err_util.h
|
||||
--- nfs-utils-2.3.3/utils/gssd/err_util.h.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/err_util.h 2021-07-19 12:29:21.367829599 -0400
|
||||
@@ -34,5 +34,6 @@
|
||||
void initerr(char *progname, int verbosity, int fg);
|
||||
void printerr(int priority, char *format, ...);
|
||||
int get_verbosity(void);
|
||||
+char * sec2time(int);
|
||||
|
||||
#endif /* _ERR_UTIL_H_ */
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 12:24:13.963644016 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 12:29:21.368829626 -0400
|
||||
@@ -396,7 +396,7 @@ gssd_free_client(struct clnt_info *clp)
|
||||
if (refcnt > 0)
|
||||
return;
|
||||
|
||||
- printerr(3, "freeing client %s\n", clp->relpath);
|
||||
+ printerr(4, "freeing client %s\n", clp->relpath);
|
||||
|
||||
if (clp->krb5_fd >= 0)
|
||||
close(clp->krb5_fd);
|
||||
@@ -417,7 +417,7 @@ gssd_free_client(struct clnt_info *clp)
|
||||
static void
|
||||
gssd_destroy_client(struct clnt_info *clp)
|
||||
{
|
||||
- printerr(3, "destroying client %s\n", clp->relpath);
|
||||
+ printerr(4, "destroying client %s\n", clp->relpath);
|
||||
|
||||
if (clp->krb5_ev) {
|
||||
event_del(clp->krb5_ev);
|
||||
@@ -494,7 +494,7 @@ scan_active_thread_list(void)
|
||||
* upcall_thread_info from the list and free it.
|
||||
*/
|
||||
if (tret == PTHREAD_CANCELED)
|
||||
- printerr(3, "watchdog: thread id 0x%lx cancelled successfully\n",
|
||||
+ printerr(2, "watchdog: thread id 0x%lx cancelled successfully\n",
|
||||
info->tid);
|
||||
saveprev = info->list.tqe_prev;
|
||||
TAILQ_REMOVE(&active_thread_list, info, list);
|
||||
@@ -783,7 +783,7 @@ gssd_scan(void)
|
||||
{
|
||||
struct dirent *d;
|
||||
|
||||
- printerr(3, "doing a full rescan\n");
|
||||
+ printerr(4, "doing a full rescan\n");
|
||||
rewinddir(pipefs_dir);
|
||||
|
||||
while ((d = readdir(pipefs_dir))) {
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 12:24:13.964644043 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 12:29:21.368829626 -0400
|
||||
@@ -166,8 +166,9 @@ do_downcall(int k5_fd, uid_t uid, struct
|
||||
unsigned int buf_size = 0;
|
||||
pthread_t tid = pthread_self();
|
||||
|
||||
- printerr(2, "do_downcall(0x%x): lifetime_rec=%u acceptor=%.*s\n",
|
||||
- tid, lifetime_rec, acceptor->length, acceptor->value);
|
||||
+ if (get_verbosity() > 1)
|
||||
+ printerr(2, "do_downcall(0x%lx): lifetime_rec=%s acceptor=%.*s\n",
|
||||
+ tid, sec2time(lifetime_rec), acceptor->length, acceptor->value);
|
||||
buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) +
|
||||
sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length +
|
||||
sizeof(context_token->length) + context_token->length +
|
||||
@@ -193,7 +194,7 @@ do_downcall(int k5_fd, uid_t uid, struct
|
||||
return;
|
||||
out_err:
|
||||
free(buf);
|
||||
- printerr(1, "do_downcall(0x%x): Failed to write downcall!\n", tid);
|
||||
+ printerr(1, "do_downcall(0x%lx): Failed to write downcall!\n", tid);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -204,8 +205,9 @@ do_error_downcall(int k5_fd, uid_t uid,
|
||||
char *p = buf, *end = buf + 1024;
|
||||
unsigned int timeout = 0;
|
||||
int zero = 0;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
- printerr(2, "doing error downcall\n");
|
||||
+ printerr(2, "do_error_downcall(0x%lx): uid %d err %d\n", tid, uid, err);
|
||||
|
||||
if (WRITE_BYTES(&p, end, uid)) goto out_err;
|
||||
if (WRITE_BYTES(&p, end, timeout)) goto out_err;
|
||||
@@ -328,6 +330,7 @@ create_auth_rpc_client(struct clnt_info
|
||||
struct timeval timeout;
|
||||
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
|
||||
socklen_t salen;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
sec.qop = GSS_C_QOP_DEFAULT;
|
||||
sec.svc = RPCSEC_GSS_SVC_NONE;
|
||||
@@ -361,8 +364,8 @@ create_auth_rpc_client(struct clnt_info
|
||||
|
||||
/* create an rpc connection to the nfs server */
|
||||
|
||||
- printerr(2, "creating %s client for server %s\n", clp->protocol,
|
||||
- clp->servername);
|
||||
+ printerr(3, "create_auth_rpc_client(0x%lx): creating %s client for server %s\n",
|
||||
+ tid, clp->protocol, clp->servername);
|
||||
|
||||
protocol = IPPROTO_TCP;
|
||||
if ((strcmp(clp->protocol, "udp")) == 0)
|
||||
@@ -405,7 +408,8 @@ create_auth_rpc_client(struct clnt_info
|
||||
if (!tgtname)
|
||||
tgtname = clp->servicename;
|
||||
|
||||
- printerr(2, "creating context with server %s\n", tgtname);
|
||||
+ printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
|
||||
+ tid, tgtname);
|
||||
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
|
||||
if (!auth) {
|
||||
/* Our caller should print appropriate message */
|
||||
@@ -507,9 +511,10 @@ krb5_not_machine_creds(struct clnt_info
|
||||
gss_cred_id_t gss_cred;
|
||||
char **dname;
|
||||
int err, resp = -1;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
- printerr(2, "krb5_not_machine_creds: uid %d tgtname %s\n",
|
||||
- uid, tgtname);
|
||||
+ printerr(2, "krb5_not_machine_creds(0x%lx): uid %d tgtname %s\n",
|
||||
+ tid, uid, tgtname);
|
||||
|
||||
*chg_err = change_identity(uid);
|
||||
if (*chg_err) {
|
||||
@@ -555,9 +560,10 @@ krb5_use_machine_creds(struct clnt_info
|
||||
char **ccname;
|
||||
int nocache = 0;
|
||||
int success = 0;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
- printerr(2, "krb5_use_machine_creds: uid %d tgtname %s\n",
|
||||
- uid, tgtname);
|
||||
+ printerr(2, "krb5_use_machine_creds(0x%lx): uid %d tgtname %s\n",
|
||||
+ tid, uid, tgtname);
|
||||
|
||||
do {
|
||||
gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
@@ -874,6 +880,7 @@ start_upcall_thread(void (*func)(struct
|
||||
pthread_t th;
|
||||
struct upcall_thread_info *tinfo;
|
||||
int ret;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
tinfo = alloc_upcall_thread_info();
|
||||
if (!tinfo)
|
||||
@@ -896,6 +903,9 @@ start_upcall_thread(void (*func)(struct
|
||||
free(tinfo);
|
||||
return ret;
|
||||
}
|
||||
+ printerr(2, "start_upcall_thread(0x%lx): created thread id 0x%lx\n",
|
||||
+ tid, th);
|
||||
+
|
||||
tinfo->tid = th;
|
||||
pthread_mutex_lock(&active_thread_list_lock);
|
||||
clock_gettime(CLOCK_MONOTONIC, &tinfo->timeout);
|
||||
@@ -958,7 +968,7 @@ handle_gssd_upcall(struct clnt_info *clp
|
||||
}
|
||||
lbuf[lbuflen-1] = 0;
|
||||
|
||||
- printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
|
||||
+ printerr(2, "\n%s(0x%lx): '%s' (%s)\n", __func__, tid,
|
||||
lbuf, clp->relpath);
|
||||
|
||||
for (p = strtok(lbuf, " "); p; p = strtok(NULL, " ")) {
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-07-19 12:24:13.951643697 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-07-19 12:36:27.746223992 -0400
|
||||
@@ -375,6 +375,7 @@ gssd_get_single_krb5_cred(krb5_context c
|
||||
char *cache_type;
|
||||
char *pname = NULL;
|
||||
char *k5err = NULL;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
memset(&my_creds, 0, sizeof(my_creds));
|
||||
|
||||
@@ -385,8 +386,8 @@ gssd_get_single_krb5_cred(krb5_context c
|
||||
now += 300;
|
||||
pthread_mutex_lock(&ple_lock);
|
||||
if (ple->ccname && ple->endtime > now && !nocache) {
|
||||
- printerr(3, "INFO: Credentials in CC '%s' are good until %d\n",
|
||||
- ple->ccname, ple->endtime);
|
||||
+ printerr(3, "%s(0x%lx): Credentials in CC '%s' are good until %s",
|
||||
+ __func__, tid, ple->ccname, ctime((time_t *)&ple->endtime));
|
||||
code = 0;
|
||||
pthread_mutex_unlock(&ple_lock);
|
||||
goto out;
|
||||
@@ -486,7 +487,8 @@ gssd_get_single_krb5_cred(krb5_context c
|
||||
}
|
||||
|
||||
code = 0;
|
||||
- printerr(2, "%s: principal '%s' ccache:'%s'\n", __func__, pname, cc_name);
|
||||
+ printerr(2, "%s(0x%lx): principal '%s' ccache:'%s'\n",
|
||||
+ __func__, tid, pname, cc_name);
|
||||
out:
|
||||
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS
|
||||
if (init_opts)
|
||||
@@ -615,6 +617,7 @@ get_full_hostname(const char *inhost, ch
|
||||
struct addrinfo hints;
|
||||
int retval;
|
||||
char *c;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
@@ -624,8 +627,8 @@ get_full_hostname(const char *inhost, ch
|
||||
/* Get full target hostname */
|
||||
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
|
||||
if (retval) {
|
||||
- printerr(1, "%s while getting full hostname for '%s'\n",
|
||||
- gai_strerror(retval), inhost);
|
||||
+ printerr(1, "%s(0x%lx): getaddrinfo(%s) failed: %s\n",
|
||||
+ __func__, tid, inhost, gai_strerror(retval));
|
||||
goto out;
|
||||
}
|
||||
strncpy(outhost, addrs->ai_canonname, outhostlen);
|
||||
@@ -633,7 +636,10 @@ get_full_hostname(const char *inhost, ch
|
||||
for (c = outhost; *c != '\0'; c++)
|
||||
*c = tolower(*c);
|
||||
|
||||
- printerr(3, "Full hostname for '%s' is '%s'\n", inhost, outhost);
|
||||
+ if (get_verbosity() && strcmp(inhost, outhost))
|
||||
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
|
||||
+ inhost, outhost);
|
||||
+
|
||||
retval = 0;
|
||||
out:
|
||||
return retval;
|
||||
@@ -819,6 +825,7 @@ find_keytab_entry(krb5_context context,
|
||||
krb5_principal princ;
|
||||
const char *notsetstr = "not set";
|
||||
char *adhostoverride = NULL;
|
||||
+ pthread_t tid = pthread_self();
|
||||
|
||||
|
||||
/* Get full target hostname */
|
||||
@@ -972,7 +979,7 @@ find_keytab_entry(krb5_context context,
|
||||
tried_upper = 1;
|
||||
}
|
||||
} else {
|
||||
- printerr(2, "Success getting keytab entry for '%s'\n",spn);
|
||||
+ printerr(2, "find_keytab_entry(0x%lx): Success getting keytab entry for '%s'\n",tid, spn);
|
||||
retval = 0;
|
||||
goto out;
|
||||
}
|
||||
@@ -1113,9 +1120,6 @@ gssd_refresh_krb5_machine_credential_int
|
||||
char *k5err = NULL;
|
||||
const char *svcnames[] = { "$", "root", "nfs", "host", NULL };
|
||||
|
||||
- printerr(2, "%s: hostname=%s ple=%p service=%s srchost=%s\n",
|
||||
- __func__, hostname, ple, service, srchost);
|
||||
-
|
||||
/*
|
||||
* If a specific service name was specified, use it.
|
||||
* Otherwise, use the default list.
|
||||
@@ -1124,9 +1128,10 @@ gssd_refresh_krb5_machine_credential_int
|
||||
svcnames[0] = service;
|
||||
svcnames[1] = NULL;
|
||||
}
|
||||
- if (hostname == NULL && ple == NULL)
|
||||
+ if (hostname == NULL && ple == NULL) {
|
||||
+ printerr(0, "ERROR: %s: Invalid args\n", __func__);
|
||||
return EINVAL;
|
||||
-
|
||||
+ }
|
||||
code = krb5_init_context(&context);
|
||||
if (code) {
|
||||
k5err = gssd_k5_err_msg(NULL, code);
|
@ -1,17 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2019-11-11 09:23:28.920435729 -0500
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2019-11-26 13:59:52.812685585 -0500
|
||||
@@ -1020,11 +1020,11 @@ main(int argc, char *argv[])
|
||||
"support setting debug levels\n");
|
||||
#endif
|
||||
|
||||
+ daemon_init(fg);
|
||||
+
|
||||
if (gssd_check_mechs() != 0)
|
||||
errx(1, "Problem with gssapi library");
|
||||
|
||||
- daemon_init(fg);
|
||||
-
|
||||
event_init();
|
||||
|
||||
pipefs_dir = opendir(pipefs_path);
|
@ -1,402 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 09:39:04.273895536 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 09:40:13.942751214 -0400
|
||||
@@ -364,7 +364,7 @@ out:
|
||||
/* Actually frees clp and fields that might be used from other
|
||||
* threads if was last reference.
|
||||
*/
|
||||
-static void
|
||||
+void
|
||||
gssd_free_client(struct clnt_info *clp)
|
||||
{
|
||||
int refcnt;
|
||||
@@ -416,55 +416,6 @@ gssd_destroy_client(struct clnt_info *cl
|
||||
|
||||
static void gssd_scan(void);
|
||||
|
||||
-static int
|
||||
-start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
|
||||
-{
|
||||
- pthread_attr_t attr;
|
||||
- pthread_t th;
|
||||
- int ret;
|
||||
-
|
||||
- ret = pthread_attr_init(&attr);
|
||||
- if (ret != 0) {
|
||||
- printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
|
||||
- ret, strerror(errno));
|
||||
- return ret;
|
||||
- }
|
||||
- ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
|
||||
- if (ret != 0) {
|
||||
- printerr(0, "ERROR: failed to create pthread attr: ret %d: "
|
||||
- "%s\n", ret, strerror(errno));
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
- ret = pthread_create(&th, &attr, (void *)func, (void *)info);
|
||||
- if (ret != 0)
|
||||
- printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
|
||||
- ret, strerror(errno));
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
-static struct clnt_upcall_info *alloc_upcall_info(struct clnt_info *clp)
|
||||
-{
|
||||
- struct clnt_upcall_info *info;
|
||||
-
|
||||
- info = malloc(sizeof(struct clnt_upcall_info));
|
||||
- if (info == NULL)
|
||||
- return NULL;
|
||||
-
|
||||
- pthread_mutex_lock(&clp_lock);
|
||||
- clp->refcount++;
|
||||
- pthread_mutex_unlock(&clp_lock);
|
||||
- info->clp = clp;
|
||||
-
|
||||
- return info;
|
||||
-}
|
||||
-
|
||||
-void free_upcall_info(struct clnt_upcall_info *info)
|
||||
-{
|
||||
- gssd_free_client(info->clp);
|
||||
- free(info);
|
||||
-}
|
||||
-
|
||||
/* For each upcall read the upcall info into the buffer, then create a
|
||||
* thread in a detached state so that resources are released back into
|
||||
* the system without the need for a join.
|
||||
@@ -473,44 +424,16 @@ static void
|
||||
gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
|
||||
{
|
||||
struct clnt_info *clp = data;
|
||||
- struct clnt_upcall_info *info;
|
||||
-
|
||||
- info = alloc_upcall_info(clp);
|
||||
- if (info == NULL)
|
||||
- return;
|
||||
-
|
||||
- info->lbuflen = read(clp->gssd_fd, info->lbuf, sizeof(info->lbuf));
|
||||
- if (info->lbuflen <= 0 || info->lbuf[info->lbuflen-1] != '\n') {
|
||||
- printerr(0, "WARNING: %s: failed reading request\n", __func__);
|
||||
- free_upcall_info(info);
|
||||
- return;
|
||||
- }
|
||||
- info->lbuf[info->lbuflen-1] = 0;
|
||||
|
||||
- if (start_upcall_thread(handle_gssd_upcall, info))
|
||||
- free_upcall_info(info);
|
||||
+ handle_gssd_upcall(clp);
|
||||
}
|
||||
|
||||
static void
|
||||
gssd_clnt_krb5_cb(int UNUSED(fd), short UNUSED(which), void *data)
|
||||
{
|
||||
struct clnt_info *clp = data;
|
||||
- struct clnt_upcall_info *info;
|
||||
-
|
||||
- info = alloc_upcall_info(clp);
|
||||
- if (info == NULL)
|
||||
- return;
|
||||
-
|
||||
- if (read(clp->krb5_fd, &info->uid,
|
||||
- sizeof(info->uid)) < (ssize_t)sizeof(info->uid)) {
|
||||
- printerr(0, "WARNING: %s: failed reading uid from krb5 "
|
||||
- "upcall pipe: %s\n", __func__, strerror(errno));
|
||||
- free_upcall_info(info);
|
||||
- return;
|
||||
- }
|
||||
|
||||
- if (start_upcall_thread(handle_krb5_upcall, info))
|
||||
- free_upcall_info(info);
|
||||
+ handle_krb5_upcall(clp);
|
||||
}
|
||||
|
||||
static struct clnt_info *
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.h.orig nfs-utils-2.3.3/utils/gssd/gssd.h
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.h.orig 2021-07-19 09:39:04.269895430 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.h 2021-07-19 09:40:13.943751240 -0400
|
||||
@@ -84,14 +84,17 @@ struct clnt_info {
|
||||
|
||||
struct clnt_upcall_info {
|
||||
struct clnt_info *clp;
|
||||
- char lbuf[RPC_CHAN_BUF_SIZE];
|
||||
- int lbuflen;
|
||||
uid_t uid;
|
||||
+ int fd;
|
||||
+ char *srchost;
|
||||
+ char *target;
|
||||
+ char *service;
|
||||
};
|
||||
|
||||
-void handle_krb5_upcall(struct clnt_upcall_info *clp);
|
||||
-void handle_gssd_upcall(struct clnt_upcall_info *clp);
|
||||
+void handle_krb5_upcall(struct clnt_info *clp);
|
||||
+void handle_gssd_upcall(struct clnt_info *clp);
|
||||
void free_upcall_info(struct clnt_upcall_info *info);
|
||||
+void gssd_free_client(struct clnt_info *clp);
|
||||
|
||||
|
||||
#endif /* _RPC_GSSD_H_ */
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 09:39:04.269895430 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 09:40:13.944751267 -0400
|
||||
@@ -80,6 +80,8 @@
|
||||
#include "nfslib.h"
|
||||
#include "gss_names.h"
|
||||
|
||||
+extern pthread_mutex_t clp_lock;
|
||||
+
|
||||
/* Encryption types supported by the kernel rpcsec_gss code */
|
||||
int num_krb5_enctypes = 0;
|
||||
krb5_enctype *krb5_enctypes = NULL;
|
||||
@@ -719,22 +721,133 @@ out_return_error:
|
||||
goto out;
|
||||
}
|
||||
|
||||
-void
|
||||
-handle_krb5_upcall(struct clnt_upcall_info *info)
|
||||
-{
|
||||
- struct clnt_info *clp = info->clp;
|
||||
+static struct clnt_upcall_info *
|
||||
+alloc_upcall_info(struct clnt_info *clp, uid_t uid, int fd, char *srchost,
|
||||
+ char *target, char *service)
|
||||
+{
|
||||
+ struct clnt_upcall_info *info;
|
||||
+
|
||||
+ info = malloc(sizeof(struct clnt_upcall_info));
|
||||
+ if (info == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memset(info, 0, sizeof(*info));
|
||||
+ pthread_mutex_lock(&clp_lock);
|
||||
+ clp->refcount++;
|
||||
+ pthread_mutex_unlock(&clp_lock);
|
||||
+ info->clp = clp;
|
||||
+ info->uid = uid;
|
||||
+ info->fd = fd;
|
||||
+ if (srchost) {
|
||||
+ info->srchost = strdup(srchost);
|
||||
+ if (info->srchost == NULL)
|
||||
+ goto out_info;
|
||||
+ }
|
||||
+ if (target) {
|
||||
+ info->target = strdup(target);
|
||||
+ if (info->target == NULL)
|
||||
+ goto out_srchost;
|
||||
+ }
|
||||
+ if (service) {
|
||||
+ info->service = strdup(service);
|
||||
+ if (info->service == NULL)
|
||||
+ goto out_target;
|
||||
+ }
|
||||
+
|
||||
+out:
|
||||
+ return info;
|
||||
|
||||
- printerr(2, "\n%s: uid %d (%s)\n", __func__, info->uid, clp->relpath);
|
||||
+out_target:
|
||||
+ if (info->target)
|
||||
+ free(info->target);
|
||||
+out_srchost:
|
||||
+ if (info->srchost)
|
||||
+ free(info->srchost);
|
||||
+out_info:
|
||||
+ free(info);
|
||||
+ info = NULL;
|
||||
+ goto out;
|
||||
+}
|
||||
+
|
||||
+void free_upcall_info(struct clnt_upcall_info *info)
|
||||
+{
|
||||
+ gssd_free_client(info->clp);
|
||||
+ if (info->service)
|
||||
+ free(info->service);
|
||||
+ if (info->target)
|
||||
+ free(info->target);
|
||||
+ if (info->srchost)
|
||||
+ free(info->srchost);
|
||||
+ free(info);
|
||||
+}
|
||||
|
||||
- process_krb5_upcall(clp, info->uid, clp->krb5_fd, NULL, NULL, NULL);
|
||||
+static void
|
||||
+gssd_work_thread_fn(struct clnt_upcall_info *info)
|
||||
+{
|
||||
+ process_krb5_upcall(info->clp, info->uid, info->fd, info->srchost, info->target, info->service);
|
||||
free_upcall_info(info);
|
||||
}
|
||||
|
||||
+static int
|
||||
+start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
|
||||
+{
|
||||
+ pthread_attr_t attr;
|
||||
+ pthread_t th;
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = pthread_attr_init(&attr);
|
||||
+ if (ret != 0) {
|
||||
+ printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
|
||||
+ ret, strerror(errno));
|
||||
+ return ret;
|
||||
+ }
|
||||
+ ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
|
||||
+ if (ret != 0) {
|
||||
+ printerr(0, "ERROR: failed to create pthread attr: ret %d: "
|
||||
+ "%s\n", ret, strerror(errno));
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ ret = pthread_create(&th, &attr, (void *)func, (void *)info);
|
||||
+ if (ret != 0)
|
||||
+ printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
|
||||
+ ret, strerror(errno));
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
void
|
||||
-handle_gssd_upcall(struct clnt_upcall_info *info)
|
||||
+handle_krb5_upcall(struct clnt_info *clp)
|
||||
{
|
||||
- struct clnt_info *clp = info->clp;
|
||||
uid_t uid;
|
||||
+ struct clnt_upcall_info *info;
|
||||
+ int err;
|
||||
+
|
||||
+ if (read(clp->krb5_fd, &uid, sizeof(uid)) < (ssize_t)sizeof(uid)) {
|
||||
+ printerr(0, "WARNING: failed reading uid from krb5 "
|
||||
+ "upcall pipe: %s\n", strerror(errno));
|
||||
+ return;
|
||||
+ }
|
||||
+ printerr(2, "\n%s: uid %d (%s)\n", __func__, uid, clp->relpath);
|
||||
+
|
||||
+ info = alloc_upcall_info(clp, uid, clp->krb5_fd, NULL, NULL, NULL);
|
||||
+ if (info == NULL) {
|
||||
+ printerr(0, "%s: failed to allocate clnt_upcall_info\n", __func__);
|
||||
+ do_error_downcall(clp->krb5_fd, uid, -EACCES);
|
||||
+ return;
|
||||
+ }
|
||||
+ err = start_upcall_thread(gssd_work_thread_fn, info);
|
||||
+ if (err != 0) {
|
||||
+ do_error_downcall(clp->krb5_fd, uid, -EACCES);
|
||||
+ free_upcall_info(info);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+handle_gssd_upcall(struct clnt_info *clp)
|
||||
+{
|
||||
+ uid_t uid;
|
||||
+ char lbuf[RPC_CHAN_BUF_SIZE];
|
||||
+ int lbuflen = 0;
|
||||
char *p;
|
||||
char *mech = NULL;
|
||||
char *uidstr = NULL;
|
||||
@@ -742,20 +855,22 @@ handle_gssd_upcall(struct clnt_upcall_in
|
||||
char *service = NULL;
|
||||
char *srchost = NULL;
|
||||
char *enctypes = NULL;
|
||||
- char *upcall_str;
|
||||
- char *pbuf = info->lbuf;
|
||||
pthread_t tid = pthread_self();
|
||||
+ struct clnt_upcall_info *info;
|
||||
+ int err;
|
||||
|
||||
- printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
|
||||
- info->lbuf, clp->relpath);
|
||||
-
|
||||
- upcall_str = strdup(info->lbuf);
|
||||
- if (upcall_str == NULL) {
|
||||
- printerr(0, "ERROR: malloc failure\n");
|
||||
- goto out_nomem;
|
||||
+ lbuflen = read(clp->gssd_fd, lbuf, sizeof(lbuf));
|
||||
+ if (lbuflen <= 0 || lbuf[lbuflen-1] != '\n') {
|
||||
+ printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
+ "failed reading request\n");
|
||||
+ return;
|
||||
}
|
||||
+ lbuf[lbuflen-1] = 0;
|
||||
+
|
||||
+ printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
|
||||
+ lbuf, clp->relpath);
|
||||
|
||||
- while ((p = strsep(&pbuf, " "))) {
|
||||
+ for (p = strtok(lbuf, " "); p; p = strtok(NULL, " ")) {
|
||||
if (!strncmp(p, "mech=", strlen("mech=")))
|
||||
mech = p + strlen("mech=");
|
||||
else if (!strncmp(p, "uid=", strlen("uid=")))
|
||||
@@ -773,8 +888,8 @@ handle_gssd_upcall(struct clnt_upcall_in
|
||||
if (!mech || strlen(mech) < 1) {
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"failed to find gss mechanism name "
|
||||
- "in upcall string '%s'\n", upcall_str);
|
||||
- goto out;
|
||||
+ "in upcall string '%s'\n", lbuf);
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (uidstr) {
|
||||
@@ -786,21 +901,21 @@ handle_gssd_upcall(struct clnt_upcall_in
|
||||
if (!uidstr) {
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"failed to find uid "
|
||||
- "in upcall string '%s'\n", upcall_str);
|
||||
- goto out;
|
||||
+ "in upcall string '%s'\n", lbuf);
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (enctypes && parse_enctypes(enctypes) != 0) {
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"parsing encryption types failed: errno %d\n", errno);
|
||||
- goto out;
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (target && strlen(target) < 1) {
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"failed to parse target name "
|
||||
- "in upcall string '%s'\n", upcall_str);
|
||||
- goto out;
|
||||
+ "in upcall string '%s'\n", lbuf);
|
||||
+ return;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -814,21 +929,26 @@ handle_gssd_upcall(struct clnt_upcall_in
|
||||
if (service && strlen(service) < 1) {
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"failed to parse service type "
|
||||
- "in upcall string '%s'\n", upcall_str);
|
||||
- goto out;
|
||||
+ "in upcall string '%s'\n", lbuf);
|
||||
+ return;
|
||||
}
|
||||
|
||||
- if (strcmp(mech, "krb5") == 0 && clp->servername)
|
||||
- process_krb5_upcall(clp, uid, clp->gssd_fd, srchost, target, service);
|
||||
- else {
|
||||
+ if (strcmp(mech, "krb5") == 0 && clp->servername) {
|
||||
+ info = alloc_upcall_info(clp, uid, clp->gssd_fd, srchost, target, service);
|
||||
+ if (info == NULL) {
|
||||
+ printerr(0, "%s: failed to allocate clnt_upcall_info\n", __func__);
|
||||
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
|
||||
+ return;
|
||||
+ }
|
||||
+ err = start_upcall_thread(gssd_work_thread_fn, info);
|
||||
+ if (err != 0) {
|
||||
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
|
||||
+ free_upcall_info(info);
|
||||
+ }
|
||||
+ } else {
|
||||
if (clp->servername)
|
||||
printerr(0, "WARNING: handle_gssd_upcall: "
|
||||
"received unknown gss mech '%s'\n", mech);
|
||||
do_error_downcall(clp->gssd_fd, uid, -EACCES);
|
||||
}
|
||||
-out:
|
||||
- free(upcall_str);
|
||||
-out_nomem:
|
||||
- free_upcall_info(info);
|
||||
- return;
|
||||
}
|
@ -1,141 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
|
||||
--- nfs-utils-2.3.3/nfs.conf.orig 2021-04-17 10:49:23.660184527 -0400
|
||||
+++ nfs-utils-2.3.3/nfs.conf 2021-04-17 11:14:41.482108562 -0400
|
||||
@@ -21,6 +21,7 @@ use-gss-proxy=1
|
||||
# keytab-file=/etc/krb5.keytab
|
||||
# cred-cache-directory=
|
||||
# preferred-realm=
|
||||
+# set-home=1
|
||||
#
|
||||
[lockd]
|
||||
# port=0
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
|
||||
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2021-04-17 10:49:23.696185472 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2021-04-17 11:14:41.483108588 -0400
|
||||
@@ -222,7 +222,8 @@ Recognized values:
|
||||
.BR rpc-timeout ,
|
||||
.BR keytab-file ,
|
||||
.BR cred-cache-directory ,
|
||||
-.BR preferred-realm .
|
||||
+.BR preferred-realm ,
|
||||
+.BR set-home .
|
||||
|
||||
See
|
||||
.BR rpc.gssd (8)
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-04-17 10:49:23.684185157 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-04-17 11:14:41.483108588 -0400
|
||||
@@ -87,6 +87,8 @@ unsigned int context_timeout = 0;
|
||||
unsigned int rpc_timeout = 5;
|
||||
char *preferred_realm = NULL;
|
||||
char *ccachedir = NULL;
|
||||
+/* set $HOME to "/" by default */
|
||||
+static bool set_home = true;
|
||||
/* Avoid DNS reverse lookups on server names */
|
||||
static bool avoid_dns = true;
|
||||
static bool use_gssproxy = false;
|
||||
@@ -885,7 +887,7 @@ sig_die(int signal)
|
||||
static void
|
||||
usage(char *progname)
|
||||
{
|
||||
- fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D]\n",
|
||||
+ fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H]\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
@@ -926,6 +928,7 @@ read_gss_conf(void)
|
||||
preferred_realm = s;
|
||||
|
||||
use_gssproxy = conf_get_bool("gssd", "use-gss-proxy", use_gssproxy);
|
||||
+ set_home = conf_get_bool("gssd", "set-home", set_home);
|
||||
}
|
||||
|
||||
int
|
||||
@@ -946,7 +949,7 @@ main(int argc, char *argv[])
|
||||
verbosity = conf_get_num("gssd", "verbosity", verbosity);
|
||||
rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
|
||||
|
||||
- while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
|
||||
+ while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'f':
|
||||
fg = 1;
|
||||
@@ -994,6 +997,9 @@ main(int argc, char *argv[])
|
||||
case 'D':
|
||||
avoid_dns = false;
|
||||
break;
|
||||
+ case 'H':
|
||||
+ set_home = false;
|
||||
+ break;
|
||||
default:
|
||||
usage(argv[0]);
|
||||
break;
|
||||
@@ -1003,13 +1009,19 @@ main(int argc, char *argv[])
|
||||
/*
|
||||
* Some krb5 routines try to scrape info out of files in the user's
|
||||
* home directory. This can easily deadlock when that homedir is on a
|
||||
- * kerberized NFS mount. By setting $HOME unconditionally to "/", we
|
||||
- * prevent this behavior in routines that use $HOME in preference to
|
||||
- * the results of getpw*.
|
||||
+ * kerberized NFS mount. By setting $HOME to "/" by default, we prevent
|
||||
+ * this behavior in routines that use $HOME in preference to the results
|
||||
+ * of getpw*.
|
||||
+ *
|
||||
+ * Some users do not use Kerberized home dirs and need $HOME to remain
|
||||
+ * unchanged. Those users can leave $HOME unchanged by setting set_home
|
||||
+ * to false.
|
||||
*/
|
||||
- if (setenv("HOME", "/", 1)) {
|
||||
- printerr(0, "gssd: Unable to set $HOME: %s\n", strerror(errno));
|
||||
- exit(1);
|
||||
+ if (set_home) {
|
||||
+ if (setenv("HOME", "/", 1)) {
|
||||
+ printerr(0, "gssd: Unable to set $HOME: %s\n", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (use_gssproxy) {
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-04-17 10:49:23.650184264 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-04-17 11:14:41.484108615 -0400
|
||||
@@ -8,7 +8,7 @@
|
||||
rpc.gssd \- RPCSEC_GSS daemon
|
||||
.SH SYNOPSIS
|
||||
.B rpc.gssd
|
||||
-.RB [ \-DfMnlvr ]
|
||||
+.RB [ \-DfMnlvrH ]
|
||||
.RB [ \-k
|
||||
.IR keytab ]
|
||||
.RB [ \-p
|
||||
@@ -297,6 +297,16 @@ The default timeout is set to 5 seconds.
|
||||
If you get messages like "WARNING: can't create tcp rpc_clnt to server
|
||||
%servername% for user with uid %uid%: RPC: Remote system error -
|
||||
Connection timed out", you should consider an increase of this timeout.
|
||||
+.TP
|
||||
+.B -H
|
||||
+Avoids setting $HOME to "/". This allows rpc.gssd to read per user k5identity
|
||||
+files versus trying to read /.k5identity for each user.
|
||||
+
|
||||
+If
|
||||
+.B \-H
|
||||
+is not set, rpc.gssd will use the first match found in
|
||||
+/var/kerberos/krb5/user/$EUID/client.keytab and will not use a principal based on
|
||||
+host and/or service parameters listed in $HOME/.k5identity.
|
||||
.SH CONFIGURATION FILE
|
||||
Many of the options that can be set on the command line can also be
|
||||
controlled through values set in the
|
||||
@@ -354,6 +364,13 @@ Equivalent to
|
||||
.B preferred-realm
|
||||
Equivalent to
|
||||
.BR -R .
|
||||
+.TP
|
||||
+.B set-home
|
||||
+Setting to
|
||||
+.B false
|
||||
+is equivalent to providing the
|
||||
+.B -H
|
||||
+flag.
|
||||
.P
|
||||
In addtion, the following value is recognized from the
|
||||
.B [general]
|
@ -1,17 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-04-17 11:21:18.326543446 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-04-17 12:35:59.867574517 -0400
|
||||
@@ -347,11 +347,11 @@ Equivalent to
|
||||
.TP
|
||||
.B context-timeout
|
||||
Equivalent to
|
||||
-.BR -T .
|
||||
+.BR -t .
|
||||
.TP
|
||||
.B rpc-timeout
|
||||
Equivalent to
|
||||
-.BR -t .
|
||||
+.BR -T .
|
||||
.TP
|
||||
.B keytab-file
|
||||
Equivalent to
|
@ -1,29 +0,0 @@
|
||||
commit 52db5259fe78c2b948df279b697412f99e12f229
|
||||
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Date: Fri Aug 23 14:06:42 2019 -0400
|
||||
|
||||
gssd: add configure options verbosity to man page rpc.gssd(8)
|
||||
|
||||
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
|
||||
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
|
||||
index e620f0d1..cc3a210a 100644
|
||||
--- a/utils/gssd/gssd.man
|
||||
+++ b/utils/gssd/gssd.man
|
||||
@@ -305,6 +305,14 @@ section of the
|
||||
.I /etc/nfs.conf
|
||||
configuration file. Values recognized include:
|
||||
.TP
|
||||
+.B verbosity
|
||||
+Value which is equivalent to the number of
|
||||
+.BR -v .
|
||||
+.TP
|
||||
+.B rpc-verbosity
|
||||
+Value which is equivalent to the number of
|
||||
+.BR -r .
|
||||
+.TP
|
||||
.B use-memcache
|
||||
A Boolean flag equivalent to
|
||||
.BR -M .
|
@ -1,118 +0,0 @@
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index eb993aab..26e51edf 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -459,7 +459,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
||||
if (ccache)
|
||||
krb5_cc_close(context, ccache);
|
||||
krb5_free_cred_contents(context, &my_creds);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
return (code);
|
||||
}
|
||||
|
||||
@@ -698,7 +698,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
||||
"we failed to unparse principal name: %s\n",
|
||||
k5err);
|
||||
k5_free_kt_entry(context, kte);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
@@ -745,7 +745,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
|
||||
if (retval < 0)
|
||||
retval = 0;
|
||||
out:
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
return retval;
|
||||
}
|
||||
|
||||
@@ -774,7 +774,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
||||
int tried_all = 0, tried_default = 0, tried_upper = 0;
|
||||
krb5_principal princ;
|
||||
const char *notsetstr = "not set";
|
||||
- char *adhostoverride;
|
||||
+ char *adhostoverride = NULL;
|
||||
|
||||
|
||||
/* Get full target hostname */
|
||||
@@ -802,7 +802,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
||||
adhostoverride);
|
||||
/* No overflow: Windows cannot handle strings longer than 19 chars */
|
||||
strcpy(myhostad, adhostoverride);
|
||||
- free(adhostoverride);
|
||||
} else {
|
||||
strcpy(myhostad, myhostname);
|
||||
for (i = 0; myhostad[i] != 0; ++i) {
|
||||
@@ -811,6 +810,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
||||
myhostad[i] = '$';
|
||||
myhostad[i+1] = 0;
|
||||
}
|
||||
+ if (adhostoverride)
|
||||
+ krb5_free_string(context, adhostoverride);
|
||||
|
||||
if (!srchost) {
|
||||
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
|
||||
@@ -901,7 +902,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(1, "%s while building principal for '%s'\n",
|
||||
k5err, spn);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
@@ -911,7 +912,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(3, "%s while getting keytab entry for '%s'\n",
|
||||
k5err, spn);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
k5err = NULL;
|
||||
/*
|
||||
* We tried the active directory machine account
|
||||
@@ -960,7 +961,7 @@ out:
|
||||
k5_free_default_realm(context, default_realm);
|
||||
if (realmnames)
|
||||
krb5_free_host_realm(context, realmnames);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
return retval;
|
||||
}
|
||||
|
||||
@@ -1223,7 +1224,7 @@ gssd_destroy_krb5_machine_creds(void)
|
||||
printerr(0, "WARNING: %s while resolving credential "
|
||||
"cache '%s' for destruction\n", k5err,
|
||||
ple->ccname);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
k5err = NULL;
|
||||
continue;
|
||||
}
|
||||
@@ -1232,13 +1233,13 @@ gssd_destroy_krb5_machine_creds(void)
|
||||
k5err = gssd_k5_err_msg(context, code);
|
||||
printerr(0, "WARNING: %s while destroying credential "
|
||||
"cache '%s'\n", k5err, ple->ccname);
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
k5err = NULL;
|
||||
}
|
||||
}
|
||||
krb5_free_context(context);
|
||||
out:
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1321,7 +1322,7 @@ out_free_kt:
|
||||
out_free_context:
|
||||
krb5_free_context(context);
|
||||
out:
|
||||
- free(k5err);
|
||||
+ krb5_free_string(context, k5err);
|
||||
return retval;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,43 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-07-22 15:27:27.728680553 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-07-22 15:30:08.916979585 -0400
|
||||
@@ -165,18 +165,28 @@ static int gssd_get_single_krb5_cred(krb
|
||||
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
|
||||
char **ret_realm);
|
||||
|
||||
-static void release_ple(krb5_context context, struct gssd_k5_kt_princ *ple)
|
||||
+static void release_ple_locked(krb5_context context,
|
||||
+ struct gssd_k5_kt_princ *ple)
|
||||
{
|
||||
if (--ple->refcount)
|
||||
return;
|
||||
|
||||
- printerr(3, "freeing cached principal (ccname=%s, realm=%s)\n", ple->ccname, ple->realm);
|
||||
+ printerr(3, "freeing cached principal (ccname=%s, realm=%s)\n",
|
||||
+ ple->ccname, ple->realm);
|
||||
krb5_free_principal(context, ple->princ);
|
||||
free(ple->ccname);
|
||||
free(ple->realm);
|
||||
free(ple);
|
||||
}
|
||||
|
||||
+static void release_ple(krb5_context context, struct gssd_k5_kt_princ *ple)
|
||||
+{
|
||||
+ pthread_mutex_lock(&ple_lock);
|
||||
+ release_ple_locked(context, ple);
|
||||
+ pthread_mutex_unlock(&ple_lock);
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
* Called from the scandir function to weed out potential krb5
|
||||
* credentials cache files
|
||||
@@ -1396,7 +1406,7 @@ gssd_destroy_krb5_principals(int destroy
|
||||
}
|
||||
}
|
||||
|
||||
- release_ple(context, ple);
|
||||
+ release_ple_locked(context, ple);
|
||||
}
|
||||
pthread_mutex_unlock(&ple_lock);
|
||||
krb5_free_context(context);
|
@ -1,14 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-11-04 10:13:07.788142847 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-11-04 10:14:10.829841090 -0400
|
||||
@@ -647,8 +647,8 @@ get_full_hostname(const char *inhost, ch
|
||||
*c = tolower(*c);
|
||||
|
||||
if (get_verbosity() && strcmp(inhost, outhost))
|
||||
- printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
|
||||
- inhost, outhost);
|
||||
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost '%s'\n",
|
||||
+ __func__, tid, inhost, outhost);
|
||||
|
||||
retval = 0;
|
||||
out:
|
@ -1,625 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
|
||||
--- nfs-utils-2.3.3/nfs.conf.orig 2021-07-19 09:45:40.441448059 -0400
|
||||
+++ nfs-utils-2.3.3/nfs.conf 2021-07-19 12:08:55.314182838 -0400
|
||||
@@ -22,6 +22,8 @@ use-gss-proxy=1
|
||||
# cred-cache-directory=
|
||||
# preferred-realm=
|
||||
# set-home=1
|
||||
+# upcall-timeout=30
|
||||
+# cancel-timed-out-upcalls=0
|
||||
#
|
||||
[lockd]
|
||||
# port=0
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 09:45:40.448448246 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 12:08:55.315182865 -0400
|
||||
@@ -96,8 +96,29 @@ pthread_mutex_t clp_lock = PTHREAD_MUTEX
|
||||
static bool signal_received = false;
|
||||
static struct event_base *evbase = NULL;
|
||||
|
||||
+int upcall_timeout = DEF_UPCALL_TIMEOUT;
|
||||
+static bool cancel_timed_out_upcalls = false;
|
||||
+
|
||||
TAILQ_HEAD(topdir_list_head, topdir) topdir_list;
|
||||
|
||||
+/*
|
||||
+ * active_thread_list:
|
||||
+ *
|
||||
+ * used to track upcalls for timeout purposes.
|
||||
+ *
|
||||
+ * protected by the active_thread_list_lock mutex.
|
||||
+ *
|
||||
+ * upcall_thread_info structures are added to the tail of the list
|
||||
+ * by start_upcall_thread(), so entries closer to the head of the list
|
||||
+ * will be closer to hitting the upcall timeout.
|
||||
+ *
|
||||
+ * upcall_thread_info structures are removed from the list upon a
|
||||
+ * sucessful join of the upcall thread by the watchdog thread (via
|
||||
+ * scan_active_thread_list().
|
||||
+ */
|
||||
+TAILQ_HEAD(active_thread_list_head, upcall_thread_info) active_thread_list;
|
||||
+pthread_mutex_t active_thread_list_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
+
|
||||
struct topdir {
|
||||
TAILQ_ENTRY(topdir) list;
|
||||
TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
|
||||
@@ -436,6 +457,138 @@ gssd_clnt_krb5_cb(int UNUSED(fd), short
|
||||
handle_krb5_upcall(clp);
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * scan_active_thread_list:
|
||||
+ *
|
||||
+ * Walks the active_thread_list, trying to join as many upcall threads as
|
||||
+ * possible. For threads that have terminated, the corresponding
|
||||
+ * upcall_thread_info will be removed from the list and freed. Threads that
|
||||
+ * are still busy and have exceeded the upcall_timeout will cause an error to
|
||||
+ * be logged and may be canceled (depending on the value of
|
||||
+ * cancel_timed_out_upcalls).
|
||||
+ *
|
||||
+ * Returns the number of seconds that the watchdog thread should wait before
|
||||
+ * calling scan_active_thread_list() again.
|
||||
+ */
|
||||
+static int
|
||||
+scan_active_thread_list(void)
|
||||
+{
|
||||
+ struct upcall_thread_info *info;
|
||||
+ struct timespec now;
|
||||
+ unsigned int sleeptime;
|
||||
+ bool sleeptime_set = false;
|
||||
+ int err;
|
||||
+ void *tret, *saveprev;
|
||||
+
|
||||
+ sleeptime = upcall_timeout;
|
||||
+ pthread_mutex_lock(&active_thread_list_lock);
|
||||
+ clock_gettime(CLOCK_MONOTONIC, &now);
|
||||
+ TAILQ_FOREACH(info, &active_thread_list, list) {
|
||||
+ err = pthread_tryjoin_np(info->tid, &tret);
|
||||
+ switch (err) {
|
||||
+ case 0:
|
||||
+ /*
|
||||
+ * The upcall thread has either completed successfully, or
|
||||
+ * has been canceled _and_ has acted on the cancellation request
|
||||
+ * (i.e. has hit a cancellation point). We can now remove the
|
||||
+ * upcall_thread_info from the list and free it.
|
||||
+ */
|
||||
+ if (tret == PTHREAD_CANCELED)
|
||||
+ printerr(3, "watchdog: thread id 0x%lx cancelled successfully\n",
|
||||
+ info->tid);
|
||||
+ saveprev = info->list.tqe_prev;
|
||||
+ TAILQ_REMOVE(&active_thread_list, info, list);
|
||||
+ free(info);
|
||||
+ info = saveprev;
|
||||
+ break;
|
||||
+ case EBUSY:
|
||||
+ /*
|
||||
+ * The upcall thread is still running. If the timeout has expired
|
||||
+ * then we either cancel the thread, log an error, and do an error
|
||||
+ * downcall to the kernel (cancel_timed_out_upcalls=true) or simply
|
||||
+ * log an error (cancel_timed_out_upcalls=false). In either case,
|
||||
+ * the error is logged only once.
|
||||
+ */
|
||||
+ if (now.tv_sec >= info->timeout.tv_sec) {
|
||||
+ if (cancel_timed_out_upcalls && !(info->flags & UPCALL_THREAD_CANCELED)) {
|
||||
+ printerr(0, "watchdog: thread id 0x%lx timed out\n",
|
||||
+ info->tid);
|
||||
+ pthread_cancel(info->tid);
|
||||
+ info->flags |= (UPCALL_THREAD_CANCELED|UPCALL_THREAD_WARNED);
|
||||
+ do_error_downcall(info->fd, info->uid, -ETIMEDOUT);
|
||||
+ } else {
|
||||
+ if (!(info->flags & UPCALL_THREAD_WARNED)) {
|
||||
+ printerr(0, "watchdog: thread id 0x%lx running for %ld seconds\n",
|
||||
+ info->tid,
|
||||
+ now.tv_sec - info->timeout.tv_sec + upcall_timeout);
|
||||
+ info->flags |= UPCALL_THREAD_WARNED;
|
||||
+ }
|
||||
+ }
|
||||
+ } else if (!sleeptime_set) {
|
||||
+ /*
|
||||
+ * The upcall thread is still running, but the timeout has not yet
|
||||
+ * expired. Calculate the time remaining until the timeout will
|
||||
+ * expire. This is the amount of time the watchdog thread will
|
||||
+ * wait before running again. We only need to do this for the busy
|
||||
+ * thread closest to the head of the list - entries appearing later
|
||||
+ * in the list will time out later.
|
||||
+ */
|
||||
+ sleeptime = info->timeout.tv_sec - now.tv_sec;
|
||||
+ sleeptime_set = true;
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ /* EDEADLK, EINVAL, and ESRCH... none of which should happen! */
|
||||
+ printerr(0, "watchdog: attempt to join thread id 0x%lx returned %d (%s)!\n",
|
||||
+ info->tid, err, strerror(err));
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ pthread_mutex_unlock(&active_thread_list_lock);
|
||||
+
|
||||
+ return sleeptime;
|
||||
+}
|
||||
+
|
||||
+static void *
|
||||
+watchdog_thread_fn(void *UNUSED(arg))
|
||||
+{
|
||||
+ unsigned int sleeptime;
|
||||
+
|
||||
+ for (;;) {
|
||||
+ sleeptime = scan_active_thread_list();
|
||||
+ printerr(4, "watchdog: sleeping %u secs\n", sleeptime);
|
||||
+ sleep(sleeptime);
|
||||
+ }
|
||||
+ return (void *)0;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+start_watchdog_thread(void)
|
||||
+{
|
||||
+ pthread_attr_t attr;
|
||||
+ pthread_t th;
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = pthread_attr_init(&attr);
|
||||
+ if (ret != 0) {
|
||||
+ printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
|
||||
+ ret, strerror(errno));
|
||||
+ return ret;
|
||||
+ }
|
||||
+ ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
|
||||
+ if (ret != 0) {
|
||||
+ printerr(0, "ERROR: failed to create pthread attr: ret %d: %s\n",
|
||||
+ ret, strerror(errno));
|
||||
+ return ret;
|
||||
+ }
|
||||
+ ret = pthread_create(&th, &attr, watchdog_thread_fn, NULL);
|
||||
+ if (ret != 0) {
|
||||
+ printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
|
||||
+ ret, strerror(errno));
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
static struct clnt_info *
|
||||
gssd_get_clnt(struct topdir *tdi, const char *name)
|
||||
{
|
||||
@@ -810,7 +963,7 @@ sig_die(int signal)
|
||||
static void
|
||||
usage(char *progname)
|
||||
{
|
||||
- fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H]\n",
|
||||
+ fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H] [-U upcall timeout] [-C]\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
@@ -831,6 +984,9 @@ read_gss_conf(void)
|
||||
#endif
|
||||
context_timeout = conf_get_num("gssd", "context-timeout", context_timeout);
|
||||
rpc_timeout = conf_get_num("gssd", "rpc-timeout", rpc_timeout);
|
||||
+ upcall_timeout = conf_get_num("gssd", "upcall-timeout", upcall_timeout);
|
||||
+ cancel_timed_out_upcalls = conf_get_bool("gssd", "cancel-timed-out-upcalls",
|
||||
+ cancel_timed_out_upcalls);
|
||||
s = conf_get_str("gssd", "pipefs-directory");
|
||||
if (!s)
|
||||
s = conf_get_str("general", "pipefs-directory");
|
||||
@@ -872,7 +1028,7 @@ main(int argc, char *argv[])
|
||||
verbosity = conf_get_num("gssd", "verbosity", verbosity);
|
||||
rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
|
||||
|
||||
- while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:")) != -1) {
|
||||
+ while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:U:C")) != -1) {
|
||||
switch (opt) {
|
||||
case 'f':
|
||||
fg = 1;
|
||||
@@ -923,6 +1079,12 @@ main(int argc, char *argv[])
|
||||
case 'H':
|
||||
set_home = false;
|
||||
break;
|
||||
+ case 'U':
|
||||
+ upcall_timeout = atoi(optarg);
|
||||
+ break;
|
||||
+ case 'C':
|
||||
+ cancel_timed_out_upcalls = true;
|
||||
+ break;
|
||||
default:
|
||||
usage(argv[0]);
|
||||
break;
|
||||
@@ -995,6 +1157,11 @@ main(int argc, char *argv[])
|
||||
else
|
||||
progname = argv[0];
|
||||
|
||||
+ if (upcall_timeout > MAX_UPCALL_TIMEOUT)
|
||||
+ upcall_timeout = MAX_UPCALL_TIMEOUT;
|
||||
+ else if (upcall_timeout < MIN_UPCALL_TIMEOUT)
|
||||
+ upcall_timeout = MIN_UPCALL_TIMEOUT;
|
||||
+
|
||||
initerr(progname, verbosity, fg);
|
||||
#ifdef HAVE_LIBTIRPC_SET_DEBUG
|
||||
/*
|
||||
@@ -1045,6 +1212,14 @@ main(int argc, char *argv[])
|
||||
gssd_inotify_cb, NULL);
|
||||
event_add(inotify_ev, NULL);
|
||||
|
||||
+ TAILQ_INIT(&active_thread_list);
|
||||
+
|
||||
+ rc = start_watchdog_thread();
|
||||
+ if (rc != 0) {
|
||||
+ printerr(0, "ERROR: failed to start watchdog thread: %d\n", rc);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
TAILQ_INIT(&topdir_list);
|
||||
gssd_scan();
|
||||
daemon_ready();
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.h.orig nfs-utils-2.3.3/utils/gssd/gssd.h
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.h.orig 2021-07-19 09:45:40.449448272 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.h 2021-07-19 12:08:55.315182865 -0400
|
||||
@@ -50,6 +50,12 @@
|
||||
#define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab"
|
||||
#define GSSD_SERVICE_NAME "nfs"
|
||||
#define RPC_CHAN_BUF_SIZE 32768
|
||||
+
|
||||
+/* timeouts are in seconds */
|
||||
+#define MIN_UPCALL_TIMEOUT 5
|
||||
+#define DEF_UPCALL_TIMEOUT 30
|
||||
+#define MAX_UPCALL_TIMEOUT 600
|
||||
+
|
||||
/*
|
||||
* The gss mechanisms that we can handle
|
||||
*/
|
||||
@@ -91,10 +97,22 @@ struct clnt_upcall_info {
|
||||
char *service;
|
||||
};
|
||||
|
||||
+struct upcall_thread_info {
|
||||
+ TAILQ_ENTRY(upcall_thread_info) list;
|
||||
+ pthread_t tid;
|
||||
+ struct timespec timeout;
|
||||
+ uid_t uid;
|
||||
+ int fd;
|
||||
+ unsigned short flags;
|
||||
+#define UPCALL_THREAD_CANCELED 0x0001
|
||||
+#define UPCALL_THREAD_WARNED 0x0002
|
||||
+};
|
||||
+
|
||||
void handle_krb5_upcall(struct clnt_info *clp);
|
||||
void handle_gssd_upcall(struct clnt_info *clp);
|
||||
void free_upcall_info(struct clnt_upcall_info *info);
|
||||
void gssd_free_client(struct clnt_info *clp);
|
||||
+int do_error_downcall(int k5_fd, uid_t uid, int err);
|
||||
|
||||
|
||||
#endif /* _RPC_GSSD_H_ */
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-07-19 09:45:40.443448112 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-07-19 12:08:55.315182865 -0400
|
||||
@@ -8,7 +8,7 @@
|
||||
rpc.gssd \- RPCSEC_GSS daemon
|
||||
.SH SYNOPSIS
|
||||
.B rpc.gssd
|
||||
-.RB [ \-DfMnlvrH ]
|
||||
+.RB [ \-DfMnlvrHC ]
|
||||
.RB [ \-k
|
||||
.IR keytab ]
|
||||
.RB [ \-p
|
||||
@@ -17,6 +17,10 @@ rpc.gssd \- RPCSEC_GSS daemon
|
||||
.IR ccachedir ]
|
||||
.RB [ \-t
|
||||
.IR timeout ]
|
||||
+.RB [ \-T
|
||||
+.IR timeout ]
|
||||
+.RB [ \-U
|
||||
+.IR timeout ]
|
||||
.RB [ \-R
|
||||
.IR realm ]
|
||||
.SH INTRODUCTION
|
||||
@@ -290,7 +294,7 @@ seconds, which allows changing Kerberos
|
||||
The default is no explicit timeout, which means the kernel context will live
|
||||
the lifetime of the Kerberos service ticket used in its creation.
|
||||
.TP
|
||||
-.B -T timeout
|
||||
+.BI "-T " timeout
|
||||
Timeout, in seconds, to create an RPC connection with a server while
|
||||
establishing an authenticated gss context for a user.
|
||||
The default timeout is set to 5 seconds.
|
||||
@@ -298,6 +302,18 @@ If you get messages like "WARNING: can't
|
||||
%servername% for user with uid %uid%: RPC: Remote system error -
|
||||
Connection timed out", you should consider an increase of this timeout.
|
||||
.TP
|
||||
+.BI "-U " timeout
|
||||
+Timeout, in seconds, for upcall threads. Threads executing longer than
|
||||
+.I timeout
|
||||
+seconds will cause an error message to be logged. The default
|
||||
+.I timeout
|
||||
+is 30 seconds. The minimum is 5 seconds. The maximum is 600 seconds.
|
||||
+.TP
|
||||
+.B -C
|
||||
+In addition to logging an error message for threads that have timed out,
|
||||
+the thread will be canceled and an error of -ETIMEDOUT will be reported
|
||||
+to the kernel.
|
||||
+.TP
|
||||
.B -H
|
||||
Avoids setting $HOME to "/". This allows rpc.gssd to read per user k5identity
|
||||
files versus trying to read /.k5identity for each user.
|
||||
@@ -365,6 +381,17 @@ Equivalent to
|
||||
Equivalent to
|
||||
.BR -R .
|
||||
.TP
|
||||
+.B upcall-timeout
|
||||
+Equivalent to
|
||||
+.BR -U .
|
||||
+.TP
|
||||
+.B cancel-timed-out-upcalls
|
||||
+Setting to
|
||||
+.B true
|
||||
+is equivalent to providing the
|
||||
+.B -C
|
||||
+flag.
|
||||
+.TP
|
||||
.B set-home
|
||||
Setting to
|
||||
.B false
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 09:45:40.449448272 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 12:08:55.316182891 -0400
|
||||
@@ -81,11 +81,24 @@
|
||||
#include "gss_names.h"
|
||||
|
||||
extern pthread_mutex_t clp_lock;
|
||||
+extern pthread_mutex_t active_thread_list_lock;
|
||||
+extern int upcall_timeout;
|
||||
+extern TAILQ_HEAD(active_thread_list_head, upcall_thread_info) active_thread_list;
|
||||
|
||||
/* Encryption types supported by the kernel rpcsec_gss code */
|
||||
int num_krb5_enctypes = 0;
|
||||
krb5_enctype *krb5_enctypes = NULL;
|
||||
|
||||
+/* Args for the cleanup_handler() */
|
||||
+struct cleanup_args {
|
||||
+ OM_uint32 *min_stat;
|
||||
+ gss_buffer_t acceptor;
|
||||
+ gss_buffer_t token;
|
||||
+ struct authgss_private_data *pd;
|
||||
+ AUTH **auth;
|
||||
+ CLIENT **rpc_clnt;
|
||||
+};
|
||||
+
|
||||
/*
|
||||
* Parse the supported encryption type information
|
||||
*/
|
||||
@@ -184,7 +197,7 @@ out_err:
|
||||
return;
|
||||
}
|
||||
|
||||
-static int
|
||||
+int
|
||||
do_error_downcall(int k5_fd, uid_t uid, int err)
|
||||
{
|
||||
char buf[1024];
|
||||
@@ -604,27 +617,66 @@ out:
|
||||
}
|
||||
|
||||
/*
|
||||
+ * cleanup_handler:
|
||||
+ *
|
||||
+ * Free any resources allocated by process_krb5_upcall().
|
||||
+ *
|
||||
+ * Runs upon normal termination of process_krb5_upcall as well as if the
|
||||
+ * thread is canceled.
|
||||
+ */
|
||||
+static void
|
||||
+cleanup_handler(void *arg)
|
||||
+{
|
||||
+ struct cleanup_args *args = (struct cleanup_args *)arg;
|
||||
+
|
||||
+ gss_release_buffer(args->min_stat, args->acceptor);
|
||||
+ if (args->token->value)
|
||||
+ free(args->token->value);
|
||||
+#ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA
|
||||
+ if (args->pd->pd_ctx_hndl.length != 0 || args->pd->pd_ctx != 0)
|
||||
+ authgss_free_private_data(args->pd);
|
||||
+#endif
|
||||
+ if (*args->auth)
|
||||
+ AUTH_DESTROY(*args->auth);
|
||||
+ if (*args->rpc_clnt)
|
||||
+ clnt_destroy(*args->rpc_clnt);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * process_krb5_upcall:
|
||||
+ *
|
||||
* this code uses the userland rpcsec gss library to create a krb5
|
||||
* context on behalf of the kernel
|
||||
+ *
|
||||
+ * This is the meat of the upcall thread. Note that cancelability is disabled
|
||||
+ * and enabled at various points to ensure that any resources reserved by the
|
||||
+ * lower level libraries are released safely.
|
||||
*/
|
||||
static void
|
||||
-process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *srchost,
|
||||
- char *tgtname, char *service)
|
||||
+process_krb5_upcall(struct clnt_upcall_info *info)
|
||||
{
|
||||
+ struct clnt_info *clp = info->clp;
|
||||
+ uid_t uid = info->uid;
|
||||
+ int fd = info->fd;
|
||||
+ char *srchost = info->srchost;
|
||||
+ char *tgtname = info->target;
|
||||
+ char *service = info->service;
|
||||
CLIENT *rpc_clnt = NULL;
|
||||
AUTH *auth = NULL;
|
||||
struct authgss_private_data pd;
|
||||
gss_buffer_desc token;
|
||||
- int err, downcall_err = -EACCES;
|
||||
+ int err, downcall_err;
|
||||
OM_uint32 maj_stat, min_stat, lifetime_rec;
|
||||
gss_name_t gacceptor = GSS_C_NO_NAME;
|
||||
gss_OID mech;
|
||||
gss_buffer_desc acceptor = {0};
|
||||
+ struct cleanup_args cleanup_args = {&min_stat, &acceptor, &token, &pd, &auth, &rpc_clnt};
|
||||
|
||||
token.length = 0;
|
||||
token.value = NULL;
|
||||
memset(&pd, 0, sizeof(struct authgss_private_data));
|
||||
|
||||
+ pthread_cleanup_push(cleanup_handler, &cleanup_args);
|
||||
/*
|
||||
* If "service" is specified, then the kernel is indicating that
|
||||
* we must use machine credentials for this request. (Regardless
|
||||
@@ -646,6 +698,8 @@ process_krb5_upcall(struct clnt_info *cl
|
||||
* used for this case is not important.
|
||||
*
|
||||
*/
|
||||
+ downcall_err = -EACCES;
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
|
||||
if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0 &&
|
||||
service == NULL)) {
|
||||
|
||||
@@ -666,15 +720,21 @@ process_krb5_upcall(struct clnt_info *cl
|
||||
goto out_return_error;
|
||||
}
|
||||
}
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
||||
+ pthread_testcancel();
|
||||
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
|
||||
if (!authgss_get_private_data(auth, &pd)) {
|
||||
printerr(1, "WARNING: Failed to obtain authentication "
|
||||
"data for user with uid %d for server %s\n",
|
||||
uid, clp->servername);
|
||||
goto out_return_error;
|
||||
}
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
||||
+ pthread_testcancel();
|
||||
|
||||
/* Grab the context lifetime and acceptor name out of the ctx. */
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
|
||||
maj_stat = gss_inquire_context(&min_stat, pd.pd_ctx, NULL, &gacceptor,
|
||||
&lifetime_rec, &mech, NULL, NULL, NULL);
|
||||
|
||||
@@ -686,37 +746,35 @@ process_krb5_upcall(struct clnt_info *cl
|
||||
get_hostbased_client_buffer(gacceptor, mech, &acceptor);
|
||||
gss_release_name(&min_stat, &gacceptor);
|
||||
}
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
||||
+ pthread_testcancel();
|
||||
|
||||
/*
|
||||
* The serialization can mean turning pd.pd_ctx into a lucid context. If
|
||||
* that happens then the pd.pd_ctx will be unusable, so we must never
|
||||
* try to use it after this point.
|
||||
*/
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
|
||||
if (serialize_context_for_kernel(&pd.pd_ctx, &token, &krb5oid, NULL)) {
|
||||
printerr(1, "WARNING: Failed to serialize krb5 context for "
|
||||
"user with uid %d for server %s\n",
|
||||
uid, clp->servername);
|
||||
goto out_return_error;
|
||||
}
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
||||
+ pthread_testcancel();
|
||||
|
||||
do_downcall(fd, uid, &pd, &token, lifetime_rec, &acceptor);
|
||||
|
||||
out:
|
||||
- gss_release_buffer(&min_stat, &acceptor);
|
||||
- if (token.value)
|
||||
- free(token.value);
|
||||
-#ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA
|
||||
- if (pd.pd_ctx_hndl.length != 0 || pd.pd_ctx != 0)
|
||||
- authgss_free_private_data(&pd);
|
||||
-#endif
|
||||
- if (auth)
|
||||
- AUTH_DESTROY(auth);
|
||||
- if (rpc_clnt)
|
||||
- clnt_destroy(rpc_clnt);
|
||||
+ pthread_cleanup_pop(1);
|
||||
|
||||
return;
|
||||
|
||||
out_return_error:
|
||||
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
|
||||
+ pthread_testcancel();
|
||||
+
|
||||
do_error_downcall(fd, uid, downcall_err);
|
||||
goto out;
|
||||
}
|
||||
@@ -782,36 +840,69 @@ void free_upcall_info(struct clnt_upcall
|
||||
}
|
||||
|
||||
static void
|
||||
-gssd_work_thread_fn(struct clnt_upcall_info *info)
|
||||
+cleanup_clnt_upcall_info(void *arg)
|
||||
{
|
||||
- process_krb5_upcall(info->clp, info->uid, info->fd, info->srchost, info->target, info->service);
|
||||
+ struct clnt_upcall_info *info = (struct clnt_upcall_info *)arg;
|
||||
+
|
||||
free_upcall_info(info);
|
||||
}
|
||||
|
||||
+static void
|
||||
+gssd_work_thread_fn(struct clnt_upcall_info *info)
|
||||
+{
|
||||
+ pthread_cleanup_push(cleanup_clnt_upcall_info, info);
|
||||
+ process_krb5_upcall(info);
|
||||
+ pthread_cleanup_pop(1);
|
||||
+}
|
||||
+
|
||||
+static struct upcall_thread_info *
|
||||
+alloc_upcall_thread_info(void)
|
||||
+{
|
||||
+ struct upcall_thread_info *info;
|
||||
+
|
||||
+ info = malloc(sizeof(struct upcall_thread_info));
|
||||
+ if (info == NULL)
|
||||
+ return NULL;
|
||||
+ memset(info, 0, sizeof(*info));
|
||||
+ return info;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
-start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
|
||||
+start_upcall_thread(void (*func)(struct clnt_upcall_info *), struct clnt_upcall_info *info)
|
||||
{
|
||||
pthread_attr_t attr;
|
||||
pthread_t th;
|
||||
+ struct upcall_thread_info *tinfo;
|
||||
int ret;
|
||||
|
||||
+ tinfo = alloc_upcall_thread_info();
|
||||
+ if (!tinfo)
|
||||
+ return -ENOMEM;
|
||||
+ tinfo->fd = info->fd;
|
||||
+ tinfo->uid = info->uid;
|
||||
+
|
||||
ret = pthread_attr_init(&attr);
|
||||
if (ret != 0) {
|
||||
printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
|
||||
ret, strerror(errno));
|
||||
- return ret;
|
||||
- }
|
||||
- ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
|
||||
- if (ret != 0) {
|
||||
- printerr(0, "ERROR: failed to create pthread attr: ret %d: "
|
||||
- "%s\n", ret, strerror(errno));
|
||||
+ free(tinfo);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = pthread_create(&th, &attr, (void *)func, (void *)info);
|
||||
- if (ret != 0)
|
||||
+ if (ret != 0) {
|
||||
printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
|
||||
ret, strerror(errno));
|
||||
+ free(tinfo);
|
||||
+ return ret;
|
||||
+ }
|
||||
+ tinfo->tid = th;
|
||||
+ pthread_mutex_lock(&active_thread_list_lock);
|
||||
+ clock_gettime(CLOCK_MONOTONIC, &tinfo->timeout);
|
||||
+ tinfo->timeout.tv_sec += upcall_timeout;
|
||||
+ TAILQ_INSERT_TAIL(&active_thread_list, tinfo, list);
|
||||
+ pthread_mutex_unlock(&active_thread_list_lock);
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,70 +0,0 @@
|
||||
commit 104f90f4ce964ddcfe50d4d24cc5e7ff96952299
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Sat Oct 20 12:01:37 2018 -0400
|
||||
|
||||
gssd: Introduce use-gss-proxy boolean to nfs.conf
|
||||
|
||||
Allow the used of the gssprox-mech(8) through a the
|
||||
boolean variable in the [gssd] section of nfs.conf
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 0d0ec9b..5546109 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -11,6 +11,7 @@
|
||||
#[gssd]
|
||||
# use-memcache=0
|
||||
# use-machine-creds=1
|
||||
+# use-gss-proxy=0
|
||||
# avoid-dns=1
|
||||
# limit-to-legacy-enctypes=0
|
||||
# context-timeout=0
|
||||
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
|
||||
index 189b052..699db3f 100644
|
||||
--- a/systemd/nfs.conf.man
|
||||
+++ b/systemd/nfs.conf.man
|
||||
@@ -213,6 +213,7 @@ for details.
|
||||
Recognized values:
|
||||
.BR use-memcache ,
|
||||
.BR use-machine-creds ,
|
||||
+.BR use-gss-proxy ,
|
||||
.BR avoid-dns ,
|
||||
.BR limit-to-legacy-enctypes ,
|
||||
.BR context-timeout ,
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index 00df2fc..2e92f28 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -89,6 +89,7 @@ char *preferred_realm = NULL;
|
||||
char *ccachedir = NULL;
|
||||
/* Avoid DNS reverse lookups on server names */
|
||||
static bool avoid_dns = true;
|
||||
+static bool use_gssproxy = false;
|
||||
int thread_started = false;
|
||||
pthread_mutex_t pmutex = PTHREAD_MUTEX_INITIALIZER;
|
||||
pthread_cond_t pcond = PTHREAD_COND_INITIALIZER;
|
||||
@@ -872,6 +873,7 @@ read_gss_conf(void)
|
||||
if (s)
|
||||
preferred_realm = s;
|
||||
|
||||
+ use_gssproxy = conf_get_bool("gssd", "use-gss-proxy", use_gssproxy);
|
||||
}
|
||||
|
||||
int
|
||||
@@ -957,6 +959,14 @@ main(int argc, char *argv[])
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+ if (use_gssproxy) {
|
||||
+ if (setenv("GSS_USE_PROXY", "yes", 1) < 0) {
|
||||
+ printerr(0, "gssd: Unable to set $GSS_USE_PROXY: %s\n",
|
||||
+ strerror(errno));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (ccachedir) {
|
||||
char *ccachedir_copy;
|
||||
char *ptr;
|
@ -1,52 +0,0 @@
|
||||
commit 64d83364b08ab32c6b8fee903529314349175772
|
||||
Author: Pierguido Lambri <plambri@redhat.com>
|
||||
Date: Mon Mar 11 13:50:57 2019 -0400
|
||||
|
||||
gssd: add verbosity options to the rpc.gssd man page
|
||||
|
||||
It also adds the commented out entries in the nfs.conf
|
||||
default file.
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1668026
|
||||
|
||||
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
|
||||
--- nfs-utils-2.3.3/nfs.conf.orig 2019-03-19 11:04:16.903567972 -0400
|
||||
+++ nfs-utils-2.3.3/nfs.conf 2019-03-19 11:10:54.452251970 -0400
|
||||
@@ -9,6 +9,8 @@
|
||||
# debug=0
|
||||
#
|
||||
[gssd]
|
||||
+# verbosity=0
|
||||
+# rpc-verbosity=0
|
||||
# use-memcache=0
|
||||
# use-machine-creds=1
|
||||
use-gss-proxy=1
|
||||
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
|
||||
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2019-03-19 11:04:16.911567926 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2019-03-19 11:10:54.452251970 -0400
|
||||
@@ -211,6 +211,8 @@ for details.
|
||||
.TP
|
||||
.B gssd
|
||||
Recognized values:
|
||||
+.BR verbosity ,
|
||||
+.BR rpc-verbosity ,
|
||||
.BR use-memcache ,
|
||||
.BR use-machine-creds ,
|
||||
.BR use-gss-proxy ,
|
||||
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
|
||||
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2019-03-19 11:04:16.893568031 -0400
|
||||
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2019-03-19 11:10:54.453251964 -0400
|
||||
@@ -890,8 +890,8 @@ main(int argc, char *argv[])
|
||||
|
||||
read_gss_conf();
|
||||
|
||||
- verbosity = conf_get_num("gssd", "Verbosity", verbosity);
|
||||
- rpc_verbosity = conf_get_num("gssd", "RPC-Verbosity", rpc_verbosity);
|
||||
+ verbosity = conf_get_num("gssd", "verbosity", verbosity);
|
||||
+ rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
|
||||
|
||||
while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
|
||||
switch (opt) {
|
@ -1,12 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c.orig nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c
|
||||
--- nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c.orig 2020-05-05 14:07:24.642693179 -0400
|
||||
+++ nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c 2020-05-05 14:08:39.054849153 -0400
|
||||
@@ -432,7 +432,7 @@ int main(int argc, char **argv)
|
||||
|
||||
xlog_stderr(verbose);
|
||||
if ((argc - optind) != 2) {
|
||||
- xlog_warn("Bad arg count. Check /etc/request-key.conf");
|
||||
+ xlog_warn("Bad arg count. Check /etc/request-key.d/request-key.conf");
|
||||
xlog_warn(USAGE, progname);
|
||||
return EXIT_FAILURE;
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
commit efefa7845601f551820fa17cb0808dbb3c3cc3dd
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Wed Nov 13 09:32:00 2019 -0500
|
||||
|
||||
junction: Fixed debug statement to compile with -Werror=format=2 flag
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/support/junction/xml.c b/support/junction/xml.c
|
||||
index 79b0770..7005e95 100644
|
||||
--- a/support/junction/xml.c
|
||||
+++ b/support/junction/xml.c
|
||||
@@ -327,8 +327,8 @@ junction_parse_xml_read(const char *pathname, int fd, const char *name,
|
||||
if (retval != FEDFS_OK)
|
||||
return retval;
|
||||
|
||||
- xlog(D_CALL, "%s: XML document contained in junction:\n%.*s",
|
||||
- __func__, len, buf);
|
||||
+ xlog(D_CALL, "%s: XML document contained in junction:\n%ld.%s",
|
||||
+ __func__, len, (char *)buf);
|
||||
|
||||
retval = junction_parse_xml_buf(pathname, name, buf, len, doc);
|
||||
|
||||
commit f7c0c0dc4a02d87965d3fbbab69786ca07fdecea
|
||||
Author: Guillaume Rousse <guillomovitch@gmail.com>
|
||||
Date: Fri Nov 22 10:20:03 2019 -0500
|
||||
|
||||
fix compilation with -Werror=format on i586
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/support/junction/xml.c b/support/junction/xml.c
|
||||
index 7005e95..813110b 100644
|
||||
--- a/support/junction/xml.c
|
||||
+++ b/support/junction/xml.c
|
||||
@@ -327,7 +327,7 @@ junction_parse_xml_read(const char *pathname, int fd, const char *name,
|
||||
if (retval != FEDFS_OK)
|
||||
return retval;
|
||||
|
||||
- xlog(D_CALL, "%s: XML document contained in junction:\n%ld.%s",
|
||||
+ xlog(D_CALL, "%s: XML document contained in junction:\n%zu.%s",
|
||||
__func__, len, (char *)buf);
|
||||
|
||||
retval = junction_parse_xml_buf(pathname, name, buf, len, doc);
|
||||
diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c
|
||||
index b392f71..ea51f78 100644
|
||||
--- a/tools/locktest/testlk.c
|
||||
+++ b/tools/locktest/testlk.c
|
||||
@@ -81,7 +81,7 @@ main(int argc, char **argv)
|
||||
if (fl.l_type == F_UNLCK) {
|
||||
printf("%s: no conflicting lock\n", fname);
|
||||
} else {
|
||||
- printf("%s: conflicting lock by %d on (%ld;%ld)\n",
|
||||
+ printf("%s: conflicting lock by %d on (%zd;%zd)\n",
|
||||
fname, fl.l_pid, fl.l_start, fl.l_len);
|
||||
}
|
||||
return 0;
|
@ -1,162 +0,0 @@
|
||||
diff --git a/aclocal/libxml2.m4 b/aclocal/libxml2.m4
|
||||
index 5c399b2..8231553 100644
|
||||
--- a/aclocal/libxml2.m4
|
||||
+++ b/aclocal/libxml2.m4
|
||||
@@ -1,15 +1,17 @@
|
||||
dnl Checks for libxml2.so
|
||||
AC_DEFUN([AC_LIBXML2], [
|
||||
|
||||
- if test "$enable_junction" = yes; then
|
||||
+ PKG_PROG_PKG_CONFIG([0.9.0])
|
||||
+ AS_IF(
|
||||
+ [test "$enable_junction" = "yes"],
|
||||
+ [PKG_CHECK_MODULES([XML2], [libxml-2.0 >= 2.4],
|
||||
+ [LIBXML2="${XML2_LIBS}"
|
||||
+ AM_CPPFLAGS="${AM_CPPFLAGS} ${XML2_CFLAGS}"
|
||||
+ AC_DEFINE([HAVE_LIBXML2], [1],
|
||||
+ [Define to 1 if you have and wish to use libxml2.])],
|
||||
+ [AC_MSG_ERROR([libxml2 not found.])])])
|
||||
|
||||
- dnl look for the library; do not add to LIBS if found
|
||||
- AC_CHECK_LIB([xml2], [xmlParseFile], [LIBXML2=-lxml2],
|
||||
- [AC_MSG_ERROR([libxml2 not found.])])
|
||||
- AC_SUBST(LIBXML2)
|
||||
-
|
||||
- dnl XXX should also check for presence of xml headers
|
||||
-
|
||||
- fi
|
||||
+ AC_SUBST([AM_CPPFLAGS])
|
||||
+ AC_SUBST(LIBXML2)
|
||||
|
||||
])dnl
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index cf1c4b9..b458891 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -165,7 +165,7 @@ AC_ARG_ENABLE(uuid,
|
||||
choose_blkid=default)
|
||||
AC_ARG_ENABLE(mount,
|
||||
[AC_HELP_STRING([--disable-mount],
|
||||
- [Don't build mount.nfs and do use the util-linux mount(8) functionality. @<:@default=no@:>@])],
|
||||
+ [Do not build mount.nfs and do use the util-linux mount(8) functionality. @<:@default=no@:>@])],
|
||||
enable_mount=$enableval,
|
||||
enable_mount=yes)
|
||||
AM_CONDITIONAL(CONFIG_MOUNT, [test "$enable_mount" = "yes"])
|
||||
@@ -185,7 +185,13 @@ AC_ARG_ENABLE(junction,
|
||||
[enable support for NFS junctions @<:@default=no@:>@])],
|
||||
enable_junction=$enableval,
|
||||
enable_junction=no)
|
||||
-AM_CONDITIONAL(CONFIG_JUNCTION, [test "$enable_junction" = "yes" ])
|
||||
+ if test "$enable_junction" = yes; then
|
||||
+ AC_DEFINE(HAVE_JUNCTION_SUPPORT, 1,
|
||||
+ [Define this if you want junction support compiled in])
|
||||
+ else
|
||||
+ enable_junction=
|
||||
+ fi
|
||||
+ AM_CONDITIONAL(CONFIG_JUNCTION, [test "$enable_junction" = "yes" ])
|
||||
|
||||
AC_ARG_ENABLE(tirpc,
|
||||
[AC_HELP_STRING([--disable-tirpc],
|
||||
diff --git a/support/junction/Makefile.am b/support/junction/Makefile.am
|
||||
index 97e7426..be6958b 100644
|
||||
--- a/support/junction/Makefile.am
|
||||
+++ b/support/junction/Makefile.am
|
||||
@@ -30,5 +30,3 @@ libjunction_la_SOURCES = display.c export-cache.c junction.c \
|
||||
locations.c nfs.c path.c xml.c
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
-
|
||||
-AM_CPPFLAGS = -I. -I../include -I/usr/include/libxml2
|
||||
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
|
||||
index 6f42512..7e8d403 100644
|
||||
--- a/utils/mountd/cache.c
|
||||
+++ b/utils/mountd/cache.c
|
||||
@@ -976,8 +976,9 @@ lookup_export(char *dom, char *path, struct addrinfo *ai)
|
||||
return found;
|
||||
}
|
||||
|
||||
-#ifdef CONFIG_JUNCTION
|
||||
+#ifdef HAVE_JUNCTION_SUPPORT
|
||||
|
||||
+#include <libxml/parser.h>
|
||||
#include "junction.h"
|
||||
|
||||
struct nfs_fsloc_set {
|
||||
@@ -1084,8 +1085,7 @@ static bool locations_to_fslocdata(struct nfs_fsloc_set *locations,
|
||||
*ttl = 0;
|
||||
|
||||
for (;;) {
|
||||
- enum jp_status status;
|
||||
- int len;
|
||||
+ int len, status;
|
||||
|
||||
status = get_next_location(locations, &server,
|
||||
&rootpath, ttl);
|
||||
@@ -1219,7 +1219,7 @@ nfs_get_basic_junction(const char *junct_path, struct nfs_fsloc_set **locset)
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
- locset->ns_current = locset->ns_list;
|
||||
+ new->ns_current = new->ns_list;
|
||||
new->ns_ttl = 300;
|
||||
*locset = new;
|
||||
return 0;
|
||||
@@ -1242,7 +1242,7 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
|
||||
status = nfs_get_basic_junction(pathname, &locations);
|
||||
switch (status) {
|
||||
xlog(L_WARNING, "Dangling junction %s: %s",
|
||||
- pathname, strerro(status));
|
||||
+ pathname, strerror(status));
|
||||
goto out;
|
||||
}
|
||||
|
||||
@@ -1252,8 +1252,8 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
|
||||
|
||||
exp = locations_to_export(locations, pathname, parent);
|
||||
|
||||
- nfs_free_locations(locset->ns_list);
|
||||
- free(locset);
|
||||
+ nfs_free_locations(locations->ns_list);
|
||||
+ free(locations);
|
||||
|
||||
out:
|
||||
xmlCleanupParser();
|
||||
@@ -1273,7 +1273,7 @@ static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path
|
||||
free(eep);
|
||||
}
|
||||
|
||||
-#else /* !CONFIG_JUNCTION */
|
||||
+#else /* !HAVE_JUNCTION_SUPPORT */
|
||||
|
||||
static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path,
|
||||
struct addrinfo *UNUSED(ai))
|
||||
@@ -1281,7 +1281,7 @@ static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path
|
||||
dump_to_cache(f, buf, buflen, dom, path, NULL, 0);
|
||||
}
|
||||
|
||||
-#endif /* !CONFIG_JUNCTION */
|
||||
+#endif /* !HAVE_JUNCTION_SUPPORT */
|
||||
|
||||
static void nfsd_export(int f)
|
||||
{
|
||||
diff --git a/utils/nfsref/Makefile.am b/utils/nfsref/Makefile.am
|
||||
index 2b2bb53..2409dd0 100644
|
||||
--- a/utils/nfsref/Makefile.am
|
||||
+++ b/utils/nfsref/Makefile.am
|
||||
@@ -27,13 +27,11 @@ noinst_HEADERS = nfsref.h
|
||||
|
||||
sbin_PROGRAMS = nfsref
|
||||
nfsref_SOURCES = add.c lookup.c nfsref.c remove.c
|
||||
-LDADD = $(LIBXML2) $(LIBCAP) \
|
||||
- ../../support/nfs/libnfs.la \
|
||||
- ../../support/junction/libjunction.la
|
||||
+LDADD = ../../support/nfs/libnfs.la \
|
||||
+ ../../support/junction/libjunction.la \
|
||||
+ $(LIBXML2) $(LIBCAP)
|
||||
|
||||
man8_MANS = nfsref.man
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
|
||||
-AM_CPPFLAGS = -I. -I../../support/include
|
||||
-##AM_LDFLAGS = -Wl,--as-needed
|
@ -1,49 +0,0 @@
|
||||
From fd2e952319c748e1c7babb1db97b371ebf6748a9 Mon Sep 17 00:00:00 2001
|
||||
From: Alice J Mitchell <ajmitchell@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 15:47:40 +0100
|
||||
Subject: [PATCH] Fix the error handling if the lseek fails
|
||||
|
||||
The error case when lseek returns a negative value was not correctly handled,
|
||||
and the error cleanup routine was potentially leaking memory also.
|
||||
|
||||
Signed-off-by: Alice J Mitchell <ajmitchell@redhat.com>
|
||||
---
|
||||
support/nfs/conffile.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
|
||||
index b6400be..6ba8a35 100644
|
||||
--- a/support/nfs/conffile.c
|
||||
+++ b/support/nfs/conffile.c
|
||||
@@ -500,7 +500,7 @@ conf_readfile(const char *path)
|
||||
|
||||
if ((stat (path, &sb) == 0) || (errno != ENOENT)) {
|
||||
char *new_conf_addr = NULL;
|
||||
- size_t sz = sb.st_size;
|
||||
+ off_t sz;
|
||||
int fd = open (path, O_RDONLY, 0);
|
||||
|
||||
if (fd == -1) {
|
||||
@@ -517,6 +517,11 @@ conf_readfile(const char *path)
|
||||
|
||||
/* only after we have the lock, check the file size ready to read it */
|
||||
sz = lseek(fd, 0, SEEK_END);
|
||||
+ if (sz < 0) {
|
||||
+ xlog_warn("conf_readfile: unable to determine file size: %s",
|
||||
+ strerror(errno));
|
||||
+ goto fail;
|
||||
+ }
|
||||
lseek(fd, 0, SEEK_SET);
|
||||
|
||||
new_conf_addr = malloc(sz+1);
|
||||
@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg,
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
+ flush_outqueue(&inqueue, NULL);
|
||||
flush_outqueue(&outqueue, NULL);
|
||||
|
||||
if (buff)
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,8 +1,8 @@
|
||||
diff -up nfs-utils-2.3.3/utils/mountd/mountd.man.orig nfs-utils-2.3.3/utils/mountd/mountd.man
|
||||
--- nfs-utils-2.3.3/utils/mountd/mountd.man.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mountd/mountd.man 2018-10-26 09:53:10.005127368 -0400
|
||||
@@ -232,36 +232,7 @@ section include
|
||||
which each have same same meaning as given by
|
||||
diff -up nfs-utils-2.5.4/utils/mountd/mountd.man.orig nfs-utils-2.5.4/utils/mountd/mountd.man
|
||||
--- nfs-utils-2.5.4/utils/mountd/mountd.man.orig 2022-01-22 16:56:29.715967394 -0500
|
||||
+++ nfs-utils-2.5.4/utils/mountd/mountd.man 2022-01-22 16:57:07.494103095 -0500
|
||||
@@ -291,36 +291,7 @@ section include
|
||||
which each have the same meaning as given by
|
||||
.BR rpc.nfsd (8).
|
||||
|
||||
-.SH TCP_WRAPPERS SUPPORT
|
||||
@ -39,7 +39,7 @@ diff -up nfs-utils-2.3.3/utils/mountd/mountd.man.orig nfs-utils-2.3.3/utils/moun
|
||||
TI-RPC is a pre-requisite for supporting NFS on IPv6.
|
||||
If TI-RPC support is built into
|
||||
.BR rpc.mountd ,
|
||||
@@ -288,7 +259,6 @@ table of clients accessing server's expo
|
||||
@@ -347,7 +318,6 @@ table of clients accessing server's expo
|
||||
.BR nfs (5),
|
||||
.BR nfs.conf (5),
|
||||
.BR tcpd (8),
|
||||
@ -47,10 +47,10 @@ diff -up nfs-utils-2.3.3/utils/mountd/mountd.man.orig nfs-utils-2.3.3/utils/moun
|
||||
.BR iptables (8),
|
||||
.BR netconfig (5)
|
||||
.sp
|
||||
diff -up nfs-utils-2.3.3/utils/statd/statd.man.orig nfs-utils-2.3.3/utils/statd/statd.man
|
||||
--- nfs-utils-2.3.3/utils/statd/statd.man.orig 2018-10-26 09:52:27.609358805 -0400
|
||||
+++ nfs-utils-2.3.3/utils/statd/statd.man 2018-10-26 09:53:37.345978117 -0400
|
||||
@@ -319,28 +319,6 @@ chooses, simply use
|
||||
diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/statd.man
|
||||
--- nfs-utils-2.5.4/utils/statd/statd.man.orig 2022-01-22 16:56:29.718967405 -0500
|
||||
+++ nfs-utils-2.5.4/utils/statd/statd.man 2022-01-22 16:57:07.495103099 -0500
|
||||
@@ -325,28 +325,6 @@ chooses, simply use
|
||||
.BR chown (1)
|
||||
to set the owner of
|
||||
the state directory.
|
||||
@ -79,7 +79,7 @@ diff -up nfs-utils-2.3.3/utils/statd/statd.man.orig nfs-utils-2.3.3/utils/statd/
|
||||
.SH ADDITIONAL NOTES
|
||||
Lock recovery after a reboot is critical to maintaining data integrity
|
||||
and preventing unnecessary application hangs.
|
||||
@@ -445,7 +423,6 @@ network transport capability database
|
||||
@@ -451,7 +429,6 @@ network transport capability database
|
||||
.BR rpc.nfsd (8),
|
||||
.BR rpcbind (8),
|
||||
.BR tcpd (8),
|
||||
|
@ -1,37 +0,0 @@
|
||||
From ccdd8c803182f5c172580379a56e84a23789cf0d Mon Sep 17 00:00:00 2001
|
||||
From: Alice J Mitchell <ajmitchell@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 15:49:34 +0100
|
||||
Subject: [PATCH] Fix memory leak on error in nfs-server-generator
|
||||
|
||||
Fix the trivial memory leak in the error handling of nfs-server-generator
|
||||
|
||||
Resolves: bz1440524
|
||||
Signed-off-by: Alice J Mitchell <ajmitchell@redhat.com>
|
||||
---
|
||||
systemd/nfs-server-generator.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/systemd/nfs-server-generator.c b/systemd/nfs-server-generator.c
|
||||
index 737f109..eec98fd 100644
|
||||
--- a/systemd/nfs-server-generator.c
|
||||
+++ b/systemd/nfs-server-generator.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <mntent.h>
|
||||
+#include <alloca.h>
|
||||
|
||||
#include "misc.h"
|
||||
#include "nfslib.h"
|
||||
@@ -98,7 +99,7 @@ int main(int argc, char *argv[])
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- path = malloc(strlen(argv[1]) + sizeof(dirbase) + sizeof(filebase));
|
||||
+ path = alloca(strlen(argv[1]) + sizeof(dirbase) + sizeof(filebase));
|
||||
if (!path)
|
||||
exit(2);
|
||||
if (export_read(_PATH_EXPORTS, 1) +
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,14 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
|
||||
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2022-02-14 11:28:51.570084952 -0500
|
||||
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2022-02-14 11:29:16.174450628 -0500
|
||||
@@ -966,7 +966,9 @@ fall_back:
|
||||
if ((result = nfs_try_mount_v3v2(mi, FALSE)))
|
||||
return result;
|
||||
|
||||
- errno = olderrno;
|
||||
+ if (errno != EBUSY && errno != EACCES)
|
||||
+ errno = olderrno;
|
||||
+
|
||||
return result;
|
||||
}
|
||||
|
@ -1,48 +0,0 @@
|
||||
commit a709f25c1da4a2fb44a1f3fd060298fbbd88aa3c
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Tue May 14 15:52:50 2019 -0400
|
||||
|
||||
mount: Report correct error in the fall_back cases.
|
||||
|
||||
In mount auto negotiation, a v3 mount is tried
|
||||
when the v4 fails with error that could mean
|
||||
v4 is not supported.
|
||||
|
||||
When the v3 mount fails, the original v4 failure
|
||||
should be used to set the errno, not the v3 failure.
|
||||
|
||||
Fixes:https://bugzilla.redhat.com/show_bug.cgi?id=1709961
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
|
||||
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2019-08-12 10:58:32.610650773 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2019-08-12 11:10:39.661142985 -0400
|
||||
@@ -888,7 +888,7 @@ out:
|
||||
*/
|
||||
static int nfs_autonegotiate(struct nfsmount_info *mi)
|
||||
{
|
||||
- int result;
|
||||
+ int result, olderrno;
|
||||
|
||||
result = nfs_try_mount_v4(mi);
|
||||
check_result:
|
||||
@@ -948,7 +948,18 @@ fall_back:
|
||||
if (mi->version.v_mode == V_GENERAL)
|
||||
/* v2,3 fallback not allowed */
|
||||
return result;
|
||||
- return nfs_try_mount_v3v2(mi, FALSE);
|
||||
+
|
||||
+ /*
|
||||
+ * Save the original errno in case the v3
|
||||
+ * mount fails from one of the fall_back cases.
|
||||
+ * Report the first failure not the v3 mount failure
|
||||
+ */
|
||||
+ olderrno = errno;
|
||||
+ if ((result = nfs_try_mount_v3v2(mi, FALSE)))
|
||||
+ return result;
|
||||
+
|
||||
+ errno = olderrno;
|
||||
+ return result;
|
||||
}
|
||||
|
||||
/*
|
@ -1,47 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/mount/Makefile.am.orig nfs-utils-2.3.3/utils/mount/Makefile.am
|
||||
--- nfs-utils-2.3.3/utils/mount/Makefile.am.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/Makefile.am 2018-10-25 10:27:33.881804941 -0400
|
||||
@@ -27,6 +27,7 @@ endif
|
||||
|
||||
mount_nfs_LDADD = ../../support/nfs/libnfs.la \
|
||||
../../support/export/libexport.a \
|
||||
+ ../../support/misc/libmisc.a \
|
||||
$(LIBTIRPC)
|
||||
|
||||
mount_nfs_SOURCES = $(mount_common)
|
||||
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
|
||||
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2018-10-25 10:27:59.733825016 -0400
|
||||
@@ -48,6 +48,7 @@
|
||||
#include "version.h"
|
||||
#include "parse_dev.h"
|
||||
#include "conffile.h"
|
||||
+#include "misc.h"
|
||||
|
||||
#ifndef NFS_PROGRAM
|
||||
#define NFS_PROGRAM (100003)
|
||||
@@ -1078,14 +1079,18 @@ static int nfsmount_fg(struct nfsmount_i
|
||||
if (nfs_try_mount(mi))
|
||||
return EX_SUCCESS;
|
||||
|
||||
- if (errno == EBUSY)
|
||||
- /* The only cause of EBUSY is if exactly the desired
|
||||
- * filesystem is already mounted. That can arguably
|
||||
- * be seen as success. "mount -a" tries to optimise
|
||||
- * out this case but sometimes fails. Help it out
|
||||
- * by pretending everything is rosy
|
||||
+#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
|
||||
+ if (errno == EBUSY && is_mountpoint(mi->node)) {
|
||||
+#pragma GCC diagnostic warning "-Wdiscarded-qualifiers"
|
||||
+ /*
|
||||
+ * EBUSY can happen when mounting a filesystem that
|
||||
+ * is already mounted or when the context= are
|
||||
+ * different when using the -o sharecache
|
||||
+ *
|
||||
+ * Only error out in the latter case.
|
||||
*/
|
||||
return EX_SUCCESS;
|
||||
+ }
|
||||
|
||||
if (nfs_is_permanent_error(errno))
|
||||
break;
|
@ -1,116 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/utils/mount/nfs.man.save nfs-utils-2.3.3/utils/mount/nfs.man
|
||||
--- nfs-utils-2.3.3/utils/mount/nfs.man.save 2021-07-28 14:42:20.977740892 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/nfs.man 2021-07-28 14:42:01.133212815 -0400
|
||||
@@ -525,6 +525,13 @@ using the FS-Cache facility. See cachefi
|
||||
and <kernel_soruce>/Documentation/filesystems/caching
|
||||
for detail on how to configure the FS-Cache facility.
|
||||
Default value is nofsc.
|
||||
+.TP 1.5i
|
||||
+.B sloppy
|
||||
+The
|
||||
+.B sloppy
|
||||
+option is an alternative to specifying
|
||||
+.BR mount.nfs " -s " option.
|
||||
+
|
||||
.SS "Options for NFS versions 2 and 3 only"
|
||||
Use these options, along with the options in the above subsection,
|
||||
for NFS versions 2 and 3 only.
|
||||
diff -up nfs-utils-2.3.3/utils/mount/parse_opt.c.save nfs-utils-2.3.3/utils/mount/parse_opt.c
|
||||
--- nfs-utils-2.3.3/utils/mount/parse_opt.c.save 2021-07-28 14:40:15.467400995 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/parse_opt.c 2021-07-28 14:39:57.666927309 -0400
|
||||
@@ -178,6 +178,22 @@ static void options_tail_insert(struct m
|
||||
options->count++;
|
||||
}
|
||||
|
||||
+static void options_head_insert(struct mount_options *options,
|
||||
+ struct mount_option *option)
|
||||
+{
|
||||
+ struct mount_option *ohead = options->head;
|
||||
+
|
||||
+ option->prev = NULL;
|
||||
+ option->next = ohead;
|
||||
+ if (ohead)
|
||||
+ ohead->prev = option;
|
||||
+ else
|
||||
+ options->tail = option;
|
||||
+ options->head = option;
|
||||
+
|
||||
+ options->count++;
|
||||
+}
|
||||
+
|
||||
static void options_delete(struct mount_options *options,
|
||||
struct mount_option *option)
|
||||
{
|
||||
@@ -374,6 +390,23 @@ po_return_t po_join(struct mount_options
|
||||
}
|
||||
|
||||
/**
|
||||
+ * po_insert - insert an option into a group of options
|
||||
+ * @options: pointer to mount options
|
||||
+ * @option: pointer to a C string containing the option to add
|
||||
+ *
|
||||
+ */
|
||||
+po_return_t po_insert(struct mount_options *options, char *str)
|
||||
+{
|
||||
+ struct mount_option *option = option_create(str);
|
||||
+
|
||||
+ if (option) {
|
||||
+ options_head_insert(options, option);
|
||||
+ return PO_SUCCEEDED;
|
||||
+ }
|
||||
+ return PO_FAILED;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
* po_append - concatenate an option onto a group of options
|
||||
* @options: pointer to mount options
|
||||
* @option: pointer to a C string containing the option to add
|
||||
diff -up nfs-utils-2.3.3/utils/mount/parse_opt.h.save nfs-utils-2.3.3/utils/mount/parse_opt.h
|
||||
--- nfs-utils-2.3.3/utils/mount/parse_opt.h.save 2021-07-28 14:40:54.292434148 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/parse_opt.h 2021-07-28 14:39:57.666927309 -0400
|
||||
@@ -43,6 +43,7 @@ void po_replace(struct mount_options *
|
||||
struct mount_options *);
|
||||
po_return_t po_join(struct mount_options *, char **);
|
||||
|
||||
+po_return_t po_insert(struct mount_options *, char *);
|
||||
po_return_t po_append(struct mount_options *, char *);
|
||||
po_found_t po_contains(struct mount_options *, char *);
|
||||
po_found_t po_contains_prefix(struct mount_options *options,
|
||||
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.save nfs-utils-2.3.3/utils/mount/stropts.c
|
||||
--- nfs-utils-2.3.3/utils/mount/stropts.c.save 2021-07-28 14:41:14.842981010 -0400
|
||||
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2021-07-28 14:42:01.134212842 -0400
|
||||
@@ -336,13 +336,21 @@ static int nfs_verify_lock_option(struct
|
||||
return 1;
|
||||
}
|
||||
|
||||
-static int nfs_append_sloppy_option(struct mount_options *options)
|
||||
+static int nfs_insert_sloppy_option(struct mount_options *options)
|
||||
{
|
||||
- if (!sloppy || linux_version_code() < MAKE_VERSION(2, 6, 27))
|
||||
+ if (linux_version_code() < MAKE_VERSION(2, 6, 27))
|
||||
return 1;
|
||||
|
||||
- if (po_append(options, "sloppy") == PO_FAILED)
|
||||
- return 0;
|
||||
+ if (po_contains(options, "sloppy")) {
|
||||
+ po_remove_all(options, "sloppy");
|
||||
+ sloppy++;
|
||||
+ }
|
||||
+
|
||||
+ if (sloppy) {
|
||||
+ if (po_insert(options, "sloppy") == PO_FAILED)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -424,7 +432,7 @@ static int nfs_validate_options(struct n
|
||||
if (!nfs_set_version(mi))
|
||||
return 0;
|
||||
|
||||
- if (!nfs_append_sloppy_option(mi->options))
|
||||
+ if (!nfs_insert_sloppy_option(mi->options))
|
||||
return 0;
|
||||
|
||||
return 1;
|
@ -1,77 +0,0 @@
|
||||
commit 50ef80739d9e1e0df6616289ef2ff626a94666ee
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Thu May 23 09:24:49 2019 -0400
|
||||
|
||||
rpc.mountd: Fix e_hostname and e_uuid leaks
|
||||
|
||||
strdup of exportent uuid and hostname in getexportent() ends up leaking
|
||||
memory. Free the memory before getexportent() is called again from xtab_read()
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1713360
|
||||
Signed-off-by: Nikhil Kshirsagar <nkshirsa@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/support/export/xtab.c b/support/export/xtab.c
|
||||
index d42eeef..1e1d679 100644
|
||||
--- a/support/export/xtab.c
|
||||
+++ b/support/export/xtab.c
|
||||
@@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
|
||||
while ((xp = getexportent(is_export==0, 0)) != NULL) {
|
||||
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
|
||||
!(exp = export_create(xp, is_export!=1))) {
|
||||
+ if(xp->e_hostname) {
|
||||
+ free(xp->e_hostname);
|
||||
+ xp->e_hostname=NULL;
|
||||
+ }
|
||||
+ if(xp->e_uuid) {
|
||||
+ free(xp->e_uuid);
|
||||
+ xp->e_uuid=NULL;
|
||||
+ }
|
||||
continue;
|
||||
}
|
||||
switch (is_export) {
|
||||
@@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
|
||||
if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
|
||||
v4root_needed = 0;
|
||||
break;
|
||||
- }
|
||||
+ }
|
||||
+ if(xp->e_hostname) {
|
||||
+ free(xp->e_hostname);
|
||||
+ xp->e_hostname=NULL;
|
||||
+ }
|
||||
+ if(xp->e_uuid) {
|
||||
+ free(xp->e_uuid);
|
||||
+ xp->e_uuid=NULL;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
endexportent();
|
||||
xfunlock(lockid);
|
||||
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
|
||||
index 5f4cb95..a7582ca 100644
|
||||
--- a/support/nfs/exports.c
|
||||
+++ b/support/nfs/exports.c
|
||||
@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
|
||||
}
|
||||
ee.e_hostname = xstrdup(hostname);
|
||||
|
||||
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
|
||||
- return NULL;
|
||||
+ if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
|
||||
+ if(ee.e_hostname)
|
||||
+ {
|
||||
+ xfree(ee.e_hostname);
|
||||
+ ee.e_hostname=NULL;
|
||||
+ }
|
||||
+ if(ee.e_uuid)
|
||||
+ {
|
||||
+ xfree(ee.e_uuid);
|
||||
+ ee.e_uuid=NULL;
|
||||
+ }
|
||||
|
||||
+ return NULL;
|
||||
+ }
|
||||
/* resolve symlinks */
|
||||
if (realpath(ee.e_path, rpath) != NULL) {
|
||||
rpath[sizeof (rpath) - 1] = '\0';
|
@ -1,61 +0,0 @@
|
||||
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
|
||||
index d735dbfe..8ec33fb0 100644
|
||||
--- a/utils/mountd/v4root.c
|
||||
+++ b/utils/mountd/v4root.c
|
||||
@@ -36,9 +36,9 @@ static nfs_export pseudo_root = {
|
||||
.m_export = {
|
||||
.e_hostname = "*",
|
||||
.e_path = "/",
|
||||
- .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
|
||||
+ .e_flags = NFSEXP_READONLY
|
||||
| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
|
||||
- | NFSEXP_V4ROOT,
|
||||
+ | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
|
||||
.e_anonuid = 65534,
|
||||
.e_anongid = 65534,
|
||||
.e_squids = NULL,
|
||||
@@ -57,15 +57,11 @@ static nfs_export pseudo_root = {
|
||||
};
|
||||
|
||||
static void
|
||||
-set_pseudofs_security(struct exportent *pseudo, int flags)
|
||||
+set_pseudofs_security(struct exportent *pseudo)
|
||||
{
|
||||
struct flav_info *flav;
|
||||
int i;
|
||||
|
||||
- if (flags & NFSEXP_INSECURE_PORT)
|
||||
- pseudo->e_flags |= NFSEXP_INSECURE_PORT;
|
||||
- if ((flags & NFSEXP_ROOTSQUASH) == 0)
|
||||
- pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
|
||||
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
|
||||
struct sec_entry *new;
|
||||
|
||||
@@ -75,8 +71,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
|
||||
i = secinfo_addflavor(flav, pseudo);
|
||||
new = &pseudo->e_secinfo[i];
|
||||
|
||||
- if (flags & NFSEXP_INSECURE_PORT)
|
||||
- new->flags |= NFSEXP_INSECURE_PORT;
|
||||
+ new->flags |= NFSEXP_INSECURE_PORT;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -95,7 +90,7 @@ v4root_create(char *path, nfs_export *export)
|
||||
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
|
||||
if (strcmp(path, "/") != 0)
|
||||
eep.e_flags &= ~NFSEXP_FSID;
|
||||
- set_pseudofs_security(&eep, curexp->e_flags);
|
||||
+ set_pseudofs_security(&eep);
|
||||
exp = export_create(&eep, 0);
|
||||
if (exp == NULL)
|
||||
return NULL;
|
||||
@@ -143,7 +138,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
|
||||
return 0;
|
||||
}
|
||||
/* Update an existing V4ROOT export: */
|
||||
- set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
|
||||
+ set_pseudofs_security(&exp->m_export);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,976 +0,0 @@
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 05247ff9..86ed7d53 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -38,6 +38,8 @@ use-gss-proxy=1
|
||||
# reverse-lookup=n
|
||||
# state-directory-path=/var/lib/nfs
|
||||
# ha-callout=
|
||||
+# cache-use-ipaddr=n
|
||||
+# ttl=1800
|
||||
#
|
||||
[nfsdcld]
|
||||
# debug=0
|
||||
diff --git a/support/export/Makefile.am b/support/export/Makefile.am
|
||||
index 13f7a49c..d6ee502f 100644
|
||||
--- a/support/export/Makefile.am
|
||||
+++ b/support/export/Makefile.am
|
||||
@@ -11,7 +11,8 @@ EXTRA_DIST = mount.x
|
||||
|
||||
noinst_LIBRARIES = libexport.a
|
||||
libexport_a_SOURCES = client.c export.c hostname.c \
|
||||
- xtab.c mount_clnt.c mount_xdr.c
|
||||
+ xtab.c mount_clnt.c mount_xdr.c \
|
||||
+ cache.c auth.c v4root.c v4clients.c
|
||||
BUILT_SOURCES = $(GENFILES)
|
||||
|
||||
noinst_HEADERS = mount.h
|
||||
diff --git a/utils/mountd/auth.c b/support/export/auth.c
|
||||
similarity index 98%
|
||||
rename from utils/mountd/auth.c
|
||||
rename to support/export/auth.c
|
||||
index 8299256e..73ad6f73 100644
|
||||
--- a/utils/mountd/auth.c
|
||||
+++ b/support/export/auth.c
|
||||
@@ -22,7 +22,7 @@
|
||||
#include "misc.h"
|
||||
#include "nfslib.h"
|
||||
#include "exportfs.h"
|
||||
-#include "mountd.h"
|
||||
+#include "export.h"
|
||||
#include "v4root.h"
|
||||
|
||||
enum auth_error
|
||||
@@ -43,11 +43,13 @@ extern int use_ipaddr;
|
||||
|
||||
extern struct state_paths etab;
|
||||
|
||||
+/*
|
||||
void
|
||||
auth_init(void)
|
||||
{
|
||||
auth_reload();
|
||||
}
|
||||
+*/
|
||||
|
||||
/*
|
||||
* A client can match many different netgroups and it's tough to know
|
||||
@@ -64,6 +66,10 @@ check_useipaddr(void)
|
||||
int old_use_ipaddr = use_ipaddr;
|
||||
unsigned int len = 0;
|
||||
|
||||
+ if (use_ipaddr > 1)
|
||||
+ /* fixed - don't check */
|
||||
+ return;
|
||||
+
|
||||
/* add length of m_hostname + 1 for the comma */
|
||||
for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next)
|
||||
len += (strlen(clp->m_hostname) + 1);
|
||||
diff --git a/utils/mountd/cache.c b/support/export/cache.c
|
||||
similarity index 95%
|
||||
rename from utils/mountd/cache.c
|
||||
rename to support/export/cache.c
|
||||
index c73e29be..98d50828 100644
|
||||
--- a/utils/mountd/cache.c
|
||||
+++ b/support/export/cache.c
|
||||
@@ -29,21 +29,18 @@
|
||||
#include "misc.h"
|
||||
#include "nfslib.h"
|
||||
#include "exportfs.h"
|
||||
-#include "mountd.h"
|
||||
-#include "fsloc.h"
|
||||
+#include "export.h"
|
||||
#include "pseudoflavors.h"
|
||||
#include "xcommon.h"
|
||||
|
||||
+#ifdef HAVE_JUNCTION_SUPPORT
|
||||
+#include "../../utils/mountd/fsloc.h"
|
||||
+#endif
|
||||
+
|
||||
#ifdef USE_BLKID
|
||||
#include "blkid/blkid.h"
|
||||
#endif
|
||||
|
||||
-/*
|
||||
- * Invoked by RPC service loop
|
||||
- */
|
||||
-void cache_set_fds(fd_set *fdset);
|
||||
-int cache_process_req(fd_set *readfds);
|
||||
-
|
||||
enum nfsd_fsid {
|
||||
FSID_DEV = 0,
|
||||
FSID_NUM,
|
||||
@@ -63,7 +60,6 @@ enum nfsd_fsid {
|
||||
* Record is terminated with newline.
|
||||
*
|
||||
*/
|
||||
-static int cache_export_ent(char *buf, int buflen, char *domain, struct exportent *exp, char *path);
|
||||
|
||||
#define INITIAL_MANAGED_GROUPS 100
|
||||
|
||||
@@ -81,6 +77,7 @@ static void auth_unix_ip(int f)
|
||||
char class[20];
|
||||
char ipaddr[INET6_ADDRSTRLEN + 1];
|
||||
char *client = NULL;
|
||||
+ struct addrinfo *ai = NULL;
|
||||
struct addrinfo *tmp = NULL;
|
||||
char buf[RPC_CHAN_BUF_SIZE], *bp;
|
||||
int blen;
|
||||
@@ -106,21 +103,26 @@ static void auth_unix_ip(int f)
|
||||
|
||||
auth_reload();
|
||||
|
||||
- /* addr is a valid, interesting address, find the domain name... */
|
||||
- if (!use_ipaddr) {
|
||||
- struct addrinfo *ai = NULL;
|
||||
-
|
||||
- ai = client_resolve(tmp->ai_addr);
|
||||
- if (ai) {
|
||||
- client = client_compose(ai);
|
||||
- freeaddrinfo(ai);
|
||||
- }
|
||||
+ /* addr is a valid address, find the domain name... */
|
||||
+ ai = client_resolve(tmp->ai_addr);
|
||||
+ if (ai) {
|
||||
+ client = client_compose(ai);
|
||||
+ freeaddrinfo(ai);
|
||||
}
|
||||
+ if (!client)
|
||||
+ xlog(D_AUTH, "failed authentication for IP %s", ipaddr);
|
||||
+ else if (!use_ipaddr)
|
||||
+ xlog(D_AUTH, "successful authentication for IP %s as %s",
|
||||
+ ipaddr, *client ? client : "DEFAULT");
|
||||
+ else
|
||||
+ xlog(D_AUTH, "successful authentication for IP %s",
|
||||
+ ipaddr);
|
||||
+
|
||||
bp = buf; blen = sizeof(buf);
|
||||
qword_add(&bp, &blen, "nfsd");
|
||||
qword_add(&bp, &blen, ipaddr);
|
||||
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
|
||||
- if (use_ipaddr) {
|
||||
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
|
||||
+ if (use_ipaddr && client) {
|
||||
memmove(ipaddr + 1, ipaddr, strlen(ipaddr) + 1);
|
||||
ipaddr[0] = '$';
|
||||
qword_add(&bp, &blen, ipaddr);
|
||||
@@ -192,7 +194,7 @@ static void auth_unix_gid(int f)
|
||||
|
||||
bp = buf; blen = sizeof(buf);
|
||||
qword_adduint(&bp, &blen, uid);
|
||||
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
|
||||
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
|
||||
if (rv >= 0) {
|
||||
qword_adduint(&bp, &blen, ngroups);
|
||||
for (i=0; i<ngroups; i++)
|
||||
@@ -688,7 +690,6 @@ static void nfsd_fh(int f)
|
||||
char *found_path = NULL;
|
||||
nfs_export *exp;
|
||||
int i;
|
||||
- int dev_missing = 0;
|
||||
char buf[RPC_CHAN_BUF_SIZE], *bp;
|
||||
int blen;
|
||||
|
||||
@@ -755,11 +756,6 @@ static void nfsd_fh(int f)
|
||||
if (!is_ipaddr_client(dom)
|
||||
&& !namelist_client_matches(exp, dom))
|
||||
continue;
|
||||
- if (exp->m_export.e_mountpoint &&
|
||||
- !is_mountpoint(exp->m_export.e_mountpoint[0]?
|
||||
- exp->m_export.e_mountpoint:
|
||||
- exp->m_export.e_path))
|
||||
- dev_missing ++;
|
||||
|
||||
if (!match_fsid(&parsed, exp, path))
|
||||
continue;
|
||||
@@ -794,7 +790,7 @@ static void nfsd_fh(int f)
|
||||
!is_mountpoint(found->e_mountpoint[0]?
|
||||
found->e_mountpoint:
|
||||
found->e_path)) {
|
||||
- /* Cannot export this yet
|
||||
+ /* Cannot export this yet
|
||||
* should log a warning, but need to rate limit
|
||||
xlog(L_WARNING, "%s not exported as %d not a mountpoint",
|
||||
found->e_path, found->e_mountpoint);
|
||||
@@ -802,16 +798,6 @@ static void nfsd_fh(int f)
|
||||
/* FIXME we need to make sure we re-visit this later */
|
||||
goto out;
|
||||
}
|
||||
- if (!found && dev_missing) {
|
||||
- /* The missing dev could be what we want, so just be
|
||||
- * quite rather than returning stale yet
|
||||
- */
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- if (found)
|
||||
- if (cache_export_ent(buf, sizeof(buf), dom, found, found_path) < 0)
|
||||
- found = 0;
|
||||
|
||||
bp = buf; blen = sizeof(buf);
|
||||
qword_add(&bp, &blen, dom);
|
||||
@@ -831,6 +817,8 @@ static void nfsd_fh(int f)
|
||||
qword_addeol(&bp, &blen);
|
||||
if (blen <= 0 || write(f, buf, bp - buf) != bp - buf)
|
||||
xlog(L_ERROR, "nfsd_fh: error writing reply");
|
||||
+ if (!found)
|
||||
+ xlog(D_AUTH, "denied access to %s", *dom == '$' ? dom+1 : dom);
|
||||
out:
|
||||
if (found_path)
|
||||
free(found_path);
|
||||
@@ -839,6 +827,7 @@ out:
|
||||
xlog(D_CALL, "nfsd_fh: found %p path %s", found, found ? found->e_path : NULL);
|
||||
}
|
||||
|
||||
+#ifdef HAVE_JUNCTION_SUPPORT
|
||||
static void write_fsloc(char **bp, int *blen, struct exportent *ep)
|
||||
{
|
||||
struct servers *servers;
|
||||
@@ -861,7 +850,7 @@ static void write_fsloc(char **bp, int *blen, struct exportent *ep)
|
||||
qword_addint(bp, blen, servers->h_referral);
|
||||
release_replicas(servers);
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_mask)
|
||||
{
|
||||
struct sec_entry *p;
|
||||
@@ -890,7 +879,7 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
|
||||
time_t now = time(0);
|
||||
|
||||
if (ttl <= 1)
|
||||
- ttl = DEFAULT_TTL;
|
||||
+ ttl = default_ttl;
|
||||
|
||||
qword_add(&bp, &blen, domain);
|
||||
qword_add(&bp, &blen, path);
|
||||
@@ -903,7 +892,10 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
|
||||
qword_addint(&bp, &blen, exp->e_anonuid);
|
||||
qword_addint(&bp, &blen, exp->e_anongid);
|
||||
qword_addint(&bp, &blen, exp->e_fsid);
|
||||
+
|
||||
+#ifdef HAVE_JUNCTION_SUPPORT
|
||||
write_fsloc(&bp, &blen, exp);
|
||||
+#endif
|
||||
write_secinfo(&bp, &blen, exp, flag_mask);
|
||||
if (exp->e_uuid == NULL || different_fs) {
|
||||
char u[16];
|
||||
@@ -917,8 +909,13 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
|
||||
qword_add(&bp, &blen, "uuid");
|
||||
qword_addhex(&bp, &blen, u, 16);
|
||||
}
|
||||
- } else
|
||||
+ xlog(D_AUTH, "granted access to %s for %s",
|
||||
+ path, *domain == '$' ? domain+1 : domain);
|
||||
+ } else {
|
||||
qword_adduint(&bp, &blen, now + ttl);
|
||||
+ xlog(D_AUTH, "denied access to %s for %s",
|
||||
+ path, *domain == '$' ? domain+1 : domain);
|
||||
+ }
|
||||
qword_addeol(&bp, &blen);
|
||||
if (blen <= 0) return -1;
|
||||
if (write(f, buf, bp - buf) != bp - buf) return -1;
|
||||
@@ -1421,6 +1418,40 @@ int cache_process_req(fd_set *readfds)
|
||||
return cnt;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * cache_process_loop - process incoming upcalls
|
||||
+ */
|
||||
+void cache_process_loop(void)
|
||||
+{
|
||||
+ fd_set readfds;
|
||||
+ int selret;
|
||||
+
|
||||
+ FD_ZERO(&readfds);
|
||||
+
|
||||
+ for (;;) {
|
||||
+
|
||||
+ cache_set_fds(&readfds);
|
||||
+ v4clients_set_fds(&readfds);
|
||||
+
|
||||
+ selret = select(FD_SETSIZE, &readfds,
|
||||
+ (void *) 0, (void *) 0, (struct timeval *) 0);
|
||||
+
|
||||
+
|
||||
+ switch (selret) {
|
||||
+ case -1:
|
||||
+ if (errno == EINTR || errno == ECONNREFUSED
|
||||
+ || errno == ENETUNREACH || errno == EHOSTUNREACH)
|
||||
+ continue;
|
||||
+ xlog(L_ERROR, "my_svc_run() - select: %m");
|
||||
+ return;
|
||||
+
|
||||
+ default:
|
||||
+ cache_process_req(&readfds);
|
||||
+ v4clients_process(&readfds);
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
|
||||
/*
|
||||
* Give IP->domain and domain+path->options to kernel
|
||||
diff --git a/support/export/export.h b/support/export/export.h
|
||||
new file mode 100644
|
||||
index 00000000..8d5a0d30
|
||||
--- /dev/null
|
||||
+++ b/support/export/export.h
|
||||
@@ -0,0 +1,41 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2021 Red Hat <nfs@redhat.com>
|
||||
+ *
|
||||
+ * support/export/export.h
|
||||
+ *
|
||||
+ * Declarations for export support
|
||||
+ */
|
||||
+
|
||||
+#ifndef EXPORT_H
|
||||
+#define EXPORT_H
|
||||
+
|
||||
+#include "nfslib.h"
|
||||
+#include "exportfs.h"
|
||||
+
|
||||
+unsigned int auth_reload(void);
|
||||
+nfs_export * auth_authenticate(const char *what,
|
||||
+ const struct sockaddr *caller,
|
||||
+ const char *path);
|
||||
+
|
||||
+void cache_open(void);
|
||||
+void cache_set_fds(fd_set *fdset);
|
||||
+int cache_process_req(fd_set *readfds);
|
||||
+void cache_process_loop(void);
|
||||
+
|
||||
+void v4clients_init(void);
|
||||
+void v4clients_set_fds(fd_set *fdset);
|
||||
+int v4clients_process(fd_set *fdset);
|
||||
+
|
||||
+struct nfs_fh_len *
|
||||
+ cache_get_filehandle(nfs_export *exp, int len, char *p);
|
||||
+int cache_export(nfs_export *exp, char *path);
|
||||
+
|
||||
+bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai);
|
||||
+bool namelist_client_matches(nfs_export *exp, char *dom);
|
||||
+bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
|
||||
+
|
||||
+static inline bool is_ipaddr_client(char *dom)
|
||||
+{
|
||||
+ return dom[0] == '$';
|
||||
+}
|
||||
+#endif /* EXPORT__H */
|
||||
diff --git a/support/export/v4clients.c b/support/export/v4clients.c
|
||||
new file mode 100644
|
||||
index 00000000..dd985463
|
||||
--- /dev/null
|
||||
+++ b/support/export/v4clients.c
|
||||
@@ -0,0 +1,227 @@
|
||||
+/*
|
||||
+ * support/export/v4clients.c
|
||||
+ *
|
||||
+ * Montior clients appearing in, and disappearing from, /proc/fs/nfsd/clients
|
||||
+ * and log relevant information.
|
||||
+ */
|
||||
+
|
||||
+#include <unistd.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <sys/inotify.h>
|
||||
+#include <errno.h>
|
||||
+#include "export.h"
|
||||
+
|
||||
+/* search.h declares 'struct entry' and nfs_prot.h
|
||||
+ * does too. Easiest fix is to trick search.h into
|
||||
+ * calling its struct "struct Entry".
|
||||
+ */
|
||||
+#define entry Entry
|
||||
+#include <search.h>
|
||||
+#undef entry
|
||||
+
|
||||
+static int clients_fd = -1;
|
||||
+
|
||||
+void v4clients_init(void)
|
||||
+{
|
||||
+ if (clients_fd >= 0)
|
||||
+ return;
|
||||
+ clients_fd = inotify_init1(IN_NONBLOCK);
|
||||
+ if (clients_fd < 0) {
|
||||
+ xlog_err("Unable to initialise v4clients watcher: %s\n",
|
||||
+ strerror(errno));
|
||||
+ return;
|
||||
+ }
|
||||
+ if (inotify_add_watch(clients_fd, "/proc/fs/nfsd/clients",
|
||||
+ IN_CREATE | IN_DELETE) < 0) {
|
||||
+ xlog_err("Unable to watch /proc/fs/nfsd/clients: %s\n",
|
||||
+ strerror(errno));
|
||||
+ close(clients_fd);
|
||||
+ clients_fd = -1;
|
||||
+ return;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void v4clients_set_fds(fd_set *fdset)
|
||||
+{
|
||||
+ if (clients_fd >= 0)
|
||||
+ FD_SET(clients_fd, fdset);
|
||||
+}
|
||||
+
|
||||
+static void *tree_root;
|
||||
+static int have_unconfirmed;
|
||||
+
|
||||
+struct ent {
|
||||
+ unsigned long num;
|
||||
+ char *clientid;
|
||||
+ char *addr;
|
||||
+ int vers;
|
||||
+ int unconfirmed;
|
||||
+ int wid;
|
||||
+};
|
||||
+
|
||||
+static int ent_cmp(const void *av, const void *bv)
|
||||
+{
|
||||
+ const struct ent *a = av;
|
||||
+ const struct ent *b = bv;
|
||||
+
|
||||
+ if (a->num < b->num)
|
||||
+ return -1;
|
||||
+ if (a->num > b->num)
|
||||
+ return 1;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void free_ent(struct ent *ent)
|
||||
+{
|
||||
+ free(ent->clientid);
|
||||
+ free(ent->addr);
|
||||
+ free(ent);
|
||||
+}
|
||||
+
|
||||
+static char *dup_line(char *line)
|
||||
+{
|
||||
+ char *ret;
|
||||
+ char *e = strchr(line, '\n');
|
||||
+ if (!e)
|
||||
+ e = line + strlen(line);
|
||||
+ ret = malloc(e - line + 1);
|
||||
+ if (ret) {
|
||||
+ memcpy(ret, line, e - line);
|
||||
+ ret[e-line] = 0;
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static void read_info(struct ent *key)
|
||||
+{
|
||||
+ char buf[2048];
|
||||
+ char *path;
|
||||
+ int was_unconfirmed = key->unconfirmed;
|
||||
+ FILE *f;
|
||||
+
|
||||
+ if (asprintf(&path, "/proc/fs/nfsd/clients/%lu/info", key->num) < 0)
|
||||
+ return;
|
||||
+
|
||||
+ f = fopen(path, "r");
|
||||
+ if (!f) {
|
||||
+ free(path);
|
||||
+ return;
|
||||
+ }
|
||||
+ if (key->wid < 0)
|
||||
+ key->wid = inotify_add_watch(clients_fd, path, IN_MODIFY);
|
||||
+
|
||||
+ while (fgets(buf, sizeof(buf), f)) {
|
||||
+ if (strncmp(buf, "clientid: ", 10) == 0) {
|
||||
+ free(key->clientid);
|
||||
+ key->clientid = dup_line(buf+10);
|
||||
+ }
|
||||
+ if (strncmp(buf, "address: ", 9) == 0) {
|
||||
+ free(key->addr);
|
||||
+ key->addr = dup_line(buf+9);
|
||||
+ }
|
||||
+ if (strncmp(buf, "minor version: ", 15) == 0)
|
||||
+ key->vers = atoi(buf+15);
|
||||
+ if (strncmp(buf, "status: ", 8) == 0 &&
|
||||
+ strstr(buf, " unconfirmed") != NULL) {
|
||||
+ key->unconfirmed = 1;
|
||||
+ have_unconfirmed = 1;
|
||||
+ }
|
||||
+ if (strncmp(buf, "status: ", 8) == 0 &&
|
||||
+ strstr(buf, " confirmed") != NULL)
|
||||
+ key->unconfirmed = 0;
|
||||
+ }
|
||||
+ fclose(f);
|
||||
+ free(path);
|
||||
+
|
||||
+ if (was_unconfirmed && !key->unconfirmed)
|
||||
+ xlog(L_NOTICE, "v4.%d client attached: %s from %s",
|
||||
+ key->vers, key->clientid ?: "-none-",
|
||||
+ key->addr ?: "-none-");
|
||||
+ if (!key->unconfirmed && key->wid >= 0) {
|
||||
+ inotify_rm_watch(clients_fd, key->wid);
|
||||
+ key->wid = -1;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void add_id(int id)
|
||||
+{
|
||||
+ struct ent **ent;
|
||||
+ struct ent *key;
|
||||
+
|
||||
+ key = calloc(1, sizeof(*key));
|
||||
+ if (!key) {
|
||||
+ return;
|
||||
+ }
|
||||
+ key->num = id;
|
||||
+ key->wid = -1;
|
||||
+
|
||||
+ ent = tsearch(key, &tree_root, ent_cmp);
|
||||
+
|
||||
+ if (!ent || *ent != key)
|
||||
+ /* Already existed, or insertion failed */
|
||||
+ free_ent(key);
|
||||
+ else
|
||||
+ read_info(key);
|
||||
+}
|
||||
+
|
||||
+static void del_id(unsigned long id)
|
||||
+{
|
||||
+ struct ent key = {.num = id};
|
||||
+ struct ent **e, *ent;
|
||||
+
|
||||
+ e = tfind(&key, &tree_root, ent_cmp);
|
||||
+ if (!e || !*e)
|
||||
+ return;
|
||||
+ ent = *e;
|
||||
+ tdelete(ent, &tree_root, ent_cmp);
|
||||
+ if (!ent->unconfirmed)
|
||||
+ xlog(L_NOTICE, "v4.%d client detached: %s from %s",
|
||||
+ ent->vers, ent->clientid, ent->addr);
|
||||
+ if (ent->wid >= 0)
|
||||
+ inotify_rm_watch(clients_fd, ent->wid);
|
||||
+ free_ent(ent);
|
||||
+}
|
||||
+
|
||||
+static void check_id(unsigned long id)
|
||||
+{
|
||||
+ struct ent key = {.num = id};
|
||||
+ struct ent **e, *ent;
|
||||
+
|
||||
+ e = tfind(&key, &tree_root, ent_cmp);
|
||||
+ if (!e || !*e)
|
||||
+ return;
|
||||
+ ent = *e;
|
||||
+ if (ent->unconfirmed)
|
||||
+ read_info(ent);
|
||||
+}
|
||||
+
|
||||
+int v4clients_process(fd_set *fdset)
|
||||
+{
|
||||
+ char buf[4096] __attribute__((aligned(__alignof__(struct inotify_event))));
|
||||
+ const struct inotify_event *ev;
|
||||
+ ssize_t len;
|
||||
+ char *ptr;
|
||||
+
|
||||
+ if (clients_fd < 0 ||
|
||||
+ !FD_ISSET(clients_fd, fdset))
|
||||
+ return 0;
|
||||
+
|
||||
+ while ((len = read(clients_fd, buf, sizeof(buf))) > 0) {
|
||||
+ for (ptr = buf; ptr < buf + len;
|
||||
+ ptr += sizeof(struct inotify_event) + ev->len) {
|
||||
+ int id;
|
||||
+ ev = (const struct inotify_event *)ptr;
|
||||
+
|
||||
+ id = atoi(ev->name);
|
||||
+ if (id <= 0)
|
||||
+ continue;
|
||||
+ if (ev->mask & IN_CREATE)
|
||||
+ add_id(id);
|
||||
+ if (ev->mask & IN_DELETE)
|
||||
+ del_id(id);
|
||||
+ if (ev->mask & IN_MODIFY)
|
||||
+ check_id(id);
|
||||
+ }
|
||||
+ }
|
||||
+ return 1;
|
||||
+}
|
||||
diff --git a/utils/mountd/v4root.c b/support/export/v4root.c
|
||||
similarity index 99%
|
||||
rename from utils/mountd/v4root.c
|
||||
rename to support/export/v4root.c
|
||||
index 8ec33fb0..4d33117f 100644
|
||||
--- a/utils/mountd/v4root.c
|
||||
+++ b/support/export/v4root.c
|
||||
@@ -47,7 +47,7 @@ static nfs_export pseudo_root = {
|
||||
.e_nsqgids = 0,
|
||||
.e_fsid = 0,
|
||||
.e_mountpoint = NULL,
|
||||
- .e_ttl = DEFAULT_TTL,
|
||||
+ .e_ttl = 0,
|
||||
},
|
||||
.m_exported = 0,
|
||||
.m_xtabent = 1,
|
||||
@@ -86,6 +86,7 @@ v4root_create(char *path, nfs_export *export)
|
||||
struct exportent *curexp = &export->m_export;
|
||||
|
||||
dupexportent(&eep, &pseudo_root.m_export);
|
||||
+ eep.e_ttl = default_ttl;
|
||||
eep.e_hostname = curexp->e_hostname;
|
||||
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
|
||||
if (strcmp(path, "/") != 0)
|
||||
diff --git a/support/include/exportfs.h b/support/include/exportfs.h
|
||||
index 4e0d9d13..bfae1957 100644
|
||||
--- a/support/include/exportfs.h
|
||||
+++ b/support/include/exportfs.h
|
||||
@@ -105,7 +105,8 @@ typedef struct mexport {
|
||||
} nfs_export;
|
||||
|
||||
#define HASH_TABLE_SIZE 1021
|
||||
-#define DEFAULT_TTL (30 * 60)
|
||||
+
|
||||
+extern int default_ttl;
|
||||
|
||||
typedef struct _exp_hash_entry {
|
||||
nfs_export * p_first;
|
||||
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
|
||||
index a7582cae..4dd2e5d3 100644
|
||||
--- a/support/nfs/exports.c
|
||||
+++ b/support/nfs/exports.c
|
||||
@@ -47,6 +47,8 @@ struct flav_info flav_map[] = {
|
||||
|
||||
const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
|
||||
|
||||
+int default_ttl = 30 * 60;
|
||||
+
|
||||
static char *efname = NULL;
|
||||
static XFILE *efp = NULL;
|
||||
static int first;
|
||||
@@ -100,7 +102,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
|
||||
ee->e_nsquids = 0;
|
||||
ee->e_nsqgids = 0;
|
||||
ee->e_uuid = NULL;
|
||||
- ee->e_ttl = DEFAULT_TTL;
|
||||
+ ee->e_ttl = default_ttl;
|
||||
}
|
||||
|
||||
struct exportent *
|
||||
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
|
||||
index 498d93a9..aa4630bb 100644
|
||||
--- a/systemd/nfs.conf.man
|
||||
+++ b/systemd/nfs.conf.man
|
||||
@@ -157,6 +157,8 @@ Recognized values:
|
||||
.BR port ,
|
||||
.BR threads ,
|
||||
.BR reverse-lookup ,
|
||||
+.BR cache-use-upaddr ,
|
||||
+.BR ttl ,
|
||||
.BR state-directory-path ,
|
||||
.BR ha-callout .
|
||||
|
||||
@@ -166,6 +168,14 @@ section, are used to configure mountd. See
|
||||
.BR rpc.mountd (8)
|
||||
for details.
|
||||
|
||||
+Note that setting
|
||||
+.B "\[dq]debug = auth\[dq]"
|
||||
+for
|
||||
+.B mountd
|
||||
+is equivalent to providing the
|
||||
+.B \-\-log\-auth
|
||||
+option.
|
||||
+
|
||||
The
|
||||
.B state-directory-path
|
||||
value in the
|
||||
diff --git a/utils/mountd/Makefile.am b/utils/mountd/Makefile.am
|
||||
index 73eeb3f3..c41f06de 100644
|
||||
--- a/utils/mountd/Makefile.am
|
||||
+++ b/utils/mountd/Makefile.am
|
||||
@@ -13,8 +13,8 @@ KPREFIX = @kprefix@
|
||||
sbin_PROGRAMS = mountd
|
||||
|
||||
noinst_HEADERS = fsloc.h
|
||||
-mountd_SOURCES = mountd.c mount_dispatch.c auth.c rmtab.c cache.c \
|
||||
- svc_run.c fsloc.c v4root.c mountd.h
|
||||
+mountd_SOURCES = mountd.c mount_dispatch.c rmtab.c \
|
||||
+ svc_run.c fsloc.c mountd.h
|
||||
mountd_LDADD = ../../support/export/libexport.a \
|
||||
../../support/nfs/libnfs.la \
|
||||
../../support/misc/libmisc.a \
|
||||
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
|
||||
index 0b891121..2b342377 100644
|
||||
--- a/utils/mountd/mountd.c
|
||||
+++ b/utils/mountd/mountd.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include "rpcmisc.h"
|
||||
#include "pseudoflavors.h"
|
||||
#include "nfslib.h"
|
||||
+#include "export.h"
|
||||
|
||||
extern void my_svc_run(void);
|
||||
|
||||
@@ -73,8 +74,12 @@ static struct option longopts[] =
|
||||
{ "reverse-lookup", 0, 0, 'r' },
|
||||
{ "manage-gids", 0, 0, 'g' },
|
||||
{ "no-udp", 0, 0, 'u' },
|
||||
+ { "log-auth", 0, 0, 'l'},
|
||||
+ { "cache-use-ipaddr", 0, 0, 'i'},
|
||||
+ { "ttl", 1, 0, 'T'},
|
||||
{ NULL, 0, 0, 0 }
|
||||
};
|
||||
+static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gliT:";
|
||||
|
||||
#define NFSVERSBIT(vers) (0x1 << (vers - 1))
|
||||
#define NFSVERSBIT_ALL (NFSVERSBIT(2) | NFSVERSBIT(3) | NFSVERSBIT(4))
|
||||
@@ -669,6 +674,7 @@ main(int argc, char **argv)
|
||||
int port = 0;
|
||||
int descriptors = 0;
|
||||
int c;
|
||||
+ int ttl;
|
||||
int vers;
|
||||
struct sigaction sa;
|
||||
struct rlimit rlim;
|
||||
@@ -687,6 +693,8 @@ main(int argc, char **argv)
|
||||
num_threads = conf_get_num("mountd", "threads", num_threads);
|
||||
reverse_resolve = conf_get_bool("mountd", "reverse-lookup", reverse_resolve);
|
||||
ha_callout_prog = conf_get_str("mountd", "ha-callout");
|
||||
+ if (conf_get_bool("mountd", "cache-use-ipaddr", 0))
|
||||
+ use_ipaddr = 2;
|
||||
|
||||
s = conf_get_str("mountd", "state-directory-path");
|
||||
if (s && !state_setup_basedir(argv[0], s))
|
||||
@@ -710,10 +718,13 @@ main(int argc, char **argv)
|
||||
NFSCTL_VERUNSET(nfs_version, vers);
|
||||
}
|
||||
|
||||
+ ttl = conf_get_num("mountd", "ttl", default_ttl);
|
||||
+ if (ttl > 0)
|
||||
+ default_ttl = ttl;
|
||||
|
||||
/* Parse the command line options and arguments. */
|
||||
opterr = 0;
|
||||
- while ((c = getopt_long(argc, argv, "o:nFd:p:P:hH:N:V:vurs:t:g", longopts, NULL)) != EOF)
|
||||
+ while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != EOF)
|
||||
switch (c) {
|
||||
case 'g':
|
||||
manage_gids = 1;
|
||||
@@ -784,6 +795,21 @@ main(int argc, char **argv)
|
||||
case 'u':
|
||||
NFSCTL_UDPUNSET(_rpcprotobits);
|
||||
break;
|
||||
+ case 'l':
|
||||
+ xlog_sconfig("auth", 1);
|
||||
+ break;
|
||||
+ case 'i':
|
||||
+ use_ipaddr = 2;
|
||||
+ break;
|
||||
+ case 'T':
|
||||
+ ttl = atoi(optarg);
|
||||
+ if (ttl <= 0) {
|
||||
+ fprintf(stderr, "%s: bad ttl number of seconds: %s\n",
|
||||
+ argv[0], optarg);
|
||||
+ usage(argv[0], 1);
|
||||
+ }
|
||||
+ default_ttl = ttl;
|
||||
+ break;
|
||||
case 0:
|
||||
break;
|
||||
case '?':
|
||||
@@ -888,6 +914,8 @@ main(int argc, char **argv)
|
||||
if (num_threads > 1)
|
||||
fork_workers();
|
||||
|
||||
+ v4clients_init();
|
||||
+
|
||||
xlog(L_NOTICE, "Version " VERSION " starting");
|
||||
my_svc_run();
|
||||
|
||||
@@ -903,6 +931,7 @@ usage(const char *prog, int n)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n"
|
||||
+" [-l|--log-auth] [-i|--cache-use-ipaddr] [-T|--ttl ttl]\n"
|
||||
" [-o num|--descriptors num]\n"
|
||||
" [-p|--port port] [-V version|--nfs-version version]\n"
|
||||
" [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
|
||||
diff --git a/utils/mountd/mountd.h b/utils/mountd/mountd.h
|
||||
index f058f01d..d3077531 100644
|
||||
--- a/utils/mountd/mountd.h
|
||||
+++ b/utils/mountd/mountd.h
|
||||
@@ -60,9 +60,4 @@ bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai);
|
||||
bool namelist_client_matches(nfs_export *exp, char *dom);
|
||||
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
|
||||
|
||||
-static inline bool is_ipaddr_client(char *dom)
|
||||
-{
|
||||
- return dom[0] == '$';
|
||||
-}
|
||||
-
|
||||
#endif /* MOUNTD_H */
|
||||
diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
|
||||
index 8a7943f8..2a91e193 100644
|
||||
--- a/utils/mountd/mountd.man
|
||||
+++ b/utils/mountd/mountd.man
|
||||
@@ -13,24 +13,24 @@ The
|
||||
.B rpc.mountd
|
||||
daemon implements the server side of the NFS MOUNT protocol,
|
||||
an NFS side protocol used by NFS version 2 [RFC1094] and NFS version 3 [RFC1813].
|
||||
+It also responds to requests from the Linux kernel to authenticate
|
||||
+clients and provides details of access permissions.
|
||||
.PP
|
||||
-An NFS server maintains a table of local physical file systems
|
||||
-that are accessible to NFS clients.
|
||||
-Each file system in this table is referred to as an
|
||||
-.IR "exported file system" ,
|
||||
-or
|
||||
-.IR export ,
|
||||
-for short.
|
||||
-.PP
|
||||
-Each file system in the export table has an access control list.
|
||||
-.B rpc.mountd
|
||||
-uses these access control lists to determine
|
||||
-whether an NFS client is permitted to access a given file system.
|
||||
-For details on how to manage your NFS server's export table, see the
|
||||
-.BR exports (5)
|
||||
-and
|
||||
-.BR exportfs (8)
|
||||
-man pages.
|
||||
+The NFS server
|
||||
+.RI ( nfsd )
|
||||
+maintains a cache of authentication and authorization information which
|
||||
+is used to identify the source of each request, and then what access
|
||||
+permissions that source has to any local filesystem. When required
|
||||
+information is not found in the cache, the server sends a request to
|
||||
+.B mountd
|
||||
+to fill in the missing information. Mountd uses a table of information
|
||||
+stored in
|
||||
+.B /var/lib/nfs/etab
|
||||
+and maintained by
|
||||
+.BR exportfs (8),
|
||||
+possibly based on the contents of
|
||||
+.BR exports (5),
|
||||
+to respond to each request.
|
||||
.SS Mounting exported NFS File Systems
|
||||
The NFS MOUNT protocol has several procedures.
|
||||
The most important of these are
|
||||
@@ -78,11 +78,69 @@ A client may continue accessing an export even after invoking UMNT.
|
||||
If the client reboots without sending a UMNT request, stale entries
|
||||
remain for that client in
|
||||
.IR /var/lib/nfs/rmtab .
|
||||
+.SS Mounting File Systems with NFSv4
|
||||
+Version 4 (and later) of NFS does not use a separate NFS MOUNT
|
||||
+protocol. Instead mounting is performed using regular NFS requests
|
||||
+handled by the NFS server in the Linux kernel
|
||||
+.RI ( nfsd ).
|
||||
+Consequently
|
||||
+.I /var/lib/nfs/rmtab
|
||||
+is not updated to reflect any NFSv4 activity.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-d kind " or " \-\-debug kind
|
||||
Turn on debugging. Valid kinds are: all, auth, call, general and parse.
|
||||
.TP
|
||||
+.BR \-l " or " \-\-log\-auth
|
||||
+Enable logging of responses to authentication and access requests from
|
||||
+nfsd. Each response is then cached by the kernel for 30 minutes (or as set by
|
||||
+.B \-\-ttl
|
||||
+below), and will be refreshed after 15 minutes (half the ttl time) if
|
||||
+the relevant client remains active.
|
||||
+Note that
|
||||
+.B -l
|
||||
+is equivalent to
|
||||
+.B "-d auth"
|
||||
+and so can be enabled in
|
||||
+.B /etc/nfs.conf
|
||||
+with
|
||||
+.B "\[dq]debug = auth\[dq]"
|
||||
+in the
|
||||
+.B "[mountd]"
|
||||
+section.
|
||||
+.IP
|
||||
+.B rpc.mountd
|
||||
+will always log authentication responses to MOUNT requests when NFSv3 is
|
||||
+used, but to get similar logs for NFSv4, this option is required.
|
||||
+.TP
|
||||
+.BR \-i " or " \-\-cache\-use\-ipaddr
|
||||
+Normally each client IP address is matched against each host identifier
|
||||
+(name, wildcard, netgroup etc) found in
|
||||
+.B /etc/exports
|
||||
+and a combined identity is formed from all matching identifiers.
|
||||
+Often many clients will map to the same combined identity so performing
|
||||
+this mapping reduces the number of distinct access details that the
|
||||
+kernel needs to store.
|
||||
+Specifying the
|
||||
+.B \-i
|
||||
+option suppresses this mapping so that access to each filesystem is
|
||||
+requested and cached separately for each client IP address. Doing this
|
||||
+can increase the burden of updating the cache slightly, but can make the
|
||||
+log messages produced by the
|
||||
+.B -l
|
||||
+option easier to read.
|
||||
+.TP
|
||||
+.B \-T " or " \-\-ttl
|
||||
+Provide a time-to-live (TTL) for cached information given to the kernel.
|
||||
+The kernel will normally request an update if the information is needed
|
||||
+after half of this time has expired. Increasing the provided number,
|
||||
+which is in seconds, reduces the rate of cache update requests, and this
|
||||
+is particularly noticeable when these requests are logged with
|
||||
+.BR \-l .
|
||||
+However increasing also means that changes to hostname to address
|
||||
+mappings can take longer to be noticed.
|
||||
+The default TTL is 1800 (30 minutes).
|
||||
+.TP
|
||||
.B \-F " or " \-\-foreground
|
||||
Run in foreground (do not daemonize)
|
||||
.TP
|
||||
@@ -213,9 +271,11 @@ Values recognized in the
|
||||
.B [mountd]
|
||||
section include
|
||||
.BR manage-gids ,
|
||||
+.BR cache\-use\-ipaddr ,
|
||||
.BR descriptors ,
|
||||
.BR port ,
|
||||
.BR threads ,
|
||||
+.BR ttl ,
|
||||
.BR reverse-lookup ", and"
|
||||
.BR state-directory-path ,
|
||||
.B ha-callout
|
||||
@@ -265,5 +325,9 @@ table of clients accessing server's exports
|
||||
RFC 1094 - "NFS: Network File System Protocol Specification"
|
||||
.br
|
||||
RFC 1813 - "NFS Version 3 Protocol Specification"
|
||||
+.br
|
||||
+RFC 7530 - "Network File System (NFS) Version 4 Protocol"
|
||||
+.br
|
||||
+RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1 Protocol"
|
||||
.SH AUTHOR
|
||||
Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
|
||||
diff --git a/utils/mountd/svc_run.c b/utils/mountd/svc_run.c
|
||||
index 41b96d7f..167b9757 100644
|
||||
--- a/utils/mountd/svc_run.c
|
||||
+++ b/utils/mountd/svc_run.c
|
||||
@@ -56,10 +56,9 @@
|
||||
#ifdef HAVE_LIBTIRPC
|
||||
#include <rpc/rpc_com.h>
|
||||
#endif
|
||||
+#include "export.h"
|
||||
|
||||
void my_svc_run(void);
|
||||
-void cache_set_fds(fd_set *fdset);
|
||||
-int cache_process_req(fd_set *readfds);
|
||||
|
||||
#if defined(__GLIBC__) && LONG_MAX != INT_MAX
|
||||
/* bug in glibc 2.3.6 and earlier, we need
|
||||
@@ -101,6 +100,7 @@ my_svc_run(void)
|
||||
|
||||
readfds = svc_fdset;
|
||||
cache_set_fds(&readfds);
|
||||
+ v4clients_set_fds(&readfds);
|
||||
|
||||
selret = select(FD_SETSIZE, &readfds,
|
||||
(void *) 0, (void *) 0, (struct timeval *) 0);
|
||||
@@ -116,6 +116,7 @@ my_svc_run(void)
|
||||
|
||||
default:
|
||||
selret -= cache_process_req(&readfds);
|
||||
+ selret -= v4clients_process(&readfds);
|
||||
if (selret)
|
||||
svc_getreqset(&readfds);
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/support/export/v4clients.c.orig nfs-utils-2.3.3/support/export/v4clients.c
|
||||
--- nfs-utils-2.3.3/support/export/v4clients.c.orig 2022-09-26 11:36:22.803929066 -0400
|
||||
+++ nfs-utils-2.3.3/support/export/v4clients.c 2022-09-26 11:38:38.221187835 -0400
|
||||
@@ -8,6 +8,7 @@
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/inotify.h>
|
||||
+#include <sys/stat.h>
|
||||
#include <errno.h>
|
||||
#include "export.h"
|
||||
|
||||
@@ -23,6 +24,12 @@ static int clients_fd = -1;
|
||||
|
||||
void v4clients_init(void)
|
||||
{
|
||||
+ struct stat sb;
|
||||
+
|
||||
+ if (!stat("/proc/fs/nfsd/clients", &sb) == 0 ||
|
||||
+ !S_ISDIR(sb.st_mode))
|
||||
+ return;
|
||||
+
|
||||
if (clients_fd >= 0)
|
||||
return;
|
||||
clients_fd = inotify_init1(IN_NONBLOCK);
|
@ -1,40 +0,0 @@
|
||||
commit 3ff6fad27d2cd0772a40ddb65694ce04f3da83bc
|
||||
Author: Trond Myklebust <trond.myklebust@hammerspace.com>
|
||||
Date: Wed Jan 29 10:42:03 2020 -0500
|
||||
|
||||
manpage: Add a description of the 'nconnect' mount option
|
||||
|
||||
Add a description of the 'nconnect' mount option on the 'nfs' generic
|
||||
manpage.
|
||||
|
||||
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index 6ba9cef..84462cd 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -369,6 +369,23 @@ using an automounter (refer to
|
||||
.BR automount (8)
|
||||
for details).
|
||||
.TP 1.5i
|
||||
+.BR nconnect= n
|
||||
+When using a connection oriented protocol such as TCP, it may
|
||||
+sometimes be advantageous to set up multiple connections between
|
||||
+the client and server. For instance, if your clients and/or servers
|
||||
+are equipped with multiple network interface cards (NICs), using multiple
|
||||
+connections to spread the load may improve overall performance.
|
||||
+In such cases, the
|
||||
+.BR nconnect
|
||||
+option allows the user to specify the number of connections
|
||||
+that should be established between the client and server up to
|
||||
+a limit of 16.
|
||||
+.IP
|
||||
+Note that the
|
||||
+.BR nconnect
|
||||
+option may also be used by some pNFS drivers to decide how many
|
||||
+connections to set up to the data servers.
|
||||
+.TP 1.5i
|
||||
.BR rdirplus " / " nordirplus
|
||||
Selects whether to use NFS v3 or v4 READDIRPLUS requests.
|
||||
If this option is not specified, the NFS client uses READDIRPLUS requests
|
@ -1,481 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/configure.ac.orig nfs-utils-2.3.3/configure.ac
|
||||
--- nfs-utils-2.3.3/configure.ac.orig 2020-06-09 10:58:50.178258035 -0400
|
||||
+++ nfs-utils-2.3.3/configure.ac 2020-06-09 11:02:04.203102954 -0400
|
||||
@@ -639,6 +639,7 @@ AC_CONFIG_FILES([
|
||||
tools/rpcgen/Makefile
|
||||
tools/mountstats/Makefile
|
||||
tools/nfs-iostat/Makefile
|
||||
+ tools/nfsdclnts/Makefile
|
||||
tools/nfsconf/Makefile
|
||||
tools/nfsdclddb/Makefile
|
||||
utils/Makefile
|
||||
diff -up nfs-utils-2.3.3/tools/Makefile.am.orig nfs-utils-2.3.3/tools/Makefile.am
|
||||
--- nfs-utils-2.3.3/tools/Makefile.am.orig 2020-06-09 10:58:50.178258035 -0400
|
||||
+++ nfs-utils-2.3.3/tools/Makefile.am 2020-06-09 11:02:04.203102954 -0400
|
||||
@@ -12,6 +12,6 @@ if CONFIG_NFSDCLD
|
||||
OPTDIRS += nfsdclddb
|
||||
endif
|
||||
|
||||
-SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat $(OPTDIRS)
|
||||
+SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat nfsdclnts $(OPTDIRS)
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
diff -up nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am.orig nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am
|
||||
--- nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am.orig 2020-06-09 11:02:04.203102954 -0400
|
||||
+++ nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am 2020-06-09 11:02:04.203102954 -0400
|
||||
@@ -0,0 +1,13 @@
|
||||
+## Process this file with automake to produce Makefile.in
|
||||
+PYTHON_FILES = nfsdclnts.py
|
||||
+
|
||||
+man8_MANS = nfsdclnts.man
|
||||
+
|
||||
+EXTRA_DIST = $(man8_MANS) $(PYTHON_FILES)
|
||||
+
|
||||
+all-local: $(PYTHON_FILES)
|
||||
+
|
||||
+install-data-hook:
|
||||
+ $(INSTALL) -m 755 nfsdclnts.py $(DESTDIR)$(sbindir)/nfsdclnts
|
||||
+
|
||||
+MAINTAINERCLEANFILES=Makefile.in
|
||||
diff -up nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man.orig nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man
|
||||
--- nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man.orig 2020-06-09 11:02:04.203102954 -0400
|
||||
+++ nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man 2020-06-09 11:02:04.203102954 -0400
|
||||
@@ -0,0 +1,180 @@
|
||||
+.\"
|
||||
+.\" nfsdclnts(8)
|
||||
+.\"
|
||||
+.TH "NFSDCLTS" "8" "2020-05-09" "nfsdclnts" "nfsdclnts"
|
||||
+.ie \n(.g .ds Aq \(aq
|
||||
+.el .ds Aq '
|
||||
+.ss \n[.ss] 0
|
||||
+.nh
|
||||
+.ad l
|
||||
+.de URL
|
||||
+\fI\\$2\fP <\\$1>\\$3
|
||||
+..
|
||||
+.als MTO URL
|
||||
+.if \n[.g] \{\
|
||||
+. mso www.tmac
|
||||
+. am URL
|
||||
+. ad l
|
||||
+. .
|
||||
+. am MTO
|
||||
+. ad l
|
||||
+. .
|
||||
+. LINKSTYLE blue R < >
|
||||
+.\}
|
||||
+.SH "NAME"
|
||||
+nfsdclnts \- print various nfs client information for knfsd server.
|
||||
+.SH "SYNOPSIS"
|
||||
+.sp
|
||||
+\fBnfsdclnts\fP [\fI\-h\fP] [\fI\-t type\fP] [\fI\-\-clientinfo\fP] [\fI\-\-hostname\fP] [\fI\-q\fP]
|
||||
+.SH "DESCRIPTION"
|
||||
+.sp
|
||||
+The nfsdclnts(8) command parses the content present in /proc/fs/nfsd/clients/ directories. nfsdclnts(8) displays files which are open, locked, delegated by the nfs\-client. It also prints useful client information such as hostname, clientID, NFS version mounted by the nfs\-client.
|
||||
+.SH "OPTIONS"
|
||||
+.sp
|
||||
+\fB\-t, \-\-type\fP=TYPE
|
||||
+.RS 4
|
||||
+Specify the type of file to be displayed. Takes only one TYPE at a time.
|
||||
+.sp
|
||||
+\fIopen\fP, \fIlock\fP, \fIdeleg\fP, \fIlayout\fP, or \fIall\fP
|
||||
+.sp
|
||||
+open: displays the open files by nfs\-client(s).
|
||||
+.sp
|
||||
+lock: displays the files locked by nfs\-client(s).
|
||||
+.sp
|
||||
+layout: displays the files for which layout is given.
|
||||
+.sp
|
||||
+deleg: displays delegated files information and delegation type.
|
||||
+.sp
|
||||
+all: prints all the above type.
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-\-clientinfo\fP
|
||||
+.RS 4
|
||||
+displays various nfs\-client info fields such as version of nfs mounted at nfs\-client and clientID.
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-\-hostname\fP
|
||||
+.RS 4
|
||||
+Print hostname of nfs\-client instead of ip-address.
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-q, \-\-quiet\fP
|
||||
+.RS 4
|
||||
+Hide the header information.
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-v, \-\-verbose\fP
|
||||
+.RS 4
|
||||
+Verbose operation, show debug messages.
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-f, \-\-file\fP
|
||||
+.RS 4
|
||||
+Instead of processing all client directories under /proc/fs/nfsd/clients, one can provide a specific
|
||||
+states file to process. One should make sure that info file resides in the same directory as states file.
|
||||
+If the info file is not valid or present the fields would be marked as "N/A".
|
||||
+.RE
|
||||
+.sp
|
||||
+\fB\-h, \-\-help\fP
|
||||
+.RS 4
|
||||
+Print help explaining the command line options.
|
||||
+.SH "EXAMPLES"
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-type open\fP
|
||||
+.RS 4
|
||||
+List all files with open type only.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+Inode number | Type | Access | Deny | ip address | Filename
|
||||
+33823232 | open | r\- | \-\- | [::1]:757 | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-type deleg\fP
|
||||
+.RS 4
|
||||
+List all files with deleg type only.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+Inode number | Type | Access | ip address | Filename
|
||||
+33823232 | deleg | r | [::1]:757 | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-hostname\fP
|
||||
+.RS 4
|
||||
+Print hostname instead of ip\-address.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+Inode number | Type | Access | Deny | Hostname | Filename
|
||||
+33823232 | open | r\- | \-\- | nfs\-server | testfile
|
||||
+33823232 | deleg | r | | nfs\-server | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-clientinfo\fP
|
||||
+.RS 4
|
||||
+Print client information.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+Inode number | Type | Access | Deny | ip address | Client ID | vers | Filename
|
||||
+33823232 | open | r\- | \-\- | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
|
||||
+33823232 | deleg | r | | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-file /proc/fs/nfsd/clients/3/states -t open\fP
|
||||
+.RS 4
|
||||
+Process specific states file.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+Inode number | Type | Access | Deny | ip address | Client ID | vers | Filename
|
||||
+33823232 | open | r\- | \-\- | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.sp
|
||||
+\fBnfsdclnts \-\-quiet \-\-hostname\fP
|
||||
+.RS 4
|
||||
+Hide the header information.
|
||||
+.RE
|
||||
+.sp
|
||||
+.if n .RS 4
|
||||
+.nf
|
||||
+33823232 | open | r\- | \-\- | nfs\-server | testfile
|
||||
+33823232 | deleg | r | | nfs\-server | testfile
|
||||
+.fi
|
||||
+.if n .RE
|
||||
+.SH "FILES"
|
||||
+.sp
|
||||
+\fB/proc/fs/nfsd/clients/\fP
|
||||
+.sp
|
||||
+Displays basic information about each NFSv4 client.
|
||||
+.sp
|
||||
+\fB/proc/fs/nfsd/clients/#/info\fP
|
||||
+.sp
|
||||
+Displays information about all the opens held by the given client, including open modes, device numbers, inode numbers, and open owners.
|
||||
+.sp
|
||||
+\fB/proc/fs/nfsd/clients/#/states\fP
|
||||
+.SH "NOTES"
|
||||
+.sp
|
||||
+/proc/fs/nfsd/clients/ support was initially introduced in 5.3 kernel and is only implemented for mount points using NFSv4.
|
||||
+.SH "BUGS"
|
||||
+Please report any BUGs to \c
|
||||
+.MTO "linux\-nfs\(atvger.kernel.org" "" ""
|
||||
+.SH SEE ALSO
|
||||
+.BR nfsd (8),
|
||||
+.BR exportfs (8),
|
||||
+.BR idmapd (8),
|
||||
+.BR statd (8)
|
||||
+.SH "AUTHORS"
|
||||
+Achilles Gaikwad <agaikwad@redhat.com> and
|
||||
+Kenneth D'souza <kdsouza@redhat.com>
|
||||
diff -up nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py.orig nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py
|
||||
--- nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py.orig 2020-06-09 11:02:04.203102954 -0400
|
||||
+++ nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py 2020-06-09 11:02:04.203102954 -0400
|
||||
@@ -0,0 +1,254 @@
|
||||
+#!/usr/bin/python3
|
||||
+# -*- python-mode -*-
|
||||
+'''
|
||||
+ Copyright (C) 2020
|
||||
+ Authors: Achilles Gaikwad <agaikwad@redhat.com>
|
||||
+ Kenneth D'souza <kdsouza@redhat.com>
|
||||
+
|
||||
+ This program is free software: you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation, either version 3 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ GNU General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
+'''
|
||||
+
|
||||
+import multiprocessing as mp
|
||||
+import os
|
||||
+import signal
|
||||
+import sys
|
||||
+
|
||||
+try:
|
||||
+ import argparse
|
||||
+except ImportError:
|
||||
+ print('%s: Failed to import argparse - make sure argparse is installed!'
|
||||
+ % sys.argv[0])
|
||||
+ sys.exit(1)
|
||||
+try:
|
||||
+ import yaml
|
||||
+except ImportError:
|
||||
+ print('%s: Failed to import yaml - make sure python3-pyyaml is installed!'
|
||||
+ % sys.argv[0])
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+BBOLD = '\033[1;30;47m' #Bold black text with white background.
|
||||
+ENDC = '\033[m' #Rest to defaults
|
||||
+
|
||||
+def init_worker():
|
||||
+ signal.signal(signal.SIGINT, signal.SIG_IGN)
|
||||
+
|
||||
+# this function converts the info file to a dictionary format, sorta.
|
||||
+def file_to_dict(path):
|
||||
+ client_info = {}
|
||||
+ try:
|
||||
+ with open(path) as f:
|
||||
+ for line in f:
|
||||
+ try:
|
||||
+ (key, val) = line.split(':', 1)
|
||||
+ client_info[key] = val.strip()
|
||||
+ # FIXME: There has to be a better way of converting the info file to a dictionary.
|
||||
+ except ValueError as reason:
|
||||
+ if verbose:
|
||||
+ print('Exception occured, %s' % reason)
|
||||
+
|
||||
+ if len(client_info) == 0 and verbose:
|
||||
+ print("Provided %s file is not valid" %path)
|
||||
+ return client_info
|
||||
+
|
||||
+ except OSError as reason:
|
||||
+ if verbose:
|
||||
+ print('%s' % reason)
|
||||
+
|
||||
+# this function gets the paths from /proc/fs/nfsd/clients/
|
||||
+# returns a list of paths for each client which has nfs-share mounted.
|
||||
+def getpaths():
|
||||
+ path = []
|
||||
+ try:
|
||||
+ dirs = os.listdir('/proc/fs/nfsd/clients/')
|
||||
+ except OSError as reason:
|
||||
+ exit('%s' % reason)
|
||||
+ if len(dirs) !=0:
|
||||
+ for i in dirs:
|
||||
+ path.append('/proc/fs/nfsd/clients/' + i + '/states')
|
||||
+ return (path)
|
||||
+ else:
|
||||
+ exit('Nothing to process')
|
||||
+
|
||||
+# A single function to rule them all, in this function we gather all the data
|
||||
+# from already populated data_list and client_info.
|
||||
+def printer(data_list, argument):
|
||||
+ client_info_path = data_list.pop()
|
||||
+ client_info = file_to_dict(client_info_path)
|
||||
+ for i in data_list:
|
||||
+ for key in i:
|
||||
+ inode = i[key]['superblock'].split(':')[-1]
|
||||
+ # The ip address is quoted, so we dequote it.
|
||||
+ try:
|
||||
+ client_ip = client_info['address'][1:-1]
|
||||
+ except:
|
||||
+ client_ip = "N/A"
|
||||
+ try:
|
||||
+ # if the nfs-server reboots while the nfs-client holds the files open,
|
||||
+ # the nfs-server would print the filename as '/'. For such instaces we
|
||||
+ # print the output as disconnected dentry instead of '/'.
|
||||
+ if(i[key]['filename']=='/'):
|
||||
+ fname = 'disconnected dentry'
|
||||
+ else:
|
||||
+ fname = i[key]['filename'].split('/')[-1]
|
||||
+ except KeyError:
|
||||
+ # for older kernels which do not have the fname patch in kernel, they
|
||||
+ # won't be able to see the fname field. Therefore post it as N/A.
|
||||
+ fname = "N/A"
|
||||
+ otype = i[key]['type']
|
||||
+ try:
|
||||
+ access = i[key]['access']
|
||||
+ except:
|
||||
+ access = ''
|
||||
+ try:
|
||||
+ deny = i[key]['deny']
|
||||
+ except:
|
||||
+ deny = ''
|
||||
+ try:
|
||||
+ hostname = client_info['name'].split()[-1].split('"')[0]
|
||||
+ hostname = hostname.split('.')[0]
|
||||
+ # if the hostname is too long, it messes up with the output being in columns,
|
||||
+ # therefore we truncate the hostname followed by two '..' as suffix.
|
||||
+ if len(hostname) > 20:
|
||||
+ hostname = hostname[0:20] + '..'
|
||||
+ except:
|
||||
+ hostname = "N/A"
|
||||
+ try:
|
||||
+ clientid = client_info['clientid']
|
||||
+ except:
|
||||
+ clientid = "N/A"
|
||||
+ try:
|
||||
+ minorversion = "4." + client_info['minor version']
|
||||
+ except:
|
||||
+ minorversion = "N/A"
|
||||
+
|
||||
+ otype = i[key]['type']
|
||||
+ # since some fields do not have deny column, we drop those if -t is either
|
||||
+ # layout or lock.
|
||||
+ drop = ['layout', 'lock']
|
||||
+
|
||||
+ # Printing the output this way instead of a single string which is concatenated
|
||||
+ # this makes it better to quickly add more columns in future.
|
||||
+ if(otype == argument.type or argument.type == 'all'):
|
||||
+ print('%-13s' %inode, end='| ')
|
||||
+ print('%-7s' %otype, end='| ')
|
||||
+ if (argument.type not in drop):
|
||||
+ print('%-7s' %access, end='| ')
|
||||
+ if (argument.type not in drop and argument.type !='deleg'):
|
||||
+ print('%-5s' %deny, end='| ')
|
||||
+ if (argument.hostname == True):
|
||||
+ print('%-22s' %hostname, end='| ')
|
||||
+ else:
|
||||
+ print('%-22s' %client_ip, end='| ')
|
||||
+ if (argument.clientinfo == True) :
|
||||
+ print('%-20s' %clientid, end='| ')
|
||||
+ print('%-5s' %minorversion, end='| ')
|
||||
+ print(fname)
|
||||
+
|
||||
+def opener(path):
|
||||
+ try:
|
||||
+ with open(path, 'r') as nfsdata:
|
||||
+ try:
|
||||
+ data = yaml.load(nfsdata, Loader = yaml.BaseLoader)
|
||||
+ if data is not None:
|
||||
+ clientinfo = path.rsplit('/', 1)[0] + '/info'
|
||||
+ data.append(clientinfo)
|
||||
+ return data
|
||||
+ except:
|
||||
+ if verbose:
|
||||
+ print("Exception occurred, Please make sure %s is a YAML file" %path)
|
||||
+
|
||||
+ except OSError as reason:
|
||||
+ if verbose:
|
||||
+ print('%s' % reason)
|
||||
+
|
||||
+def print_cols(argument):
|
||||
+ title_inode = 'Inode number'
|
||||
+ title_otype = 'Type'
|
||||
+ title_access = 'Access'
|
||||
+ title_deny = 'Deny'
|
||||
+ title_fname = 'Filename'
|
||||
+ title_clientID = 'Client ID'
|
||||
+ title_hostname = 'Hostname'
|
||||
+ title_ip = 'ip address'
|
||||
+ title_nfsvers = 'vers'
|
||||
+
|
||||
+ drop = ['lock', 'layout']
|
||||
+ print(BBOLD, end='')
|
||||
+ print('%-13s' %title_inode, end='| ')
|
||||
+ print('%-7s' %title_otype, end='| ')
|
||||
+ if (argument.type not in drop):
|
||||
+ print('%-7s' %title_access, end='| ')
|
||||
+ if (argument.type not in drop and argument.type !='deleg'):
|
||||
+ print('%-5s' %title_deny, end='| ')
|
||||
+ if (argument.hostname == True):
|
||||
+ print('%-22s' %title_hostname, end='| ')
|
||||
+ else:
|
||||
+ print('%-22s' %title_ip, end='| ')
|
||||
+ if (argument.clientinfo == True):
|
||||
+ print('%-20s' %title_clientID, end='| ')
|
||||
+ print('%-5s' %title_nfsvers, end='| ')
|
||||
+ print(title_fname, end='')
|
||||
+ print(ENDC)
|
||||
+
|
||||
+def nfsd4_show():
|
||||
+
|
||||
+ parser = argparse.ArgumentParser(description = 'Parse the nfsd states and clientinfo files.')
|
||||
+ parser.add_argument('-t', '--type', metavar = 'type', type = str, choices = ['open',
|
||||
+ 'deleg', 'lock', 'layout', 'all'],
|
||||
+ default = 'all',
|
||||
+ help = 'Input the type that you want to be printed: open, lock, deleg, layout, all')
|
||||
+ parser.add_argument('--clientinfo', action = 'store_true',
|
||||
+ help = 'output clients information, --hostname is implied.')
|
||||
+ parser.add_argument('--hostname', action = 'store_true',
|
||||
+ help = 'print hostname of client instead of its ip address. Longer hostnames are truncated.')
|
||||
+ parser.add_argument('-v', '--verbose', action = 'store_true',
|
||||
+ help = 'Verbose operation, show debug messages.')
|
||||
+ parser.add_argument('-f', '--file', nargs='+', type = str, metavar='',
|
||||
+ help = 'pass client states file, provided that info file resides in the same directory.')
|
||||
+ parser.add_argument('-q', '--quiet', action = 'store_true',
|
||||
+ help = 'don\'t print the header information')
|
||||
+
|
||||
+ args = parser.parse_args()
|
||||
+
|
||||
+ global verbose
|
||||
+ verbose = False
|
||||
+ if args.verbose:
|
||||
+ verbose = True
|
||||
+
|
||||
+ if args.file:
|
||||
+ paths = args.file
|
||||
+ else:
|
||||
+ paths = getpaths()
|
||||
+
|
||||
+ p = mp.Pool(mp.cpu_count(), init_worker)
|
||||
+ try:
|
||||
+ result = p.map(opener, paths)
|
||||
+ ### Drop None entries from list
|
||||
+ final_result = list(filter(None, result))
|
||||
+ p.close()
|
||||
+ p.join()
|
||||
+
|
||||
+ if len(final_result) !=0 and not args.quiet:
|
||||
+ print_cols(args)
|
||||
+
|
||||
+ for item in final_result:
|
||||
+ printer(item, args)
|
||||
+
|
||||
+ except KeyboardInterrupt:
|
||||
+ print('Caught KeyboardInterrupt, terminating workers')
|
||||
+ p.terminate()
|
||||
+ p.join()
|
||||
+
|
||||
+if __name__ == "__main__":
|
||||
+ nfsd4_show()
|
@ -1,276 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/support/nfs/conffile.c.orig nfs-utils-2.3.3/support/nfs/conffile.c
|
||||
--- nfs-utils-2.3.3/support/nfs/conffile.c.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/support/nfs/conffile.c 2019-04-25 10:58:27.199907596 -0400
|
||||
@@ -50,6 +50,7 @@
|
||||
#include <err.h>
|
||||
#include <syslog.h>
|
||||
#include <libgen.h>
|
||||
+#include <sys/file.h>
|
||||
|
||||
#include "conffile.h"
|
||||
#include "xlog.h"
|
||||
@@ -509,6 +510,17 @@ conf_readfile(const char *path)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ /* Grab a shared lock to ensure its not mid-rewrite */
|
||||
+ if (flock(fd, LOCK_SH)) {
|
||||
+ xlog_warn("conf_readfile: attempt to grab read lock failed: %s",
|
||||
+ strerror(errno));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ /* only after we have the lock, check the file size ready to read it */
|
||||
+ sz = lseek(fd, 0, SEEK_END);
|
||||
+ lseek(fd, 0, SEEK_SET);
|
||||
+
|
||||
new_conf_addr = malloc(sz+1);
|
||||
if (!new_conf_addr) {
|
||||
xlog_warn("conf_readfile: malloc (%lu) failed", (unsigned long)sz);
|
||||
@@ -1588,6 +1600,17 @@ flush_outqueue(struct tailhead *queue, F
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* append one queue to another */
|
||||
+static void
|
||||
+append_queue(struct tailhead *inq, struct tailhead *outq)
|
||||
+{
|
||||
+ while (inq->tqh_first != NULL) {
|
||||
+ struct outbuffer *ob = inq->tqh_first;
|
||||
+ TAILQ_REMOVE(inq, ob, link);
|
||||
+ TAILQ_INSERT_TAIL(outq, ob, link);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* read one line of text from a file, growing the buffer as necessary */
|
||||
static int
|
||||
read_line(char **buff, int *buffsize, FILE *in)
|
||||
@@ -1728,6 +1751,16 @@ is_folded(const char *line)
|
||||
return false;
|
||||
}
|
||||
|
||||
+static int
|
||||
+lock_file(FILE *f)
|
||||
+{
|
||||
+ int ret;
|
||||
+ ret = flock(fileno(f), LOCK_EX);
|
||||
+ if (ret)
|
||||
+ xlog(L_ERROR, "Error could not lock the file");
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/***
|
||||
* Write a value to an nfs.conf style filename
|
||||
*
|
||||
@@ -1738,15 +1771,14 @@ int
|
||||
conf_write(const char *filename, const char *section, const char *arg,
|
||||
const char *tag, const char *value)
|
||||
{
|
||||
- int fdout = -1;
|
||||
- char *outpath = NULL;
|
||||
- FILE *outfile = NULL;
|
||||
FILE *infile = NULL;
|
||||
int ret = 1;
|
||||
struct tailhead outqueue;
|
||||
+ struct tailhead inqueue;
|
||||
char * buff = NULL;
|
||||
int buffsize = 0;
|
||||
|
||||
+ TAILQ_INIT(&inqueue);
|
||||
TAILQ_INIT(&outqueue);
|
||||
|
||||
if (!filename) {
|
||||
@@ -1759,26 +1791,7 @@ conf_write(const char *filename, const c
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (asprintf(&outpath, "%s.XXXXXX", filename) == -1) {
|
||||
- xlog(L_ERROR, "conf_write: error composing temp filename");
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
- fdout = mkstemp(outpath);
|
||||
- if (fdout < 0) {
|
||||
- xlog(L_ERROR, "conf_write: open temp file %s failed: %s",
|
||||
- outpath, strerror(errno));
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- outfile = fdopen(fdout, "w");
|
||||
- if (!outfile) {
|
||||
- xlog(L_ERROR, "conf_write: fdopen temp file failed: %s",
|
||||
- strerror(errno));
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- infile = fopen(filename, "r");
|
||||
+ infile = fopen(filename, "r+");
|
||||
if (!infile) {
|
||||
if (!value) {
|
||||
xlog_warn("conf_write: config file \"%s\" not found, nothing to do", filename);
|
||||
@@ -1787,18 +1800,29 @@ conf_write(const char *filename, const c
|
||||
}
|
||||
|
||||
xlog_warn("conf_write: config file \"%s\" not found, creating.", filename);
|
||||
- if (append_line(&outqueue, NULL, make_section(section, arg)))
|
||||
+ infile = fopen(filename, "wx");
|
||||
+ if (!infile) {
|
||||
+ xlog(L_ERROR, "conf_write: Error creating config file \"%s\".", filename);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (lock_file(infile))
|
||||
goto cleanup;
|
||||
|
||||
- if (append_line(&outqueue, NULL, make_tagline(tag, value)))
|
||||
+ if (append_line(&inqueue, NULL, make_section(section, arg)))
|
||||
goto cleanup;
|
||||
|
||||
- if (flush_outqueue(&outqueue, outfile))
|
||||
+ if (append_line(&inqueue, NULL, make_tagline(tag, value)))
|
||||
goto cleanup;
|
||||
+
|
||||
+ append_queue(&inqueue, &outqueue);
|
||||
} else {
|
||||
bool found = false;
|
||||
int err = 0;
|
||||
|
||||
+ if (lock_file(infile))
|
||||
+ goto cleanup;
|
||||
+
|
||||
buffsize = 4096;
|
||||
buff = calloc(1, buffsize);
|
||||
if (buff == NULL) {
|
||||
@@ -1813,7 +1837,7 @@ conf_write(const char *filename, const c
|
||||
/* read in one section worth of lines */
|
||||
do {
|
||||
if (*buff != '\0') {
|
||||
- if (append_line(&outqueue, NULL, strdup(buff)))
|
||||
+ if (append_line(&inqueue, NULL, strdup(buff)))
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -1821,7 +1845,7 @@ conf_write(const char *filename, const c
|
||||
} while (err == 0 && buff[0] != '[');
|
||||
|
||||
/* find the section header */
|
||||
- where = TAILQ_FIRST(&outqueue);
|
||||
+ where = TAILQ_FIRST(&inqueue);
|
||||
while (where != NULL) {
|
||||
if (where->text != NULL && where->text[0] == '[')
|
||||
break;
|
||||
@@ -1845,7 +1869,7 @@ conf_write(const char *filename, const c
|
||||
/* remove current tag */
|
||||
do {
|
||||
struct outbuffer *next = TAILQ_NEXT(where, link);
|
||||
- TAILQ_REMOVE(&outqueue, where, link);
|
||||
+ TAILQ_REMOVE(&inqueue, where, link);
|
||||
if (is_folded(where->text))
|
||||
again = true;
|
||||
else
|
||||
@@ -1857,14 +1881,14 @@ conf_write(const char *filename, const c
|
||||
|
||||
/* insert new tag */
|
||||
if (value) {
|
||||
- if (append_line(&outqueue, prev, make_tagline(tag, value)))
|
||||
+ if (append_line(&inqueue, prev, make_tagline(tag, value)))
|
||||
goto cleanup;
|
||||
}
|
||||
} else
|
||||
/* no existing assignment found and we need to add one */
|
||||
if (value) {
|
||||
/* rewind past blank lines and comments */
|
||||
- struct outbuffer *tail = TAILQ_LAST(&outqueue, tailhead);
|
||||
+ struct outbuffer *tail = TAILQ_LAST(&inqueue, tailhead);
|
||||
|
||||
/* comments immediately before a section usually relate
|
||||
* to the section below them */
|
||||
@@ -1876,7 +1900,7 @@ conf_write(const char *filename, const c
|
||||
tail = TAILQ_PREV(tail, tailhead, link);
|
||||
|
||||
/* now add the tag here */
|
||||
- if (append_line(&outqueue, tail, make_tagline(tag, value)))
|
||||
+ if (append_line(&inqueue, tail, make_tagline(tag, value)))
|
||||
goto cleanup;
|
||||
|
||||
found = true;
|
||||
@@ -1886,49 +1910,45 @@ conf_write(const char *filename, const c
|
||||
/* EOF and correct section not found, so add one */
|
||||
if (err && !found && value) {
|
||||
/* did the last section end in a blank line */
|
||||
- struct outbuffer *tail = TAILQ_LAST(&outqueue, tailhead);
|
||||
+ struct outbuffer *tail = TAILQ_LAST(&inqueue, tailhead);
|
||||
if (tail && !is_empty(tail->text)) {
|
||||
/* no, so add one for clarity */
|
||||
- if (append_line(&outqueue, NULL, strdup("\n")))
|
||||
+ if (append_line(&inqueue, NULL, strdup("\n")))
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* add the new section header */
|
||||
- if (append_line(&outqueue, NULL, make_section(section, arg)))
|
||||
+ if (append_line(&inqueue, NULL, make_section(section, arg)))
|
||||
goto cleanup;
|
||||
|
||||
/* now add the tag */
|
||||
- if (append_line(&outqueue, NULL, make_tagline(tag, value)))
|
||||
+ if (append_line(&inqueue, NULL, make_tagline(tag, value)))
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- /* we are done with this section, write it out */
|
||||
- if (flush_outqueue(&outqueue, outfile))
|
||||
- goto cleanup;
|
||||
+ /* we are done with this section, move it to the out queue */
|
||||
+ append_queue(&inqueue, &outqueue);
|
||||
} while(err == 0);
|
||||
}
|
||||
|
||||
- if (infile) {
|
||||
- fclose(infile);
|
||||
- infile = NULL;
|
||||
- }
|
||||
+ /* now rewind and overwrite the file with the updated data */
|
||||
+ rewind(infile);
|
||||
|
||||
- fdout = -1;
|
||||
- if (fclose(outfile)) {
|
||||
- xlog(L_ERROR, "Error writing config file: %s", strerror(errno));
|
||||
+ if (ftruncate(fileno(infile), 0)) {
|
||||
+ xlog(L_ERROR, "Error truncating config file");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- /* now swap the old file for the new one */
|
||||
- if (rename(outpath, filename)) {
|
||||
- xlog(L_ERROR, "Error updating config file: %s: %s\n", filename, strerror(errno));
|
||||
- ret = 1;
|
||||
- } else {
|
||||
- ret = 0;
|
||||
- free(outpath);
|
||||
- outpath = NULL;
|
||||
+ if (flush_outqueue(&outqueue, infile))
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (infile) {
|
||||
+ fclose(infile);
|
||||
+ infile = NULL;
|
||||
}
|
||||
|
||||
+ ret = 0;
|
||||
+
|
||||
cleanup:
|
||||
flush_outqueue(&outqueue, NULL);
|
||||
|
||||
@@ -1936,11 +1956,5 @@ cleanup:
|
||||
free(buff);
|
||||
if (infile)
|
||||
fclose(infile);
|
||||
- if (fdout != -1)
|
||||
- close(fdout);
|
||||
- if (outpath) {
|
||||
- unlink(outpath);
|
||||
- free(outpath);
|
||||
- }
|
||||
return ret;
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
commit 268e3c0cff6d6aee3b8f5458545f8dab76d7d444
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Mon Feb 4 15:17:42 2019 -0500
|
||||
|
||||
nfs.conf: Fixed manage-gids option typo
|
||||
|
||||
Reported-by: Adam DiFrischia <adifrischia@curtisswright.com>
|
||||
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=333
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 796bee4..722b024 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -26,7 +26,7 @@
|
||||
#
|
||||
[mountd]
|
||||
# debug=0
|
||||
-# manage_gids=n
|
||||
+# manage-gids=n
|
||||
# descriptors=0
|
||||
# port=0
|
||||
# threads=1
|
@ -1,73 +0,0 @@
|
||||
commit 0240df0e8ccf7be2706a6a10a2a620f8eda55275
|
||||
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Date: Thu Sep 5 07:36:26 2019 -0400
|
||||
|
||||
nfsd: Adjust nfs.conf setting/parsing of rdma port
|
||||
|
||||
The rpc.nfsd program can use option "--rdma" to enable
|
||||
RDMA on the standard port (nfsrdma/20049) or "--rdma=port"
|
||||
for an alternate port.
|
||||
|
||||
But now in /etc/nfs.conf, we need to specify the port
|
||||
number (e.g. rdma=nfsrdma) to enable it, which is not
|
||||
convenient.
|
||||
The default setting "rdma=n" may cause more confusion.
|
||||
|
||||
Update to enable RDMA on standard port when setting
|
||||
boolean YES to "rdma=". And using "rdma-port=" for an
|
||||
alternate port if necessary.
|
||||
|
||||
Also let previous config (e.g. rdma=nfsrdma) work as well.
|
||||
|
||||
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 85097fd..186a5b1 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -63,6 +63,7 @@
|
||||
# vers4.1=y
|
||||
# vers4.2=y
|
||||
# rdma=n
|
||||
+# rdma-port=20049
|
||||
#
|
||||
[statd]
|
||||
# debug=0
|
||||
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
|
||||
index b256bd9..a412a02 100644
|
||||
--- a/utils/nfsd/nfsd.c
|
||||
+++ b/utils/nfsd/nfsd.c
|
||||
@@ -92,7 +92,14 @@ main(int argc, char **argv)
|
||||
port = conf_get_str("nfsd", "port");
|
||||
if (!port)
|
||||
port = "nfs";
|
||||
- rdma_port = conf_get_str("nfsd", "rdma");
|
||||
+ if (conf_get_bool("nfsd", "rdma", false)) {
|
||||
+ rdma_port = conf_get_str("nfsd", "rdma-port");
|
||||
+ if (!rdma_port)
|
||||
+ rdma_port = "nfsrdma";
|
||||
+ }
|
||||
+ /* backward compatibility - nfs.conf used to set rdma port directly */
|
||||
+ if (!rdma_port)
|
||||
+ rdma_port = conf_get_str("nfsd", "rdma");
|
||||
if (conf_get_bool("nfsd", "udp", NFSCTL_UDPISSET(protobits)))
|
||||
NFSCTL_UDPSET(protobits);
|
||||
else
|
||||
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
|
||||
index d83ef86..2701ba7 100644
|
||||
--- a/utils/nfsd/nfsd.man
|
||||
+++ b/utils/nfsd/nfsd.man
|
||||
@@ -144,7 +144,11 @@ The lease time for NFSv4, in seconds.
|
||||
Set the port for TCP/UDP to bind to.
|
||||
.TP
|
||||
.B rdma
|
||||
-Set RDMA port. Use "rdma=nfsrdma" to enable standard port.
|
||||
+Enable RDMA port (with "on" or "yes" etc) on the standard port
|
||||
+("nfsrdma", port 20049).
|
||||
+.TP
|
||||
+.B rdma-port
|
||||
+Set an alternate RDMA port.
|
||||
.TP
|
||||
.B UDP
|
||||
Enable (with "on" or "yes" etc) or disable ("off", "no") UDP support.
|
@ -1,82 +1,21 @@
|
||||
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
|
||||
--- nfs-utils-2.3.3/nfs.conf.orig 2018-10-22 13:34:58.927700353 -0400
|
||||
+++ nfs-utils-2.3.3/nfs.conf 2018-10-22 14:14:36.864110090 -0400
|
||||
@@ -2,16 +2,16 @@
|
||||
# This is a general configuration for the
|
||||
# NFS daemons and tools
|
||||
#
|
||||
-#[general]
|
||||
+[general]
|
||||
# pipefs-directory=/var/lib/nfs/rpc_pipefs
|
||||
#
|
||||
-#[exportfs]
|
||||
+[exportfs]
|
||||
# debug=0
|
||||
#
|
||||
-#[gssd]
|
||||
+[gssd]
|
||||
diff -up nfs-utils-2.5.4/nfs.conf.orig nfs-utils-2.5.4/nfs.conf
|
||||
--- nfs-utils-2.5.4/nfs.conf.orig 2024-04-30 14:42:44.551812808 -0400
|
||||
+++ nfs-utils-2.5.4/nfs.conf 2024-04-30 14:43:29.985032677 -0400
|
||||
@@ -20,7 +20,7 @@
|
||||
# rpc-verbosity=0
|
||||
# use-memcache=0
|
||||
# use-machine-creds=1
|
||||
-# use-gss-proxy=0
|
||||
+use-gss-proxy=1
|
||||
# avoid-dns=1
|
||||
# limit-to-legacy-enctypes=0
|
||||
# context-timeout=0
|
||||
@@ -20,11 +20,11 @@
|
||||
# cred-cache-directory=
|
||||
# preferred-realm=
|
||||
#
|
||||
-#[lockd]
|
||||
+[lockd]
|
||||
# port=0
|
||||
# udp-port=0
|
||||
#
|
||||
-#[mountd]
|
||||
+[mountd]
|
||||
# debug=0
|
||||
# manage_gids=n
|
||||
# descriptors=0
|
||||
@@ -34,18 +34,17 @@
|
||||
# state-directory-path=/var/lib/nfs
|
||||
# ha-callout=
|
||||
#
|
||||
-#[nfsdcltrack]
|
||||
+[nfsdcltrack]
|
||||
# debug=0
|
||||
# storagedir=/var/lib/nfs/nfsdcltrack
|
||||
#
|
||||
-#[nfsd]
|
||||
+[nfsd]
|
||||
# debug=0
|
||||
# threads=8
|
||||
# host=
|
||||
# port=0
|
||||
# grace-time=90
|
||||
# lease-time=90
|
||||
-# udp=n
|
||||
# tcp=y
|
||||
# vers2=n
|
||||
# vers3=y
|
||||
@@ -55,7 +54,7 @@
|
||||
# vers4.2=y
|
||||
# rdma=n
|
||||
#
|
||||
-#[statd]
|
||||
+[statd]
|
||||
# debug=0
|
||||
# port=0
|
||||
# outgoing-port=0
|
||||
@@ -63,12 +62,10 @@
|
||||
# state-directory-path=/var/lib/nfs/statd
|
||||
# ha-callout=
|
||||
#
|
||||
-#[sm-notify]
|
||||
+[sm-notify]
|
||||
# debug=0
|
||||
# retry-time=900
|
||||
# allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
|
||||
@@ -97,6 +97,5 @@ rdma-port=20049
|
||||
# outgoing-port=
|
||||
# outgoing-addr=
|
||||
# lift-grace=y
|
||||
#
|
||||
-#[svcgssd]
|
||||
-#
|
||||
-[svcgssd]
|
||||
-# principal=
|
||||
+
|
||||
+#tag1234 - Used for install purposes only
|
||||
|
@ -1,104 +0,0 @@
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index 2c14e5f..00df2fc 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -888,6 +888,9 @@ main(int argc, char *argv[])
|
||||
|
||||
read_gss_conf();
|
||||
|
||||
+ verbosity = conf_get_num("gssd", "Verbosity", verbosity);
|
||||
+ rpc_verbosity = conf_get_num("gssd", "RPC-Verbosity", rpc_verbosity);
|
||||
+
|
||||
while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'f':
|
||||
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
|
||||
index 8e918cc..ec49b61 100644
|
||||
--- a/utils/gssd/svcgssd.c
|
||||
+++ b/utils/gssd/svcgssd.c
|
||||
@@ -113,6 +113,10 @@ main(int argc, char *argv[])
|
||||
else
|
||||
principal = s;
|
||||
|
||||
+ verbosity = conf_get_num("svcgssd", "Verbosity", verbosity);
|
||||
+ rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
|
||||
+ idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
|
||||
+
|
||||
while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'f':
|
||||
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
|
||||
index 4811e0f..d14eef7 100644
|
||||
--- a/utils/idmapd/idmapd.c
|
||||
+++ b/utils/idmapd/idmapd.c
|
||||
@@ -261,6 +261,10 @@ main(int argc, char **argv)
|
||||
strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
|
||||
CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
|
||||
CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
|
||||
+ if (conf_get_bool("General", "server-only", false))
|
||||
+ clientstart = 0;
|
||||
+ if (conf_get_bool("General", "client-only", false))
|
||||
+ serverstart = 0;
|
||||
}
|
||||
} else {
|
||||
conf_path = NFS_CONFFILE;
|
||||
@@ -276,6 +280,10 @@ main(int argc, char **argv)
|
||||
"cache-expiration", DEFAULT_IDMAP_CACHE_EXPIRY);
|
||||
CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
|
||||
CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
|
||||
+ if (conf_get_bool("General", "server-only", false))
|
||||
+ clientstart = 0;
|
||||
+ if (conf_get_bool("General", "client-only", false))
|
||||
+ serverstart = 0;
|
||||
}
|
||||
|
||||
while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
|
||||
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
|
||||
index 6b57e2b..b256bd9 100644
|
||||
--- a/utils/nfsd/nfsd.c
|
||||
+++ b/utils/nfsd/nfsd.c
|
||||
@@ -83,6 +83,9 @@ main(int argc, char **argv)
|
||||
|
||||
conf_init_file(NFS_CONFFILE);
|
||||
xlog_from_conffile("nfsd");
|
||||
+
|
||||
+ nfssvc_get_minormask(&minormask);
|
||||
+
|
||||
count = conf_get_num("nfsd", "threads", count);
|
||||
grace = conf_get_num("nfsd", "grace-time", grace);
|
||||
lease = conf_get_num("nfsd", "lease-time", lease);
|
||||
@@ -101,13 +104,19 @@ main(int argc, char **argv)
|
||||
for (i = 2; i <= 4; i++) {
|
||||
char tag[20];
|
||||
sprintf(tag, "vers%d", i);
|
||||
- if (conf_get_bool("nfsd", tag, NFSCTL_VERISSET(versbits, i)))
|
||||
+ if (conf_get_bool("nfsd", tag, NFSCTL_VERISSET(versbits, i))) {
|
||||
NFSCTL_VERSET(versbits, i);
|
||||
- else
|
||||
+ if (i == 4)
|
||||
+ minorvers = minorversset = minormask;
|
||||
+ } else {
|
||||
NFSCTL_VERUNSET(versbits, i);
|
||||
+ if (i == 4) {
|
||||
+ minorvers = 0;
|
||||
+ minorversset = minormask;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
- nfssvc_get_minormask(&minormask);
|
||||
/* We assume the kernel will default all minor versions to 'on',
|
||||
* and allow the config file to disable some.
|
||||
*/
|
||||
diff --git a/utils/statd/sm-notify.c b/utils/statd/sm-notify.c
|
||||
index 7a48473..29dad38 100644
|
||||
--- a/utils/statd/sm-notify.c
|
||||
+++ b/utils/statd/sm-notify.c
|
||||
@@ -503,6 +503,7 @@ main(int argc, char **argv)
|
||||
s = conf_get_str("statd", "state-directory-path");
|
||||
if (s && !nsm_setup_pathnames(argv[0], s))
|
||||
exit(1);
|
||||
+ opt_update_state = conf_get_bool("sm-notify", "update-state", opt_update_state);
|
||||
|
||||
while ((c = getopt(argc, argv, "dm:np:v:P:f")) != -1) {
|
||||
switch (c) {
|
File diff suppressed because it is too large
Load Diff
@ -1,29 +0,0 @@
|
||||
commit 3e81185037cf97990e4598218f56d92dd70d6269
|
||||
Author: NeilBrown <neilb@suse.de>
|
||||
Date: Tue Oct 20 13:19:10 2020 -0400
|
||||
|
||||
clddb-tool was recently renamed to nfsdclddb.
|
||||
Unfortunately the nfsdcld man page wasn't told.
|
||||
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
|
||||
index 4c2b1e80..861f1c49 100644
|
||||
--- a/utils/nfsdcld/nfsdcld.man
|
||||
+++ b/utils/nfsdcld/nfsdcld.man
|
||||
@@ -209,12 +209,12 @@ not necessary after upgrading \fBnfsdcld\fR, however \fBnfsd\fR will not use a l
|
||||
version until restart. A restart of \fBnfsd is necessary\fR after downgrading \fBnfsdcld\fR,
|
||||
to ensure that \fBnfsd\fR does not use an upcall version that \fBnfsdcld\fR does not support.
|
||||
Additionally, a downgrade of \fBnfsdcld\fR requires the schema of the on-disk database to
|
||||
-be downgraded as well. That can be accomplished using the \fBclddb-tool\fR(8) utility.
|
||||
+be downgraded as well. That can be accomplished using the \fBnfsdclddb\fR(8) utility.
|
||||
.SH FILES
|
||||
.TP
|
||||
.B /var/lib/nfs/nfsdcld/main.sqlite
|
||||
.SH SEE ALSO
|
||||
-.BR nfsdcltrack "(8), " clddb-tool (8)
|
||||
+.BR nfsdcltrack "(8), " nfsdclddb (8)
|
||||
.SH "AUTHORS"
|
||||
.IX Header "AUTHORS"
|
||||
The nfsdcld daemon was developed by Jeff Layton <jlayton@redhat.com>
|
@ -1,130 +0,0 @@
|
||||
commit 77d053e4881664e7dbbc3bbb9a242af005598e95
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Wed May 13 12:22:41 2020 -0400
|
||||
|
||||
nfsdclddb: Redname clddb-tool to nfsdclddb
|
||||
|
||||
To try to maintain some type of name convention
|
||||
rename clddb-tool to nfsdclddb
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index df88e58..0b1c8cc 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -695,7 +695,7 @@ AC_CONFIG_FILES([
|
||||
tools/mountstats/Makefile
|
||||
tools/nfs-iostat/Makefile
|
||||
tools/nfsconf/Makefile
|
||||
- tools/clddb-tool/Makefile
|
||||
+ tools/nfsdclddb/Makefile
|
||||
utils/Makefile
|
||||
utils/blkmapd/Makefile
|
||||
utils/nfsdcld/Makefile
|
||||
diff --git a/tools/Makefile.am b/tools/Makefile.am
|
||||
index 53e6117..432d35d 100644
|
||||
--- a/tools/Makefile.am
|
||||
+++ b/tools/Makefile.am
|
||||
@@ -9,7 +9,7 @@ endif
|
||||
OPTDIRS += nfsconf
|
||||
|
||||
if CONFIG_NFSDCLD
|
||||
-OPTDIRS += clddb-tool
|
||||
+OPTDIRS += nfsdclddb
|
||||
endif
|
||||
|
||||
SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat $(OPTDIRS)
|
||||
diff --git a/tools/clddb-tool/Makefile.am b/tools/nfsdclddb/Makefile.am
|
||||
similarity index 60%
|
||||
rename from tools/clddb-tool/Makefile.am
|
||||
rename to tools/nfsdclddb/Makefile.am
|
||||
index 15a8fd4..18263fb 100644
|
||||
--- a/tools/clddb-tool/Makefile.am
|
||||
+++ b/tools/nfsdclddb/Makefile.am
|
||||
@@ -1,13 +1,13 @@
|
||||
## Process this file with automake to produce Makefile.in
|
||||
-PYTHON_FILES = clddb-tool.py
|
||||
+PYTHON_FILES = nfsdclddb.py
|
||||
|
||||
-man8_MANS = clddb-tool.man
|
||||
+man8_MANS = nfsdclddb.man
|
||||
|
||||
EXTRA_DIST = $(man8_MANS) $(PYTHON_FILES)
|
||||
|
||||
all-local: $(PYTHON_FILES)
|
||||
|
||||
install-data-hook:
|
||||
- $(INSTALL) -m 755 clddb-tool.py $(DESTDIR)$(sbindir)/clddb-tool
|
||||
+ $(INSTALL) -m 755 nfsdclddb.py $(DESTDIR)$(sbindir)/nfsdclddb
|
||||
|
||||
MAINTAINERCLEANFILES=Makefile.in
|
||||
diff --git a/tools/clddb-tool/clddb-tool.man b/tools/nfsdclddb/nfsdclddb.man
|
||||
similarity index 84%
|
||||
rename from tools/clddb-tool/clddb-tool.man
|
||||
rename to tools/nfsdclddb/nfsdclddb.man
|
||||
index e80b2c0..8ec7b18 100644
|
||||
--- a/tools/clddb-tool/clddb-tool.man
|
||||
+++ b/tools/nfsdclddb/nfsdclddb.man
|
||||
@@ -1,20 +1,20 @@
|
||||
.\"
|
||||
-.\" clddb-tool(8)
|
||||
+.\" nfsdclddb(8)
|
||||
.\"
|
||||
-.TH clddb-tool 8 "07 Aug 2019"
|
||||
+.TH nfsdclddb 8 "07 Aug 2019"
|
||||
.SH NAME
|
||||
-clddb-tool \- Tool for manipulating the nfsdcld sqlite database
|
||||
+nfsdclddb \- Tool for manipulating the nfsdcld sqlite database
|
||||
.SH SYNOPSIS
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
.RB [ \-h | \-\-help ]
|
||||
.P
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
.RB [ \-p | \-\-path
|
||||
.IR dbpath ]
|
||||
.B fix-table-names
|
||||
.RB [ \-h | \-\-help ]
|
||||
.P
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
.RB [ \-p | \-\-path
|
||||
.IR dbpath ]
|
||||
.B downgrade-schema
|
||||
@@ -22,7 +22,7 @@ clddb-tool \- Tool for manipulating the nfsdcld sqlite database
|
||||
.RB [ \-v | \-\-version
|
||||
.IR to-version ]
|
||||
.P
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
.RB [ \-p | \-\-path
|
||||
.IR dbpath ]
|
||||
.B print
|
||||
@@ -31,10 +31,10 @@ clddb-tool \- Tool for manipulating the nfsdcld sqlite database
|
||||
.P
|
||||
|
||||
.SH DESCRIPTION
|
||||
-.RB "The " clddb-tool " command is provided to perform some manipulation of the nfsdcld sqlite database schema and to print the contents of the database."
|
||||
+.RB "The " nfsdclddb " command is provided to perform some manipulation of the nfsdcld sqlite database schema and to print the contents of the database."
|
||||
.SS Sub-commands
|
||||
Valid
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
subcommands are:
|
||||
.IP "\fBfix-table-names\fP"
|
||||
.RB "A previous version of " nfsdcld "(8) contained a bug that corrupted the reboot epoch table names. This sub-command will fix those table names."
|
||||
@@ -66,7 +66,7 @@ The schema version to downgrade to. Currently the schema can only be downgraded
|
||||
Do not list the clients in the reboot epoch tables in the output.
|
||||
.SH NOTES
|
||||
The
|
||||
-.B clddb-tool
|
||||
+.B nfsdclddb
|
||||
command will not allow the
|
||||
.B fix-table-names
|
||||
or
|
||||
diff --git a/tools/clddb-tool/clddb-tool.py b/tools/nfsdclddb/nfsdclddb.py
|
||||
similarity index 100%
|
||||
rename from tools/clddb-tool/clddb-tool.py
|
||||
rename to tools/nfsdclddb/nfsdclddb.py
|
@ -1,27 +0,0 @@
|
||||
commit 0095435db8228d5a88ec35a63cb64271e2e648a8
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Thu Dec 19 12:48:31 2019 -0500
|
||||
|
||||
libnfsidmap: Turn off default verbosity
|
||||
|
||||
Commit f080188e changed the library's verbosity
|
||||
to be on by default. The patch turns it off by
|
||||
default
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1774787
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
|
||||
index 9299e652..d11710f1 100644
|
||||
--- a/support/nfsidmap/libnfsidmap.c
|
||||
+++ b/support/nfsidmap/libnfsidmap.c
|
||||
@@ -101,7 +101,7 @@ static void default_logger(const char *fmt, ...)
|
||||
|
||||
#pragma GCC visibility pop
|
||||
nfs4_idmap_log_function_t idmap_log_func = default_logger;
|
||||
-int idmap_verbosity = 2;
|
||||
+int idmap_verbosity = 0;
|
||||
#pragma GCC visibility push(hidden)
|
||||
|
||||
static int id_as_chars(char *name, uid_t *id)
|
@ -1,12 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
|
||||
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:38:26.462195326 -0500
|
||||
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:45:47.210671473 -0500
|
||||
@@ -380,6 +380,8 @@ class DeviceData:
|
||||
sends = float(self.__rpc_data['rpcsends'])
|
||||
if sample_time == 0:
|
||||
sample_time = float(self.__nfs_data['age'])
|
||||
+ if sample_time == 0:
|
||||
+ sample_time = 1;
|
||||
return (sends / sample_time)
|
||||
|
||||
def display_iostats(self, sample_time, which):
|
@ -1,159 +0,0 @@
|
||||
diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py
|
||||
index 48ef0964..bda9af67 100755
|
||||
--- a/tools/mountstats/mountstats.py
|
||||
+++ b/tools/mountstats/mountstats.py
|
||||
@@ -308,6 +308,8 @@ class DeviceData:
|
||||
op = words[0][:-1]
|
||||
self.__rpc_data['ops'] += [op]
|
||||
self.__rpc_data[op] = [int(word) for word in words[1:]]
|
||||
+ if len(self.__rpc_data[op]) < 9:
|
||||
+ self.__rpc_data[op] += [0]
|
||||
|
||||
def parse_stats(self, lines):
|
||||
"""Turn a list of lines from a mount stat file into a
|
||||
@@ -475,7 +477,9 @@ class DeviceData:
|
||||
retrans = stats[2] - count
|
||||
if retrans != 0:
|
||||
print('\t%d retrans (%d%%)' % (retrans, ((retrans * 100) / count)), end=' ')
|
||||
- print('\t%d major timeouts' % stats[3])
|
||||
+ print('\t%d major timeouts' % stats[3], end='')
|
||||
+ if len(stats) >= 10 and stats[9] != 0:
|
||||
+ print('\t%d errors (%d%%)' % (stats[9], ((stats[9] * 100) / count)))
|
||||
else:
|
||||
print('')
|
||||
print('\tavg bytes sent per op: %d\tavg bytes received per op: %d' % \
|
||||
@@ -580,7 +584,7 @@ class DeviceData:
|
||||
self.__nfs_data['fstype'] = 'nfs4'
|
||||
self.__rpc_data['ops'] = ops
|
||||
for op in ops:
|
||||
- self.__rpc_data[op] = [0 for i in range(8)]
|
||||
+ self.__rpc_data[op] = [0 for i in range(9)]
|
||||
|
||||
def accumulate_iostats(self, new_stats):
|
||||
"""Accumulate counters from all RPC op buckets in new_stats. This is
|
||||
@@ -605,6 +609,8 @@ class DeviceData:
|
||||
queued_for = float(rpc_stats[5])
|
||||
rtt = float(rpc_stats[6])
|
||||
exe = float(rpc_stats[7])
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errs = int(rpc_stats[8])
|
||||
|
||||
# prevent floating point exceptions
|
||||
if ops != 0:
|
||||
@@ -613,12 +619,15 @@ class DeviceData:
|
||||
rtt_per_op = rtt / ops
|
||||
exe_per_op = exe / ops
|
||||
queued_for_per_op = queued_for / ops
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errs_percent = (errs * 100) / ops
|
||||
else:
|
||||
kb_per_op = 0.0
|
||||
retrans_percent = 0.0
|
||||
rtt_per_op = 0.0
|
||||
exe_per_op = 0.0
|
||||
queued_for_per_op = 0.0
|
||||
+ errs_percent = 0.0
|
||||
|
||||
op += ':'
|
||||
print(format(op.lower(), '<16s'), end='')
|
||||
@@ -628,7 +637,10 @@ class DeviceData:
|
||||
print(format('retrans', '>16s'), end='')
|
||||
print(format('avg RTT (ms)', '>16s'), end='')
|
||||
print(format('avg exe (ms)', '>16s'), end='')
|
||||
- print(format('avg queue (ms)', '>16s'))
|
||||
+ print(format('avg queue (ms)', '>16s'), end='')
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ print(format('errors', '>16s'), end='')
|
||||
+ print()
|
||||
|
||||
print(format((ops / sample_time), '>24.3f'), end='')
|
||||
print(format((kilobytes / sample_time), '>16.3f'), end='')
|
||||
@@ -637,7 +649,11 @@ class DeviceData:
|
||||
print(format(retransmits, '>16'), end='')
|
||||
print(format(rtt_per_op, '>16.3f'), end='')
|
||||
print(format(exe_per_op, '>16.3f'), end='')
|
||||
- print(format(queued_for_per_op, '>16.3f'))
|
||||
+ print(format(queued_for_per_op, '>16.3f'), end='')
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errors = '{0:>10.0f} ({1:>3.1f}%)'.format(errs, errs_percent).strip()
|
||||
+ print(format(errors, '>16'), end='')
|
||||
+ print()
|
||||
|
||||
def display_iostats(self, sample_time):
|
||||
"""Display NFS and RPC stats in an iostat-like way
|
||||
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index f1556fb7..5b2260ad
|
||||
--- a/tools/nfs-iostat/nfs-iostat.py
|
||||
+++ b/tools/nfs-iostat/nfs-iostat.py
|
||||
@@ -329,6 +329,8 @@ class DeviceData:
|
||||
queued_for = float(rpc_stats[5])
|
||||
rtt = float(rpc_stats[6])
|
||||
exe = float(rpc_stats[7])
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errs = float(rpc_stats[8])
|
||||
|
||||
# prevent floating point exceptions
|
||||
if ops != 0:
|
||||
@@ -337,12 +339,16 @@ class DeviceData:
|
||||
rtt_per_op = rtt / ops
|
||||
exe_per_op = exe / ops
|
||||
queued_for_per_op = queued_for / ops
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errs_percent = (errs * 100) / ops
|
||||
else:
|
||||
kb_per_op = 0.0
|
||||
retrans_percent = 0.0
|
||||
rtt_per_op = 0.0
|
||||
exe_per_op = 0.0
|
||||
queued_for_per_op = 0.0
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errs_percent = 0.0
|
||||
|
||||
op += ':'
|
||||
print(format(op.lower(), '<16s'), end='')
|
||||
@@ -352,7 +358,10 @@ class DeviceData:
|
||||
print(format('retrans', '>16s'), end='')
|
||||
print(format('avg RTT (ms)', '>16s'), end='')
|
||||
print(format('avg exe (ms)', '>16s'), end='')
|
||||
- print(format('avg queue (ms)', '>16s'))
|
||||
+ print(format('avg queue (ms)', '>16s'), end='')
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ print(format('errors', '>16s'), end='')
|
||||
+ print()
|
||||
|
||||
print(format((ops / sample_time), '>24.3f'), end='')
|
||||
print(format((kilobytes / sample_time), '>16.3f'), end='')
|
||||
@@ -361,7 +370,11 @@ class DeviceData:
|
||||
print(format(retransmits, '>16'), end='')
|
||||
print(format(rtt_per_op, '>16.3f'), end='')
|
||||
print(format(exe_per_op, '>16.3f'), end='')
|
||||
- print(format(queued_for_per_op, '>16.3f'))
|
||||
+ print(format(queued_for_per_op, '>16.3f'), end='')
|
||||
+ if len(rpc_stats) >= 9:
|
||||
+ errors = '{0:>10.0f} ({1:>3.1f}%)'.format(errs, errs_percent).strip()
|
||||
+ print(format(errors, '>16'), end='')
|
||||
+ print()
|
||||
|
||||
def ops(self, sample_time):
|
||||
sends = float(self.__rpc_data['rpcsends'])
|
||||
diff --git a/tools/nfs-iostat/nfsiostat.man b/tools/nfs-iostat/nfsiostat.man
|
||||
index 9ae94c5f..940c0431 100644
|
||||
--- a/tools/nfs-iostat/nfsiostat.man
|
||||
+++ b/tools/nfs-iostat/nfsiostat.man
|
||||
@@ -97,6 +97,14 @@ This is the duration from the time the NFS client created the RPC request task t
|
||||
.RE
|
||||
.RE
|
||||
.RE
|
||||
+.RS 8
|
||||
+- \fBerrors\fR
|
||||
+.RS
|
||||
+This is the number of operations that completed with an error status (status < 0). This count is only available on kernels with RPC iostats version 1.1 or above.
|
||||
+.RS
|
||||
+.RE
|
||||
+.RE
|
||||
+.RE
|
||||
.TP
|
||||
Note that if an interval is used as argument to \fBnfsiostat\fR, then the diffrence from previous interval will be displayed, otherwise the results will be from the time that the share was mounted.
|
||||
|
@ -1,37 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig nfs-utils-2.3.3/tools/mountstats/mountstats.py
|
||||
--- nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig 2020-12-10 10:48:17.319579958 -0500
|
||||
+++ nfs-utils-2.3.3/tools/mountstats/mountstats.py 2020-12-10 10:52:42.481484160 -0500
|
||||
@@ -943,10 +943,11 @@ def print_iostat_summary(old, new, devic
|
||||
if not old or device not in old:
|
||||
stats.display_iostats(time)
|
||||
else:
|
||||
- old_stats = DeviceData()
|
||||
- old_stats.parse_stats(old[device])
|
||||
- diff_stats = stats.compare_iostats(old_stats)
|
||||
- diff_stats.display_iostats(time)
|
||||
+ if ("fstype autofs" not in str(old[device])) and ("fstype autofs" not in str(new[device])):
|
||||
+ old_stats = DeviceData()
|
||||
+ old_stats.parse_stats(old[device])
|
||||
+ diff_stats = stats.compare_iostats(old_stats)
|
||||
+ diff_stats.display_iostats(time)
|
||||
|
||||
def iostat_command(args):
|
||||
"""iostat-like command for NFS mount points
|
||||
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
|
||||
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:48:17.316579880 -0500
|
||||
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:52:42.481484160 -0500
|
||||
@@ -467,10 +467,13 @@ def parse_stats_file(filename):
|
||||
def print_iostat_summary(old, new, devices, time, options):
|
||||
stats = {}
|
||||
diff_stats = {}
|
||||
+ devicelist = []
|
||||
if old:
|
||||
# Trim device list to only include intersection of old and new data,
|
||||
# this addresses umounts due to autofs mountpoints
|
||||
- devicelist = [x for x in old if x in devices]
|
||||
+ for device in devices:
|
||||
+ if "fstype autofs" not in str(old[device]):
|
||||
+ devicelist.append(device)
|
||||
else:
|
||||
devicelist = devices
|
||||
|
@ -1,53 +0,0 @@
|
||||
commit b5381c96298d75ba66625a007e2390e2b501850d
|
||||
Author: Trond Myklebust <trond.myklebust@hammerspace.com>
|
||||
Date: Wed Jan 29 10:45:39 2020 -0500
|
||||
|
||||
manpage: Add a description of the 'softreval' / 'nosoftreval' mount option
|
||||
|
||||
Add a description of the 'softreval' / 'nosoftreval' mount options on
|
||||
the 'nfs' generic manpage.
|
||||
|
||||
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index 84462cd7..6f79c63a 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -121,6 +121,36 @@ option may mitigate some of the risks of using the
|
||||
.B soft
|
||||
option.
|
||||
.TP 1.5i
|
||||
+.BR softreval " / " nosoftreval
|
||||
+In cases where the NFS server is down, it may be useful to
|
||||
+allow the NFS client to continue to serve up paths and
|
||||
+attributes from cache after
|
||||
+.B retrans
|
||||
+attempts to revalidate that cache have timed out.
|
||||
+This may, for instance, be helpful when trying to unmount a
|
||||
+filesystem tree from a server that is permanently down.
|
||||
+.IP
|
||||
+It is possible to combine
|
||||
+.BR softreval
|
||||
+with the
|
||||
+.B soft
|
||||
+mount option, in which case operations that cannot be served up
|
||||
+from cache will time out and return an error after
|
||||
+.B retrans
|
||||
+attempts. The combination with the default
|
||||
+.B hard
|
||||
+mount option implies those uncached operations will continue to
|
||||
+retry until a response is received from the server.
|
||||
+.IP
|
||||
+Note: the default mount option is
|
||||
+.BR nosoftreval
|
||||
+which disallows fallback to cache when revalidation fails, and
|
||||
+instead follows the behavior dictated by the
|
||||
+.B hard
|
||||
+or
|
||||
+.B soft
|
||||
+mount option.
|
||||
+.TP 1.5i
|
||||
.BR intr " / " nointr
|
||||
This option is provided for backward compatibility.
|
||||
It is ignored after kernel 2.6.25.
|
@ -1,22 +0,0 @@
|
||||
commit 2b78802c4eda6f74b77330832c54fd6b59991adf
|
||||
Author: Josef Radinger <cheese@nosuchhost.net>
|
||||
Date: Wed Jul 24 10:59:51 2019 -0400
|
||||
|
||||
nfs.man: Fixed small typo in man page
|
||||
|
||||
Fixes: https://bugzilla.linux-nfs.org/show_bug.cgi?id=337
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index 9ee9bd9..6ba9cef 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -1252,7 +1252,7 @@ If absolute cache coherence among clients is required,
|
||||
applications should use file locking. Alternatively, applications
|
||||
can also open their files with the O_DIRECT flag
|
||||
to disable data caching entirely.
|
||||
-.SS "File timestamp maintainence"
|
||||
+.SS "File timestamp maintenance"
|
||||
NFS servers are responsible for managing file and directory timestamps
|
||||
.RB ( atime ,
|
||||
.BR ctime ", and"
|
@ -1,188 +0,0 @@
|
||||
commit 80b17639d78e152306d8d1753d719654ebb40e01
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Fri Oct 19 10:26:10 2018 -0400
|
||||
|
||||
Remove osd_login
|
||||
|
||||
This ancient script has not been used
|
||||
in years, if used at all.
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e82ff14..cf1c4b9 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -238,13 +238,6 @@ AC_ARG_ENABLE(nfsdcltrack,
|
||||
enable_nfsdcltrack=$enableval,
|
||||
enable_nfsdcltrack="yes")
|
||||
|
||||
-AC_ARG_ENABLE(osdlogin,
|
||||
- [AC_HELP_STRING([--enable-osdlogin],
|
||||
- [enable osd_login scripts @<:@default=no@:>@])],
|
||||
- enable_osdlogin=$enableval,
|
||||
- enable_osdlogin="no")
|
||||
- AM_CONDITIONAL(CONFIG_OSD_LOGIN, [test "$enable_osdlogin" = "yes" ])
|
||||
-
|
||||
dnl Check for TI-RPC library and headers
|
||||
AC_LIBTIRPC
|
||||
|
||||
@@ -631,7 +624,6 @@ AC_CONFIG_FILES([
|
||||
utils/nfsidmap/Makefile
|
||||
utils/showmount/Makefile
|
||||
utils/statd/Makefile
|
||||
- utils/osd_login/Makefile
|
||||
systemd/Makefile
|
||||
tests/Makefile
|
||||
tests/nsm_client/Makefile])
|
||||
diff --git a/utils/Makefile.am b/utils/Makefile.am
|
||||
index d361aea..0a5b062 100644
|
||||
--- a/utils/Makefile.am
|
||||
+++ b/utils/Makefile.am
|
||||
@@ -34,7 +34,6 @@ SUBDIRS = \
|
||||
nfsstat \
|
||||
showmount \
|
||||
statd \
|
||||
- osd_login \
|
||||
$(OPTDIRS)
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am
|
||||
deleted file mode 100644
|
||||
index ded1fd3..0000000
|
||||
--- a/utils/osd_login/Makefile.am
|
||||
+++ /dev/null
|
||||
@@ -1,9 +0,0 @@
|
||||
-## Process this file with automake to produce Makefile.in
|
||||
-
|
||||
-# These binaries go in /sbin (not /usr/sbin), and that cannot be
|
||||
-# overridden at config time.
|
||||
-sbindir = /sbin
|
||||
-
|
||||
-dist_sbin_SCRIPTS = osd_login
|
||||
-
|
||||
-MAINTAINERCLEANFILES = Makefile.in
|
||||
diff --git a/utils/osd_login/osd_login b/utils/osd_login/osd_login
|
||||
deleted file mode 100644
|
||||
index 08cd2d2..0000000
|
||||
--- a/utils/osd_login/osd_login
|
||||
+++ /dev/null
|
||||
@@ -1,118 +0,0 @@
|
||||
-#!/bin/bash
|
||||
-#
|
||||
-# osd_login : This script is part of the autologin feature
|
||||
-# mandated by the pnfs-objects standard.
|
||||
-# It is called from objlayoutdriver.ko in the kernel.
|
||||
-
|
||||
-# Copyright (C) 2012, Sachin Bhamare <sbhamare@panasas.com>
|
||||
-# Copyright (C) 2012, Boaz Harrosh <bharrosh@panasas.com>
|
||||
-#
|
||||
-# This program is free software; you can redistribute it and/or modify
|
||||
-# it under the terms of the GNU General Public License version 2 as
|
||||
-# published by the Free Software Foundation.
|
||||
-#
|
||||
-# This program is distributed in the hope that it will be useful,
|
||||
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
-# GNU General Public License for more details.
|
||||
-#
|
||||
-# You should have received a copy of the GNU General Public License
|
||||
-# along with this program; if not, write to the Free Software
|
||||
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
||||
-# MA 02110-1301 USA
|
||||
-
|
||||
-umask 022
|
||||
-
|
||||
-PATH="/sbin:/usr/sbin:/bin:/usr/bin"
|
||||
-
|
||||
-iscsiadm=/sbin/iscsiadm
|
||||
-
|
||||
-PARENT_PID=$BASHPID
|
||||
-WATCHDOG_TIMEOUT=15
|
||||
-
|
||||
-protocol=""
|
||||
-portal=""
|
||||
-uri=""
|
||||
-osdname=""
|
||||
-systemid=""
|
||||
-
|
||||
-usage()
|
||||
-{
|
||||
- echo "Usage: $0 -u <URI> -o <OSDNAME> -s <SYSTEMID>"
|
||||
- echo "Options:"
|
||||
- echo "-u target uri e.g. iscsi://<ip>:<port>"
|
||||
- echo "-o osdname of the target OSD"
|
||||
- echo "-s systemid of the target OSD"
|
||||
-}
|
||||
-
|
||||
-parse_cmdline()
|
||||
-{
|
||||
- argc=$#
|
||||
- if [ $# -lt 3 ]; then
|
||||
- usage
|
||||
- exit 1
|
||||
- fi
|
||||
-
|
||||
- # parse the input arguments
|
||||
- while getopts "u:o:s:" options; do
|
||||
- case $options in
|
||||
- u ) uri=$OPTARG;;
|
||||
- o ) osdname=$OPTARG;;
|
||||
- s ) systemid=$OPTARG;;
|
||||
- \? ) usage
|
||||
- exit 1;;
|
||||
- * ) usage
|
||||
- exit 1;;
|
||||
- esac
|
||||
- done
|
||||
-
|
||||
- echo "-u : $uri"
|
||||
- echo "-o : $osdname"
|
||||
- echo "-s : $systemid"
|
||||
-
|
||||
- protocol=`echo $uri | awk -F ':' '{print $1}'`
|
||||
- portal=`echo $uri | awk -F '//' '{print $2}'`
|
||||
-}
|
||||
-
|
||||
-watchdog()
|
||||
-{
|
||||
- timeout=$1
|
||||
- portal=$2
|
||||
-
|
||||
- sleep $timeout
|
||||
- if kill -9 $PARENT_PID; then
|
||||
- echo "watchdog : Timed out (>$timeout seconds) while login into $portal" | logger -t "osd_login"
|
||||
- fi
|
||||
- echo "watchdog: exiting .."
|
||||
- exit 2
|
||||
-}
|
||||
-
|
||||
-login_iscsi_osd()
|
||||
-{
|
||||
- echo "login into: $1"
|
||||
- if ! $iscsiadm -m discovery -o nonpersistent -t sendtargets -p $1 --login; then
|
||||
- echo "$iscsiadm -m discovery -t sendtargets -p $1 --login returned error $? !"
|
||||
- sleep 1;
|
||||
- fi
|
||||
-}
|
||||
-
|
||||
-echo "============= osd_login ========="
|
||||
-echo "progname : $0"
|
||||
-parse_cmdline "$@"
|
||||
-echo "protocol: $protocol"
|
||||
-echo "portal: $portal"
|
||||
-
|
||||
-watchdog $WATCHDOG_TIMEOUT $portal &
|
||||
-watchdog_pid=$!
|
||||
-
|
||||
-case $protocol in
|
||||
-iscsi)
|
||||
- login_iscsi_osd $portal |& logger -t "osd_login"
|
||||
- ;;
|
||||
-*)
|
||||
- echo "Error: protocol $protocol not supported !" | logger -t "osd_login"
|
||||
- ;;
|
||||
-esac
|
||||
-
|
||||
-kill -9 $watchdog_pid
|
||||
-exit 0
|
@ -1,12 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/tools/rpcctl/rpcctl.py.orig nfs-utils-2.3.3/tools/rpcctl/rpcctl.py
|
||||
--- nfs-utils-2.3.3/tools/rpcctl/rpcctl.py.orig 2022-06-27 13:22:19.844747880 -0400
|
||||
+++ nfs-utils-2.3.3/tools/rpcctl/rpcctl.py 2022-06-27 13:23:02.168004219 -0400
|
||||
@@ -213,7 +213,7 @@ class RpcClient:
|
||||
def __init__(self, path):
|
||||
self.path = path
|
||||
self.name = path.stem
|
||||
- self.switch = XprtSwitch(path / (path / "switch").readlink(), sep=",")
|
||||
+ self.switch = XprtSwitch(path / os.readlink(path / "switch"), sep=",")
|
||||
|
||||
def __lt__(self, rhs):
|
||||
return self.name < rhs.name
|
@ -1,34 +0,0 @@
|
||||
From 2fdd10bebf395b51e931a10adbdc85f3a3f8a285 Mon Sep 17 00:00:00 2001
|
||||
From: Alice Mitchell <ajmitchell@redhat.com>
|
||||
Date: Thu, 23 Jun 2022 16:04:45 +0100
|
||||
Subject: [PATCH] Remove subparser required option as that was added in py3.7
|
||||
|
||||
---
|
||||
tools/rpcctl/rpcctl.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
|
||||
index d2110ad6..2ac6ede9 100755
|
||||
--- a/tools/rpcctl/rpcctl.py
|
||||
+++ b/tools/rpcctl/rpcctl.py
|
||||
@@ -120,7 +120,7 @@ class Xprt:
|
||||
set = subparser.add_parser("set", help="Change an xprt property")
|
||||
set.add_argument("xprt", metavar="XPRT", nargs=1,
|
||||
help="Name of a specific xprt to modify")
|
||||
- subparser = set.add_subparsers(required=True)
|
||||
+ subparser = set.add_subparsers()
|
||||
online = subparser.add_parser("online", help="Set an xprt online")
|
||||
online.set_defaults(func=Xprt.set_property, property="online")
|
||||
offline = subparser.add_parser("offline", help="Set an xprt offline")
|
||||
@@ -185,7 +185,7 @@ class XprtSwitch:
|
||||
set = subparser.add_parser("set", help="Change an xprt switch property")
|
||||
set.add_argument("switch", metavar="SWITCH", nargs=1,
|
||||
help="Name of a specific xprt switch to modify")
|
||||
- subparser = set.add_subparsers(required=True)
|
||||
+ subparser = set.add_subparsers()
|
||||
dstaddr = subparser.add_parser("dstaddr", help="Change an xprt switch's dstaddr")
|
||||
dstaddr.add_argument("newaddr", metavar="NEWADDR", nargs=1,
|
||||
help="The new address for the xprt switch")
|
||||
--
|
||||
2.36.1
|
||||
|
@ -1,73 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
|
||||
--- nfs-utils-2.3.3/nfs.conf.orig 2019-03-05 10:30:28.100560625 -0500
|
||||
+++ nfs-utils-2.3.3/nfs.conf 2019-03-05 10:35:28.702004199 -0500
|
||||
@@ -64,6 +64,7 @@ use-gss-proxy=1
|
||||
#
|
||||
[sm-notify]
|
||||
# debug=0
|
||||
+# force=0
|
||||
# retry-time=900
|
||||
# outgoing-port=
|
||||
# outgoing-addr=
|
||||
diff -up nfs-utils-2.3.3/utils/statd/sm-notify.c.orig nfs-utils-2.3.3/utils/statd/sm-notify.c
|
||||
--- nfs-utils-2.3.3/utils/statd/sm-notify.c.orig 2019-03-05 10:30:28.070560401 -0500
|
||||
+++ nfs-utils-2.3.3/utils/statd/sm-notify.c 2019-03-05 10:35:28.703004207 -0500
|
||||
@@ -49,6 +49,7 @@
|
||||
#define NLM_END_GRACE_FILE "/proc/fs/lockd/nlm_end_grace"
|
||||
|
||||
int lift_grace = 1;
|
||||
+int force = 0;
|
||||
|
||||
struct nsm_host {
|
||||
struct nsm_host * next;
|
||||
@@ -480,19 +481,10 @@ nsm_lift_grace_period(void)
|
||||
close(fd);
|
||||
return;
|
||||
}
|
||||
-
|
||||
-int
|
||||
-main(int argc, char **argv)
|
||||
+inline static void
|
||||
+read_nfsconf(char **argv)
|
||||
{
|
||||
- int c, sock, force = 0;
|
||||
- char * progname;
|
||||
- char * s;
|
||||
-
|
||||
- progname = strrchr(argv[0], '/');
|
||||
- if (progname != NULL)
|
||||
- progname++;
|
||||
- else
|
||||
- progname = argv[0];
|
||||
+ char *s;
|
||||
|
||||
conf_init_file(NFS_CONFFILE);
|
||||
xlog_from_conffile("sm-notify");
|
||||
@@ -500,10 +492,27 @@ main(int argc, char **argv)
|
||||
opt_srcport = conf_get_str("sm-notify", "outgoing-port");
|
||||
opt_srcaddr = conf_get_str("sm-notify", "outgoing-addr");
|
||||
lift_grace = conf_get_bool("sm-notify", "lift-grace", lift_grace);
|
||||
+
|
||||
s = conf_get_str("statd", "state-directory-path");
|
||||
if (s && !nsm_setup_pathnames(argv[0], s))
|
||||
exit(1);
|
||||
opt_update_state = conf_get_bool("sm-notify", "update-state", opt_update_state);
|
||||
+ force = conf_get_bool("sm-notify", "force", force);
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+main(int argc, char **argv)
|
||||
+{
|
||||
+ int c, sock;
|
||||
+ char * progname;
|
||||
+
|
||||
+ progname = strrchr(argv[0], '/');
|
||||
+ if (progname != NULL)
|
||||
+ progname++;
|
||||
+ else
|
||||
+ progname = argv[0];
|
||||
+
|
||||
+ read_nfsconf(argv);
|
||||
|
||||
while ((c = getopt(argc, argv, "dm:np:v:P:f")) != -1) {
|
||||
switch (c) {
|
@ -1,105 +0,0 @@
|
||||
commit 5394f939b591e65fec37a6bee826c13620d3f39b
|
||||
Author: Justin Mitchell <jumitche@redhat.com>
|
||||
Date: Mon Mar 4 11:53:09 2019 -0500
|
||||
|
||||
Add nfs.conf equivalent for the statd --no-notify cmdline option
|
||||
|
||||
Also cleaned up how nfs.conf is read.
|
||||
|
||||
Signed-off-by: Justin Mitchell <jumitche@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index f1ebfdb..d332375 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -62,6 +62,7 @@
|
||||
# name=
|
||||
# state-directory-path=/var/lib/nfs/statd
|
||||
# ha-callout=
|
||||
+# no-notify=0
|
||||
#
|
||||
[sm-notify]
|
||||
# debug=0
|
||||
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
|
||||
index 2cc6cf3..1467380 100644
|
||||
--- a/utils/statd/statd.c
|
||||
+++ b/utils/statd/statd.c
|
||||
@@ -238,6 +238,39 @@ static void set_nlm_port(char *type, int port)
|
||||
fprintf(stderr, "%s: failed to open %s: %s\n",
|
||||
name_p, pathbuf, strerror(errno));
|
||||
}
|
||||
+int port = 0, out_port = 0;
|
||||
+int nlm_udp = 0, nlm_tcp = 0;
|
||||
+
|
||||
+inline static void
|
||||
+read_nfsconf(char **argv)
|
||||
+{
|
||||
+ char *s;
|
||||
+
|
||||
+ conf_init_file(NFS_CONFFILE);
|
||||
+ xlog_from_conffile("statd");
|
||||
+
|
||||
+ out_port = conf_get_num("statd", "outgoing-port", out_port);
|
||||
+ port = conf_get_num("statd", "port", port);
|
||||
+
|
||||
+ MY_NAME = conf_get_str("statd", "name");
|
||||
+ if (MY_NAME)
|
||||
+ run_mode |= STATIC_HOSTNAME;
|
||||
+
|
||||
+ s = conf_get_str("statd", "state-directory-path");
|
||||
+ if (s && !nsm_setup_pathnames(argv[0], s))
|
||||
+ exit(1);
|
||||
+
|
||||
+ s = conf_get_str("statd", "ha-callout");
|
||||
+ if (s)
|
||||
+ ha_callout_prog = s;
|
||||
+
|
||||
+ nlm_tcp = conf_get_num("lockd", "port", nlm_tcp);
|
||||
+ /* udp defaults to the same as tcp ! */
|
||||
+ nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp);
|
||||
+
|
||||
+ if (conf_get_bool("statd", "no-notify", false))
|
||||
+ run_mode |= MODE_NO_NOTIFY;
|
||||
+}
|
||||
|
||||
/*
|
||||
* Entry routine/main loop.
|
||||
@@ -245,11 +278,8 @@ static void set_nlm_port(char *type, int port)
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
extern char *optarg;
|
||||
- char *s;
|
||||
int pid;
|
||||
int arg;
|
||||
- int port = 0, out_port = 0;
|
||||
- int nlm_udp = 0, nlm_tcp = 0;
|
||||
struct rlimit rlim;
|
||||
int notify_sockfd;
|
||||
char *env;
|
||||
@@ -275,23 +305,8 @@ int main (int argc, char **argv)
|
||||
/* Set hostname */
|
||||
MY_NAME = NULL;
|
||||
|
||||
- conf_init_file(NFS_CONFFILE);
|
||||
- xlog_from_conffile("statd");
|
||||
- out_port = conf_get_num("statd", "outgoing-port", out_port);
|
||||
- port = conf_get_num("statd", "port", port);
|
||||
- MY_NAME = conf_get_str("statd", "name");
|
||||
- if (MY_NAME)
|
||||
- run_mode |= STATIC_HOSTNAME;
|
||||
- s = conf_get_str("statd", "state-directory-path");
|
||||
- if (s && !nsm_setup_pathnames(argv[0], s))
|
||||
- exit(1);
|
||||
- s = conf_get_str("statd", "ha-callout");
|
||||
- if (s)
|
||||
- ha_callout_prog = s;
|
||||
-
|
||||
- nlm_tcp = conf_get_num("lockd", "port", nlm_tcp);
|
||||
- /* udp defaults to the same as tcp ! */
|
||||
- nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp);
|
||||
+ /* Read nfs.conf */
|
||||
+ read_nfsconf(argv);
|
||||
|
||||
/* Process command line switches */
|
||||
while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:LT:U:", longopts, NULL)) != EOF) {
|
@ -1,37 +0,0 @@
|
||||
commit 003000d451833309c963054e58a48fa1df7e767b
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Thu Dec 10 13:13:03 2020 -0500
|
||||
|
||||
exportfs: Ingnore export failures in nfs-server.serivce unit
|
||||
|
||||
With some recent commits, exportfs will continue on trying to
|
||||
export filesystems even when an entry is invalid or does
|
||||
not exist, but will still have a non-zero exit to report
|
||||
the error.
|
||||
|
||||
This situation should not stop the nfs-server service
|
||||
from comingup so nfs-server.service file should
|
||||
ignore these types of failures
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
|
||||
index 06c1adb7..b432f910 100644
|
||||
--- a/systemd/nfs-server.service
|
||||
+++ b/systemd/nfs-server.service
|
||||
@@ -21,13 +21,13 @@ After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
-ExecStartPre=/usr/sbin/exportfs -r
|
||||
+ExecStartPre=-/usr/sbin/exportfs -r
|
||||
ExecStart=/usr/sbin/rpc.nfsd
|
||||
ExecStop=/usr/sbin/rpc.nfsd 0
|
||||
ExecStopPost=/usr/sbin/exportfs -au
|
||||
ExecStopPost=/usr/sbin/exportfs -f
|
||||
|
||||
-ExecReload=/usr/sbin/exportfs -r
|
||||
+ExecReload=-/usr/sbin/exportfs -r
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,13 +0,0 @@
|
||||
diff -up nfs-utils-2.3.3/systemd/rpc-statd.service.orig nfs-utils-2.3.3/systemd/rpc-statd.service
|
||||
--- nfs-utils-2.3.3/systemd/rpc-statd.service.orig 2018-09-06 14:09:08.000000000 -0400
|
||||
+++ nfs-utils-2.3.3/systemd/rpc-statd.service 2022-08-02 11:02:44.327397404 -0400
|
||||
@@ -4,7 +4,8 @@ DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
Requires=nss-lookup.target rpcbind.socket
|
||||
Wants=network-online.target
|
||||
-After=network-online.target nss-lookup.target rpcbind.socket
|
||||
+Wants=rpc-statd-notify.service
|
||||
+After=network-online.target nss-lookup.target rpcbind.service
|
||||
|
||||
PartOf=nfs-utils.service
|
||||
|
14
SOURCES/nfs-utils-2.4.2-systemd-svcgssd.patch
Normal file
14
SOURCES/nfs-utils-2.4.2-systemd-svcgssd.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -up nfs-utils-2.4.2/systemd/auth-rpcgss-module.service.orig nfs-utils-2.4.2/systemd/auth-rpcgss-module.service
|
||||
--- nfs-utils-2.4.2/systemd/auth-rpcgss-module.service.orig 2019-11-13 12:09:41.000000000 -0500
|
||||
+++ nfs-utils-2.4.2/systemd/auth-rpcgss-module.service 2019-12-18 11:32:04.656735515 -0500
|
||||
@@ -7,8 +7,8 @@
|
||||
[Unit]
|
||||
Description=Kernel Module supporting RPCSEC_GSS
|
||||
DefaultDependencies=no
|
||||
-Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
|
||||
-Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
|
||||
+Before=gssproxy.service rpc-gssd.service
|
||||
+Wants=gssproxy.service rpc-gssd.service
|
||||
ConditionPathExists=/etc/krb5.keytab
|
||||
|
||||
[Service]
|
89
SOURCES/nfs-utils-2.5.4-blkmapd-double-free.patch
Normal file
89
SOURCES/nfs-utils-2.5.4-blkmapd-double-free.patch
Normal file
@ -0,0 +1,89 @@
|
||||
commit c1c35487aba2cec828d9b8a1be9043000beadea5
|
||||
Author: Lixiaokeng <lixiaokeng@huawei.com>
|
||||
Date: Mon Oct 24 13:00:50 2022 -0400
|
||||
|
||||
blkmapd: fix coredump in bl_add_disk
|
||||
|
||||
The serial->data is not malloced separately (just part of
|
||||
the serial), so it can't be freed. The bl_serial has its
|
||||
own free function. Use it.
|
||||
|
||||
Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com>
|
||||
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c
|
||||
index 49935c2e..bd890598 100644
|
||||
--- a/utils/blkmapd/device-discovery.c
|
||||
+++ b/utils/blkmapd/device-discovery.c
|
||||
@@ -187,10 +187,7 @@ static void bl_add_disk(char *filepath)
|
||||
}
|
||||
|
||||
if (disk && diskpath) {
|
||||
- if (serial) {
|
||||
- free(serial->data);
|
||||
- free(serial);
|
||||
- }
|
||||
+ bl_free_scsi_string(serial);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -228,10 +225,7 @@ static void bl_add_disk(char *filepath)
|
||||
disk->size = size;
|
||||
disk->valid_path = path;
|
||||
}
|
||||
- if (serial) {
|
||||
- free(serial->data);
|
||||
- free(serial);
|
||||
- }
|
||||
+ bl_free_scsi_string(serial);
|
||||
}
|
||||
return;
|
||||
|
||||
@@ -241,10 +235,7 @@ static void bl_add_disk(char *filepath)
|
||||
free(path->full_path);
|
||||
free(path);
|
||||
}
|
||||
- if (serial) {
|
||||
- free(serial->data);
|
||||
- free(serial);
|
||||
- }
|
||||
+ bl_free_scsi_string(serial);
|
||||
return;
|
||||
}
|
||||
|
||||
diff --git a/utils/blkmapd/device-discovery.h b/utils/blkmapd/device-discovery.h
|
||||
index a86eed99..462aa943 100644
|
||||
--- a/utils/blkmapd/device-discovery.h
|
||||
+++ b/utils/blkmapd/device-discovery.h
|
||||
@@ -151,6 +151,8 @@ uint64_t process_deviceinfo(const char *dev_addr_buf,
|
||||
|
||||
extern ssize_t atomicio(ssize_t(*f) (int, void *, size_t),
|
||||
int fd, void *_s, size_t n);
|
||||
+extern struct bl_serial *bl_create_scsi_string(int len, const char *bytes);
|
||||
+extern void bl_free_scsi_string(struct bl_serial *str);
|
||||
extern struct bl_serial *bldev_read_serial(int fd, const char *filename);
|
||||
extern enum bl_path_state_e bldev_read_ap_state(int fd);
|
||||
extern int bl_discover_devices(void);
|
||||
diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
|
||||
index c7952c3e..9e5749ef 100644
|
||||
--- a/utils/blkmapd/device-inq.c
|
||||
+++ b/utils/blkmapd/device-inq.c
|
||||
@@ -53,7 +53,7 @@
|
||||
#define DEF_ALLOC_LEN 255
|
||||
#define MX_ALLOC_LEN (0xc000 + 0x80)
|
||||
|
||||
-static struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
|
||||
+struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
|
||||
{
|
||||
struct bl_serial *s;
|
||||
|
||||
@@ -66,7 +66,7 @@ static struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
|
||||
return s;
|
||||
}
|
||||
|
||||
-static void bl_free_scsi_string(struct bl_serial *str)
|
||||
+void bl_free_scsi_string(struct bl_serial *str)
|
||||
{
|
||||
if (str)
|
||||
free(str);
|
25
SOURCES/nfs-utils-2.5.4-covscan-return-value.patch
Normal file
25
SOURCES/nfs-utils-2.5.4-covscan-return-value.patch
Normal file
@ -0,0 +1,25 @@
|
||||
diff -up nfs-utils-2.5.4/support/export/client.c.orig nfs-utils-2.5.4/support/export/client.c
|
||||
--- nfs-utils-2.5.4/support/export/client.c.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/support/export/client.c 2023-01-26 11:26:00.279342412 -0500
|
||||
@@ -699,6 +699,9 @@ check_netgroup(const nfs_client *clp, co
|
||||
|
||||
/* check whether the IP itself is in the netgroup */
|
||||
ip = calloc(INET6_ADDRSTRLEN, 1);
|
||||
+ if (ip == NULL)
|
||||
+ goto out;
|
||||
+
|
||||
if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
|
||||
if (innetgr(netgroup, ip, NULL, NULL)) {
|
||||
free(hname);
|
||||
diff -up nfs-utils-2.5.4/tools/nfsrahead/main.c.orig nfs-utils-2.5.4/tools/nfsrahead/main.c
|
||||
--- nfs-utils-2.5.4/tools/nfsrahead/main.c.orig 2023-01-26 11:23:48.941618287 -0500
|
||||
+++ nfs-utils-2.5.4/tools/nfsrahead/main.c 2023-01-26 11:26:00.279342412 -0500
|
||||
@@ -167,7 +167,7 @@ int main(int argc, char **argv)
|
||||
if ((ret = get_device_info(argv[optind], &device)) == 0)
|
||||
break;
|
||||
|
||||
- if (ret != 0) {
|
||||
+ if (ret != 0 || device.fstype == NULL) {
|
||||
xlog(D_GENERAL, "unable to find device %s\n", argv[optind]);
|
||||
goto out;
|
||||
}
|
199
SOURCES/nfs-utils-2.5.4-fix-typos-in-messages.patch
Normal file
199
SOURCES/nfs-utils-2.5.4-fix-typos-in-messages.patch
Normal file
@ -0,0 +1,199 @@
|
||||
diff --git a/support/export/v4root.c b/support/export/v4root.c
|
||||
index c12a7d85..826cc219 100644
|
||||
--- a/support/export/v4root.c
|
||||
+++ b/support/export/v4root.c
|
||||
@@ -135,7 +135,7 @@ v4root_support(void)
|
||||
if (!warned) {
|
||||
xlog(L_WARNING, "Kernel does not have pseudo root support.");
|
||||
xlog(L_WARNING, "NFS v4 mounts will be disabled unless fsid=0");
|
||||
- xlog(L_WARNING, "is specfied in /etc/exports file.");
|
||||
+ xlog(L_WARNING, "is specified in /etc/exports file.");
|
||||
warned++;
|
||||
}
|
||||
return 0;
|
||||
diff --git a/systemd/nfs-blkmap.service b/systemd/nfs-blkmap.service
|
||||
index 6aa45ba1..57181632 100644
|
||||
--- a/systemd/nfs-blkmap.service
|
||||
+++ b/systemd/nfs-blkmap.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=pNFS block layout mapping daemon
|
||||
+Documentation=man:blkmapd(8)
|
||||
DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
After=rpc_pipefs.target
|
||||
diff --git a/systemd/nfs-idmapd.service b/systemd/nfs-idmapd.service
|
||||
index f38fe527..bf6f4ded 100644
|
||||
--- a/systemd/nfs-idmapd.service
|
||||
+++ b/systemd/nfs-idmapd.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=NFSv4 ID-name mapping service
|
||||
+Documentation=man:idmapd(8)
|
||||
DefaultDependencies=no
|
||||
Requires=rpc_pipefs.target
|
||||
After=rpc_pipefs.target local-fs.target
|
||||
diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service
|
||||
index e8ece533..4618fab1 100644
|
||||
--- a/systemd/nfs-mountd.service
|
||||
+++ b/systemd/nfs-mountd.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=NFS Mount Daemon
|
||||
+Documentation=man:rpc.mountd(8)
|
||||
DefaultDependencies=no
|
||||
Requires=proc-fs-nfsd.mount
|
||||
Wants=network-online.target
|
||||
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
|
||||
index 41479169..58bc0917 100644
|
||||
--- a/systemd/nfs-server.service
|
||||
+++ b/systemd/nfs-server.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=NFS server and services
|
||||
+Documentation=man:rpc.nfsd(8) man:exportfs(8)
|
||||
DefaultDependencies=no
|
||||
Requires=network.target proc-fs-nfsd.mount
|
||||
Requires=nfs-mountd.service
|
||||
diff --git a/systemd/nfsdcld.service b/systemd/nfsdcld.service
|
||||
index a32d2430..3ced5658 100644
|
||||
--- a/systemd/nfsdcld.service
|
||||
+++ b/systemd/nfsdcld.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=NFSv4 Client Tracking Daemon
|
||||
+Documentation=man:nfsdcld(8)
|
||||
DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
Requires=rpc_pipefs.target proc-fs-nfsd.mount
|
||||
diff --git a/systemd/rpc-gssd.service.in b/systemd/rpc-gssd.service.in
|
||||
index 6807db35..38382ed3 100644
|
||||
--- a/systemd/rpc-gssd.service.in
|
||||
+++ b/systemd/rpc-gssd.service.in
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=RPC security service for NFS client and server
|
||||
+Documentation=man:rpc.gssd(8)
|
||||
DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
Requires=rpc_pipefs.target
|
||||
diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notify.service
|
||||
index aad4c0d2..962f18b2 100644
|
||||
--- a/systemd/rpc-statd-notify.service
|
||||
+++ b/systemd/rpc-statd-notify.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=Notify NFS peers of a restart
|
||||
+Documentation=man:sm-notify(8) man:rpc.statd(8)
|
||||
DefaultDependencies=no
|
||||
Wants=network-online.target
|
||||
After=local-fs.target network-online.target nss-lookup.target
|
||||
diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
|
||||
index 392750da..660ed861 100644
|
||||
--- a/systemd/rpc-statd.service
|
||||
+++ b/systemd/rpc-statd.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=NFS status monitor for NFSv2/3 locking.
|
||||
+Documentation=man:rpc.statd(8)
|
||||
DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
Requires=nss-lookup.target rpcbind.socket
|
||||
diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service
|
||||
index cb2bcd4f..401fba11 100644
|
||||
--- a/systemd/rpc-svcgssd.service
|
||||
+++ b/systemd/rpc-svcgssd.service
|
||||
@@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=RPC security service for NFS server
|
||||
+Documentation=man:rpc.svcgssd(8)
|
||||
DefaultDependencies=no
|
||||
After=local-fs.target
|
||||
PartOf=nfs-server.service
|
||||
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
|
||||
index 83dd6807..e5fb10f5 100644
|
||||
--- a/utils/exportfs/exports.man
|
||||
+++ b/utils/exportfs/exports.man
|
||||
@@ -298,7 +298,7 @@ set.
|
||||
|
||||
The
|
||||
.I nocrossmnt
|
||||
-option can explictly disable
|
||||
+option can explicitly disable
|
||||
.I crossmnt
|
||||
if it was previously set. This is rarely useful.
|
||||
.TP
|
||||
diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
|
||||
index aa4ac5c3..fd6cb2cb 100644
|
||||
--- a/utils/mount/mount_libmount.c
|
||||
+++ b/utils/mount/mount_libmount.c
|
||||
@@ -442,7 +442,7 @@ int main(int argc, char *argv[])
|
||||
mnt_init_debug(0);
|
||||
cxt = mnt_new_context();
|
||||
if (!cxt) {
|
||||
- nfs_error(_("Can't initilize libmount: %s"),
|
||||
+ nfs_error(_("Can't initialize libmount: %s"),
|
||||
strerror(errno));
|
||||
rc = EX_FAIL;
|
||||
goto done;
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index dfc31a5d..fe1ad354 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -967,7 +967,7 @@ Some server features misbehave in the face of a migration-compatible
|
||||
identification string.
|
||||
The
|
||||
.B nomigration
|
||||
-option retains the use of a traditional client indentification string
|
||||
+option retains the use of a traditional client identification string
|
||||
which is compatible with legacy NFS servers.
|
||||
This is also the behavior if neither option is specified.
|
||||
A client's open and lock state cannot be migrated transparently
|
||||
@@ -1810,7 +1810,7 @@ auxiliary services such as the NLM service can choose
|
||||
any unused port number at random.
|
||||
.P
|
||||
Common firewall configurations block the well-known rpcbind port.
|
||||
-In the absense of an rpcbind service,
|
||||
+In the absence of an rpcbind service,
|
||||
the server administrator fixes the port number
|
||||
of NFS-related services so that the firewall
|
||||
can allow access to specific NFS service ports.
|
||||
diff --git a/utils/mount/nfsmount.conf.man b/utils/mount/nfsmount.conf.man
|
||||
index 73c3e118..7d4a33c9 100644
|
||||
--- a/utils/mount/nfsmount.conf.man
|
||||
+++ b/utils/mount/nfsmount.conf.man
|
||||
@@ -43,7 +43,7 @@ and will be shifted to lower case before being passed to the filesystem.
|
||||
.PP
|
||||
Boolean mount options which do not need an equals sign must be given as
|
||||
.RI \[dq] option =True".
|
||||
-Instead of preceeding such an option with
|
||||
+Instead of preceding such an option with
|
||||
.RB \[dq] no \[dq]
|
||||
its negation must be given as
|
||||
.RI \[dq] option =False".
|
||||
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
|
||||
index 861f1c49..ee6e9dcf 100644
|
||||
--- a/utils/nfsdcld/nfsdcld.man
|
||||
+++ b/utils/nfsdcld/nfsdcld.man
|
||||
@@ -198,7 +198,7 @@ initialize client tracking in the following order: First, the \fBnfsdcld\fR upc
|
||||
the \fBnfsdcltrack\fR usermodehelper upcall. Finally, the legacy client tracking.
|
||||
.PP
|
||||
This daemon should be run as root, as the pipe that it uses to communicate
|
||||
-with the kernel is only accessable by root. The daemon however does drop all
|
||||
+with the kernel is only accessible by root. The daemon however does drop all
|
||||
superuser capabilities after starting. Because of this, the \fIstoragedir\fR
|
||||
should be owned by root, and be readable and writable by owner.
|
||||
.PP
|
||||
diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man
|
||||
index cc24b7a2..3905ba46 100644
|
||||
--- a/utils/nfsdcltrack/nfsdcltrack.man
|
||||
+++ b/utils/nfsdcltrack/nfsdcltrack.man
|
||||
@@ -80,7 +80,7 @@ section. For example:
|
||||
.br
|
||||
storagedir = /shared/nfs/nfsdcltrack
|
||||
.in -5
|
||||
-Debuging to syslog can also be enabled by setting "debug = 1" in this file.
|
||||
+Debugging to syslog can also be enabled by setting "debug = 1" in this file.
|
||||
.SH "LEGACY TRANSITION MECHANISM"
|
||||
.IX Header "LEGACY TRANSITION MECHANISM"
|
||||
The Linux kernel NFSv4 server has historically tracked this information
|
131
SOURCES/nfs-utils-2.5.4-general-memory-fixes.patch
Normal file
131
SOURCES/nfs-utils-2.5.4-general-memory-fixes.patch
Normal file
@ -0,0 +1,131 @@
|
||||
diff --git a/support/nfsidmap/nss.c b/support/nfsidmap/nss.c
|
||||
index 669760b7..0f43076e 100644
|
||||
--- a/support/nfsidmap/nss.c
|
||||
+++ b/support/nfsidmap/nss.c
|
||||
@@ -365,10 +365,8 @@ static int _nss_name_to_gid(char *name, gid_t *gid, int dostrip)
|
||||
out_buf:
|
||||
free(buf);
|
||||
out_name:
|
||||
- if (dostrip)
|
||||
- free(localname);
|
||||
- if (get_reformat_group())
|
||||
- free(ref_name);
|
||||
+ free(localname);
|
||||
+ free(ref_name);
|
||||
out:
|
||||
return err;
|
||||
}
|
||||
diff --git a/support/nfsidmap/regex.c b/support/nfsidmap/regex.c
|
||||
index fdbb2e2f..958b4ac8 100644
|
||||
--- a/support/nfsidmap/regex.c
|
||||
+++ b/support/nfsidmap/regex.c
|
||||
@@ -157,6 +157,7 @@ again:
|
||||
IDMAP_LOG(4, ("regexp_getpwnam: name '%s' mapped to '%s'",
|
||||
name, localname));
|
||||
|
||||
+ free(localname);
|
||||
*err_p = 0;
|
||||
return pw;
|
||||
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index 4113cbab..833d8e01 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -1016,7 +1016,7 @@ read_gss_conf(void)
|
||||
keytabfile = s;
|
||||
s = conf_get_str("gssd", "cred-cache-directory");
|
||||
if (s)
|
||||
- ccachedir = s;
|
||||
+ ccachedir = strdup(s);
|
||||
s = conf_get_str("gssd", "preferred-realm");
|
||||
if (s)
|
||||
preferred_realm = s;
|
||||
@@ -1070,7 +1070,8 @@ main(int argc, char *argv[])
|
||||
keytabfile = optarg;
|
||||
break;
|
||||
case 'd':
|
||||
- ccachedir = optarg;
|
||||
+ free(ccachedir);
|
||||
+ ccachedir = strdup(optarg);
|
||||
break;
|
||||
case 't':
|
||||
context_timeout = atoi(optarg);
|
||||
@@ -1133,7 +1134,6 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
if (ccachedir) {
|
||||
- char *ccachedir_copy;
|
||||
char *ptr;
|
||||
|
||||
for (ptr = ccachedir, i = 2; *ptr; ptr++)
|
||||
@@ -1141,8 +1141,7 @@ main(int argc, char *argv[])
|
||||
i++;
|
||||
|
||||
ccachesearch = malloc(i * sizeof(char *));
|
||||
- ccachedir_copy = strdup(ccachedir);
|
||||
- if (!ccachedir_copy || !ccachesearch) {
|
||||
+ if (!ccachesearch) {
|
||||
printerr(0, "malloc failure\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -1274,6 +1273,7 @@ main(int argc, char *argv[])
|
||||
|
||||
free(preferred_realm);
|
||||
free(ccachesearch);
|
||||
+ free(ccachedir);
|
||||
|
||||
return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
||||
}
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index c5f1152e..6d059f33 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -1129,6 +1129,12 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
|
||||
*str = '\0';
|
||||
*ret_princname = strdup(princstring);
|
||||
*ret_realm = strdup(str+1);
|
||||
+ if (!*ret_princname || !*ret_realm) {
|
||||
+ free(*ret_princname);
|
||||
+ free(*ret_realm);
|
||||
+ *ret_princname = NULL;
|
||||
+ *ret_realm = NULL;
|
||||
+ }
|
||||
}
|
||||
k5_free_unparsed_name(context, princstring);
|
||||
}
|
||||
@@ -1350,15 +1356,19 @@ gssd_get_krb5_machine_cred_list(char ***list)
|
||||
if (retval)
|
||||
continue;
|
||||
if (i + 1 > listsize) {
|
||||
+ char **tmplist;
|
||||
listsize += listinc;
|
||||
- l = (char **)
|
||||
+ tmplist = (char **)
|
||||
realloc(l, listsize * sizeof(char *));
|
||||
- if (l == NULL) {
|
||||
+ if (tmplist == NULL) {
|
||||
+ gssd_free_krb5_machine_cred_list(l);
|
||||
retval = ENOMEM;
|
||||
goto out_lock;
|
||||
}
|
||||
+ l = tmplist;
|
||||
}
|
||||
if ((l[i++] = strdup(ple->ccname)) == NULL) {
|
||||
+ gssd_free_krb5_machine_cred_list(l);
|
||||
retval = ENOMEM;
|
||||
goto out_lock;
|
||||
}
|
||||
diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
|
||||
index 2da97615..752fdb66 100644
|
||||
--- a/utils/mountd/rmtab.c
|
||||
+++ b/utils/mountd/rmtab.c
|
||||
@@ -233,6 +233,9 @@ mountlist_list(void)
|
||||
m->ml_directory = strdup(rep->r_path);
|
||||
|
||||
if (m->ml_hostname == NULL || m->ml_directory == NULL) {
|
||||
+ free(m->ml_hostname);
|
||||
+ free(m->ml_directory);
|
||||
+ free(m);
|
||||
mountlist_freeall(mlist);
|
||||
mlist = NULL;
|
||||
xlog(L_ERROR, "%s: memory allocation failed",
|
251
SOURCES/nfs-utils-2.5.4-gssd-allowed-enctypes.patch
Normal file
251
SOURCES/nfs-utils-2.5.4-gssd-allowed-enctypes.patch
Normal file
@ -0,0 +1,251 @@
|
||||
commit 9b1f860a3457328a08395651d029a454e0303454
|
||||
Author: Scott Mayhew <smayhew@redhat.com>
|
||||
Date: Fri Mar 15 06:34:52 2024 -0400
|
||||
|
||||
gssd: add support for an "allowed-enctypes" option in nfs.conf
|
||||
|
||||
Newer kernels have support for newer krb5 encryption types, AES with
|
||||
SHA2 and Camellia. An NFS client with an "old" kernel can talk to
|
||||
and NFS server with a "new" kernel and it just works. An NFS client
|
||||
with a "new" kernel can talk to an NFS server with an "old" kernel, but
|
||||
that requires some additional configuration (particularly if the NFS
|
||||
server does have support for the newer encryption types in its userspace
|
||||
krb5 libraries) that may be unclear and/or burdensome to the admin.
|
||||
|
||||
1) If the NFS server has support for the newer encryption types in the
|
||||
userspace krb5 libraries, but not in the kernel's RPCSEC_GSS code,
|
||||
then its possible that it also already has "nfs" keys using those
|
||||
newer encryption types in its keytab. In that case, it's necessary
|
||||
to regenerate the "nfs" keys without the newer encryption types.
|
||||
The reason this is necessary is because if the NFS client requests
|
||||
an "nfs" service ticket from the KDC, and the list of enctypes in
|
||||
in that TGS-REQ contains a newer encryption type, and the KDC had
|
||||
previously generated a key for the NFS server using the newer
|
||||
encryption type, then the resulting service ticket in the TGS-REP
|
||||
will be using the newer encryption type and the NFS server will not
|
||||
be able to decrypt it.
|
||||
|
||||
2) It is necessary to either modify the permitted_enctypes field of the
|
||||
krb5.conf or create a custom crypto-policy module (if the
|
||||
crypto-policies package is being used) on the NFS *client* so that it
|
||||
does not include the newer encryption types. The reason this is
|
||||
necessary is because it affects the list of encryption types that
|
||||
will be present in the RPCSEC_GSS_INIT request that the NFS client
|
||||
sends to the NFS server. The kernel on the NFS server cannot not
|
||||
process the request on its own; it has to upcall to gssproxy to do
|
||||
that... and again if the userspace krb5 libraries on the NFS server
|
||||
have support for the newer encryption types, then it will select one
|
||||
of those and the kernel will not be able to import the context when
|
||||
it gets the downcall. Also note that modifying the permitted_enctypes
|
||||
field and/or crypto policy has the side effect of impacting everything
|
||||
krb5 related, not just just NFS.
|
||||
|
||||
So add support for an "allowed-enctypes" field in nfs.conf. This allows
|
||||
the admin to restrict gssd to using a subset of the encryption types
|
||||
that are supported by the kernel and krb5 libraries. This will remove
|
||||
the need for steps 1 & 2 above, and will only affect NFS rather than
|
||||
krb5 as a whole.
|
||||
|
||||
For example, for a "new" NFS client talking to an "old" NFS server, the
|
||||
admin will probably want this in the client's nfs.conf:
|
||||
|
||||
allowed-enctypes=aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
|
||||
|
||||
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 323f072..23b5f7d 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -23,6 +23,7 @@
|
||||
# use-gss-proxy=0
|
||||
# avoid-dns=1
|
||||
# limit-to-legacy-enctypes=0
|
||||
+# allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
|
||||
# context-timeout=0
|
||||
# rpc-timeout=5
|
||||
# keytab-file=/etc/krb5.keytab
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index ca9b326..10c731a 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -1232,6 +1232,12 @@ main(int argc, char *argv[])
|
||||
|
||||
daemon_init(fg);
|
||||
|
||||
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
+ rc = get_allowed_enctypes();
|
||||
+ if (rc)
|
||||
+ exit(EXIT_FAILURE);
|
||||
+#endif
|
||||
+
|
||||
if (gssd_check_mechs() != 0)
|
||||
errx(1, "Problem with gssapi library");
|
||||
|
||||
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
|
||||
index 2a5384d..c735eff 100644
|
||||
--- a/utils/gssd/gssd.man
|
||||
+++ b/utils/gssd/gssd.man
|
||||
@@ -346,6 +346,15 @@ flag.
|
||||
Equivalent to
|
||||
.BR -l .
|
||||
.TP
|
||||
+.B allowed-enctypes
|
||||
+Allows you to restrict
|
||||
+.B rpc.gssd
|
||||
+to using a subset of the encryption types permitted by the kernel and the krb5
|
||||
+libraries. This is useful if you need to interoperate with an NFS server that
|
||||
+does not have support for the newer SHA2 and Camellia encryption types, for
|
||||
+example. This configuration file option does not have an equivalent
|
||||
+command-line option.
|
||||
+.TP
|
||||
.B context-timeout
|
||||
Equivalent to
|
||||
.BR -t .
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index 6f66ef4..57b3cf8 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -129,6 +129,7 @@
|
||||
#include "err_util.h"
|
||||
#include "gss_util.h"
|
||||
#include "krb5_util.h"
|
||||
+#include "conffile.h"
|
||||
|
||||
/*
|
||||
* List of principals from our keytab that we
|
||||
@@ -155,6 +156,8 @@ static pthread_mutex_t ple_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
int limit_to_legacy_enctypes = 0;
|
||||
+krb5_enctype *allowed_enctypes = NULL;
|
||||
+int num_allowed_enctypes = 0;
|
||||
#endif
|
||||
|
||||
/*==========================*/
|
||||
@@ -1596,6 +1599,68 @@ out_cred:
|
||||
}
|
||||
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
+int
|
||||
+get_allowed_enctypes(void)
|
||||
+{
|
||||
+ struct conf_list *allowed_etypes = NULL;
|
||||
+ struct conf_list_node *node;
|
||||
+ char *buf = NULL, *old = NULL;
|
||||
+ int len, ret = 0;
|
||||
+
|
||||
+ allowed_etypes = conf_get_list("gssd", "allowed-enctypes");
|
||||
+ if (allowed_etypes) {
|
||||
+ TAILQ_FOREACH(node, &(allowed_etypes->fields), link) {
|
||||
+ allowed_enctypes = realloc(allowed_enctypes,
|
||||
+ (num_allowed_enctypes + 1) *
|
||||
+ sizeof(*allowed_enctypes));
|
||||
+ if (allowed_enctypes == NULL) {
|
||||
+ ret = ENOMEM;
|
||||
+ goto out_err;
|
||||
+ }
|
||||
+ ret = krb5_string_to_enctype(node->field,
|
||||
+ &allowed_enctypes[num_allowed_enctypes]);
|
||||
+ if (ret) {
|
||||
+ printerr(0, "%s: invalid enctype %s",
|
||||
+ __func__, node->field);
|
||||
+ goto out_err;
|
||||
+ }
|
||||
+ if (get_verbosity() > 1) {
|
||||
+ if (buf == NULL) {
|
||||
+ len = asprintf(&buf, "%s(%d)", node->field,
|
||||
+ allowed_enctypes[num_allowed_enctypes]);
|
||||
+ if (len < 0) {
|
||||
+ ret = ENOMEM;
|
||||
+ goto out_err;
|
||||
+ }
|
||||
+ } else {
|
||||
+ old = buf;
|
||||
+ len = asprintf(&buf, "%s,%s(%d)", old, node->field,
|
||||
+ allowed_enctypes[num_allowed_enctypes]);
|
||||
+ if (len < 0) {
|
||||
+ ret = ENOMEM;
|
||||
+ goto out_err;
|
||||
+ }
|
||||
+ free(old);
|
||||
+ old = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ num_allowed_enctypes++;
|
||||
+ }
|
||||
+ printerr(2, "%s: allowed_enctypes = %s", __func__, buf);
|
||||
+ }
|
||||
+ goto out;
|
||||
+out_err:
|
||||
+ num_allowed_enctypes = 0;
|
||||
+ free(allowed_enctypes);
|
||||
+out:
|
||||
+ free(buf);
|
||||
+ if (old != buf)
|
||||
+ free(old);
|
||||
+ if (allowed_etypes)
|
||||
+ conf_free_list(allowed_etypes);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* this routine obtains a credentials handle via gss_acquire_cred()
|
||||
* then calls gss_krb5_set_allowable_enctypes() to limit the encryption
|
||||
@@ -1619,6 +1684,10 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
|
||||
int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
|
||||
extern int num_krb5_enctypes;
|
||||
extern krb5_enctype *krb5_enctypes;
|
||||
+ extern int num_allowed_enctypes;
|
||||
+ extern krb5_enctype *allowed_enctypes;
|
||||
+ int num_set_enctypes;
|
||||
+ krb5_enctype *set_enctypes;
|
||||
int err = -1;
|
||||
|
||||
if (sec->cred == GSS_C_NO_CREDENTIAL) {
|
||||
@@ -1631,12 +1700,26 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
|
||||
* If we failed for any reason to produce global
|
||||
* list of supported enctypes, use local default here.
|
||||
*/
|
||||
- if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
|
||||
- maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
|
||||
- &krb5oid, num_enctypes, enctypes);
|
||||
- else
|
||||
- maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
|
||||
- &krb5oid, num_krb5_enctypes, krb5_enctypes);
|
||||
+ if (krb5_enctypes == NULL || limit_to_legacy_enctypes ||
|
||||
+ allowed_enctypes) {
|
||||
+ if (allowed_enctypes) {
|
||||
+ printerr(2, "%s: using allowed enctypes from config\n",
|
||||
+ __func__);
|
||||
+ num_set_enctypes = num_allowed_enctypes;
|
||||
+ set_enctypes = allowed_enctypes;
|
||||
+ } else {
|
||||
+ printerr(2, "%s: using legacy enctypes\n", __func__);
|
||||
+ num_set_enctypes = num_enctypes;
|
||||
+ set_enctypes = enctypes;
|
||||
+ }
|
||||
+ } else {
|
||||
+ printerr(2, "%s: using enctypes from the kernel\n", __func__);
|
||||
+ num_set_enctypes = num_krb5_enctypes;
|
||||
+ set_enctypes = krb5_enctypes;
|
||||
+ }
|
||||
+
|
||||
+ maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
|
||||
+ &krb5oid, num_set_enctypes, set_enctypes);
|
||||
|
||||
if (maj_stat != GSS_S_COMPLETE) {
|
||||
pgsserr("gss_set_allowable_enctypes",
|
||||
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
||||
index 7ef8701..40ad323 100644
|
||||
--- a/utils/gssd/krb5_util.h
|
||||
+++ b/utils/gssd/krb5_util.h
|
||||
@@ -27,6 +27,7 @@ int gssd_k5_remove_bad_service_cred(char *srvname);
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
extern int limit_to_legacy_enctypes;
|
||||
int limit_krb5_enctypes(struct rpc_gss_sec *sec);
|
||||
+int get_allowed_enctypes(void);
|
||||
#endif
|
||||
|
||||
/*
|
239
SOURCES/nfs-utils-2.5.4-gssd-bad-integ-error-support.patch
Normal file
239
SOURCES/nfs-utils-2.5.4-gssd-bad-integ-error-support.patch
Normal file
@ -0,0 +1,239 @@
|
||||
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
|
||||
index 27368ff2..4379b14d 100644
|
||||
--- a/aclocal/libtirpc.m4
|
||||
+++ b/aclocal/libtirpc.m4
|
||||
@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
|
||||
[Define to 1 if your tirpc library provides libtirpc_set_debug])],,
|
||||
[${LIBS}])])
|
||||
|
||||
+ AS_IF([test -n "${LIBTIRPC}"],
|
||||
+ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
|
||||
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
|
||||
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
|
||||
+ [${LIBS}])])
|
||||
AC_SUBST([AM_CPPFLAGS])
|
||||
AC_SUBST(LIBTIRPC)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index ae568f15..7629de0b 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -70,6 +70,9 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <syscall.h>
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+#include <rpc/rpcsec_gss.h>
|
||||
+#endif
|
||||
|
||||
#include "gssd.h"
|
||||
#include "err_util.h"
|
||||
@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
struct timeval timeout;
|
||||
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
|
||||
socklen_t salen;
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ rpc_gss_options_req_t req;
|
||||
+ rpc_gss_options_ret_t ret;
|
||||
+ char mechanism[] = "kerberos_v5";
|
||||
+#endif
|
||||
pthread_t tid = pthread_self();
|
||||
|
||||
sec.qop = GSS_C_QOP_DEFAULT;
|
||||
@@ -410,15 +418,43 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
|
||||
printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
|
||||
tid, tgtname);
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ memset(&req, 0, sizeof(req));
|
||||
+ req.my_cred = sec.cred;
|
||||
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
|
||||
+ rpcsec_gss_svc_none, NULL, &req, &ret);
|
||||
+#else
|
||||
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
|
||||
+#endif
|
||||
if (!auth) {
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
|
||||
+ printerr(2, "WARNING: server=%s failed context "
|
||||
+ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
|
||||
+ clp->servername);
|
||||
+ if (cred == GSS_C_NO_CREDENTIAL)
|
||||
+ retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
+ "*", NULL, 1);
|
||||
+ else
|
||||
+ retval = gssd_k5_remove_bad_service_cred(clp->servername);
|
||||
+ if (!retval) {
|
||||
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname,
|
||||
+ mechanism, rpcsec_gss_svc_none,
|
||||
+ NULL, &req, &ret);
|
||||
+ if (auth)
|
||||
+ goto success;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
/* Our caller should print appropriate message */
|
||||
printerr(2, "WARNING: Failed to create krb5 context for "
|
||||
"user with uid %d for server %s\n",
|
||||
uid, tgtname);
|
||||
goto out_fail;
|
||||
}
|
||||
-
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+success:
|
||||
+#endif
|
||||
/* Success !!! */
|
||||
rpc_clnt->cl_auth = auth;
|
||||
*clnt_return = rpc_clnt;
|
||||
@@ -571,7 +607,7 @@ krb5_use_machine_creds(struct clnt_info *clp, uid_t uid,
|
||||
|
||||
do {
|
||||
gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
- service, srchost);
|
||||
+ service, srchost, 0);
|
||||
/*
|
||||
* Get a list of credential cache names and try each
|
||||
* of them until one works or we've tried them all
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index e3f270e9..6f66ef4f 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -165,7 +165,7 @@ static int select_krb5_ccache(const struct dirent *d);
|
||||
static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
|
||||
const char **cctype, struct dirent **d);
|
||||
static int gssd_get_single_krb5_cred(krb5_context context,
|
||||
- krb5_keytab kt, struct gssd_k5_kt_princ *ple);
|
||||
+ krb5_keytab kt, struct gssd_k5_kt_princ *ple, int force_renew);
|
||||
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
|
||||
char **ret_realm);
|
||||
|
||||
@@ -391,7 +391,8 @@ gssd_check_if_cc_exists(struct gssd_k5_kt_princ *ple)
|
||||
static int
|
||||
gssd_get_single_krb5_cred(krb5_context context,
|
||||
krb5_keytab kt,
|
||||
- struct gssd_k5_kt_princ *ple)
|
||||
+ struct gssd_k5_kt_princ *ple,
|
||||
+ int force_renew)
|
||||
{
|
||||
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS
|
||||
krb5_get_init_creds_opt *init_opts = NULL;
|
||||
@@ -421,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
|
||||
*/
|
||||
now += 300;
|
||||
pthread_mutex_lock(&ple_lock);
|
||||
- if (ple->ccname && ple->endtime > now && !nocache) {
|
||||
+ if (ple->ccname && ple->endtime > now && !nocache && !force_renew) {
|
||||
printerr(3, "%s(0x%lx): Credentials in CC '%s' are good until %s",
|
||||
__func__, tid, ple->ccname, ctime((time_t *)&ple->endtime));
|
||||
code = 0;
|
||||
@@ -1155,7 +1156,8 @@ err_cache:
|
||||
static int
|
||||
gssd_refresh_krb5_machine_credential_internal(char *hostname,
|
||||
struct gssd_k5_kt_princ *ple,
|
||||
- char *service, char *srchost)
|
||||
+ char *service, char *srchost,
|
||||
+ int force_renew)
|
||||
{
|
||||
krb5_error_code code = 0;
|
||||
krb5_context context;
|
||||
@@ -1221,7 +1223,7 @@ gssd_refresh_krb5_machine_credential_internal(char *hostname,
|
||||
goto out_free_kt;
|
||||
}
|
||||
}
|
||||
- retval = gssd_get_single_krb5_cred(context, kt, ple);
|
||||
+ retval = gssd_get_single_krb5_cred(context, kt, ple, force_renew);
|
||||
out_free_kt:
|
||||
krb5_kt_close(context, kt);
|
||||
out_free_context:
|
||||
@@ -1344,7 +1346,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
|
||||
pthread_mutex_unlock(&ple_lock);
|
||||
/* Make sure cred is up-to-date before returning it */
|
||||
retval = gssd_refresh_krb5_machine_credential_internal(NULL, ple,
|
||||
- NULL, NULL);
|
||||
+ NULL, NULL, 0);
|
||||
pthread_mutex_lock(&ple_lock);
|
||||
if (gssd_k5_kt_princ_list == NULL) {
|
||||
/* Looks like we did shutdown... abort */
|
||||
@@ -1456,10 +1458,12 @@ gssd_destroy_krb5_principals(int destroy_machine_creds)
|
||||
*/
|
||||
int
|
||||
gssd_refresh_krb5_machine_credential(char *hostname,
|
||||
- char *service, char *srchost)
|
||||
+ char *service, char *srchost,
|
||||
+ int force_renew)
|
||||
{
|
||||
return gssd_refresh_krb5_machine_credential_internal(hostname, NULL,
|
||||
- service, srchost);
|
||||
+ service, srchost,
|
||||
+ force_renew);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1549,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* Removed a service ticket for nfs/<name> from the ticket cache
|
||||
+ */
|
||||
+int
|
||||
+gssd_k5_remove_bad_service_cred(char *name)
|
||||
+{
|
||||
+ krb5_creds in_creds, out_creds;
|
||||
+ krb5_error_code ret;
|
||||
+ krb5_context context;
|
||||
+ krb5_ccache cache;
|
||||
+ krb5_principal principal;
|
||||
+ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
|
||||
+ char srvname[1024];
|
||||
+
|
||||
+ ret = krb5_init_context(&context);
|
||||
+ if (ret)
|
||||
+ goto out_cred;
|
||||
+ ret = krb5_cc_default(context, &cache);
|
||||
+ if (ret)
|
||||
+ goto out_free_context;
|
||||
+ ret = krb5_cc_get_principal(context, cache, &principal);
|
||||
+ if (ret)
|
||||
+ goto out_close_cache;
|
||||
+ memset(&in_creds, 0, sizeof(in_creds));
|
||||
+ in_creds.client = principal;
|
||||
+ sprintf(srvname, "nfs/%s", name);
|
||||
+ ret = krb5_parse_name(context, srvname, &in_creds.server);
|
||||
+ if (ret)
|
||||
+ goto out_free_principal;
|
||||
+ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
|
||||
+ if (ret)
|
||||
+ goto out_free_principal;
|
||||
+ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
|
||||
+out_free_principal:
|
||||
+ krb5_free_principal(context, principal);
|
||||
+out_close_cache:
|
||||
+ krb5_cc_close(context, cache);
|
||||
+out_free_context:
|
||||
+ krb5_free_context(context);
|
||||
+out_cred:
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
/*
|
||||
* this routine obtains a credentials handle via gss_acquire_cred()
|
||||
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
||||
index 2415205a..7ef87018 100644
|
||||
--- a/utils/gssd/krb5_util.h
|
||||
+++ b/utils/gssd/krb5_util.h
|
||||
@@ -16,11 +16,13 @@ int gssd_get_krb5_machine_cred_list(char ***list);
|
||||
void gssd_free_krb5_machine_cred_list(char **list);
|
||||
void gssd_destroy_krb5_principals(int destroy_machine_creds);
|
||||
int gssd_refresh_krb5_machine_credential(char *hostname,
|
||||
- char *service, char *srchost);
|
||||
+ char *service, char *srchost,
|
||||
+ int force_renew);
|
||||
char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
|
||||
void gssd_k5_get_default_realm(char **def_realm);
|
||||
|
||||
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
|
||||
+int gssd_k5_remove_bad_service_cred(char *srvname);
|
||||
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
extern int limit_to_legacy_enctypes;
|
33
SOURCES/nfs-utils-2.5.4-gssd-debug-msg.patch
Normal file
33
SOURCES/nfs-utils-2.5.4-gssd-debug-msg.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit cfe41d6f06af0e7744c1ca30503f93d28aca4d8b
|
||||
Author: NeilBrown <neilb@suse.de>
|
||||
Date: Tue Sep 21 12:47:10 2021 -0400
|
||||
|
||||
gssd: fix crash in debug message.
|
||||
|
||||
A recent cleanup of debug messages added func and tid format specifiers
|
||||
to a debug message (when full hostname was different), but the func name
|
||||
and tid were NOT added as arguments.
|
||||
|
||||
Consequently there weren't enough args, random bytes of the stack were
|
||||
interpreted as a pointer, and rpc.gssd crashed (when -v was specified).
|
||||
|
||||
Fixes: b538862a5135 ("gssd: Cleaned up debug messages")
|
||||
Reviewed-by: Petr Vorel <pvorel@suse.cz>
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index 6d059f33..e3f270e9 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -673,8 +673,8 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
|
||||
*c = tolower(*c);
|
||||
|
||||
if (get_verbosity() && strcmp(inhost, outhost))
|
||||
- printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
|
||||
- inhost, outhost);
|
||||
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost '%s'\n",
|
||||
+ __func__, tid, inhost, outhost);
|
||||
|
||||
retval = 0;
|
||||
out:
|
110
SOURCES/nfs-utils-2.5.4-gssd-dns-failure.patch
Normal file
110
SOURCES/nfs-utils-2.5.4-gssd-dns-failure.patch
Normal file
@ -0,0 +1,110 @@
|
||||
commit 75b04a9bff709a49f55326b439851822dd630be6
|
||||
Author: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon Oct 16 11:45:54 2023 -0400
|
||||
|
||||
gssd: fix handling DNS lookup failure
|
||||
|
||||
When the kernel does its first ever lookup for a given server ip it
|
||||
sends down info for server, protocol, etc. On the gssd side as it
|
||||
scans the pipefs structure and sees a new entry it reads that info
|
||||
and creates a clp_info structure. At that time it also does
|
||||
a DNS lookup of the provided ip to name using getnameinfo(),
|
||||
this is saved in clp->servername for all other upcalls that is
|
||||
down under that directory.
|
||||
|
||||
If this 1st getnameinfo() results in a failed resolution for
|
||||
whatever reason (a temporary DNS resolution problem), this cause
|
||||
of all other future upcalls to fail.
|
||||
|
||||
As a fix, this patch proposed to (1) save the server info that's
|
||||
passed only in the initial pipefs new entry creation in the
|
||||
clp_info structure, then (2) for the upcalls, if clp->servername
|
||||
is NULL, then do the DNS lookup again and set all the needed
|
||||
clp_info fields upon successful resolution.
|
||||
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index 833d8e0..ca9b326 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -365,6 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
|
||||
|
||||
fail:
|
||||
printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
|
||||
+ clp->upcall_address = strdup(address);
|
||||
+ clp->upcall_port = strdup(port);
|
||||
+ clp->upcall_program = program;
|
||||
+ clp->upcall_vers = version;
|
||||
+ clp->upcall_protoname = strdup(protoname);
|
||||
+ clp->upcall_service = strdup(service);
|
||||
free(servername);
|
||||
free(protoname);
|
||||
clp->servicename = NULL;
|
||||
@@ -408,6 +414,16 @@ gssd_free_client(struct clnt_info *clp)
|
||||
free(clp->servicename);
|
||||
free(clp->servername);
|
||||
free(clp->protocol);
|
||||
+ if (!clp->servername) {
|
||||
+ if (clp->upcall_address)
|
||||
+ free(clp->upcall_address);
|
||||
+ if (clp->upcall_port)
|
||||
+ free(clp->upcall_port);
|
||||
+ if (clp->upcall_protoname)
|
||||
+ free(clp->upcall_protoname);
|
||||
+ if (clp->upcall_service)
|
||||
+ free(clp->upcall_service);
|
||||
+ }
|
||||
free(clp);
|
||||
}
|
||||
|
||||
@@ -446,6 +462,31 @@ gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
|
||||
{
|
||||
struct clnt_info *clp = data;
|
||||
|
||||
+ /* if there was a failure to translate IP to name for this server,
|
||||
+ * try again
|
||||
+ */
|
||||
+ if (!clp->servername) {
|
||||
+ if (!gssd_addrstr_to_sockaddr((struct sockaddr *)&clp->addr,
|
||||
+ clp->upcall_address, clp->upcall_port ?
|
||||
+ clp->upcall_port : "")) {
|
||||
+ goto do_upcall;
|
||||
+ }
|
||||
+ clp->servername = gssd_get_servername(clp->upcall_address,
|
||||
+ (struct sockaddr *)&clp->addr, clp->upcall_address);
|
||||
+ if (!clp->servername)
|
||||
+ goto do_upcall;
|
||||
+
|
||||
+ if (asprintf(&clp->servicename, "%s@%s", clp->upcall_service,
|
||||
+ clp->servername) < 0) {
|
||||
+ free(clp->servername);
|
||||
+ clp->servername = NULL;
|
||||
+ goto do_upcall;
|
||||
+ }
|
||||
+ clp->prog = clp->upcall_program;
|
||||
+ clp->vers = clp->upcall_vers;
|
||||
+ clp->protocol = strdup(clp->upcall_protoname);
|
||||
+ }
|
||||
+do_upcall:
|
||||
handle_gssd_upcall(clp);
|
||||
}
|
||||
|
||||
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
|
||||
index 519dc43..4e070ed 100644
|
||||
--- a/utils/gssd/gssd.h
|
||||
+++ b/utils/gssd/gssd.h
|
||||
@@ -86,6 +86,12 @@ struct clnt_info {
|
||||
int gssd_fd;
|
||||
struct event *gssd_ev;
|
||||
struct sockaddr_storage addr;
|
||||
+ char *upcall_address;
|
||||
+ char *upcall_port;
|
||||
+ int upcall_program;
|
||||
+ int upcall_vers;
|
||||
+ char *upcall_protoname;
|
||||
+ char *upcall_service;
|
||||
};
|
||||
|
||||
struct clnt_upcall_info {
|
32
SOURCES/nfs-utils-2.5.4-gssd-segfault.patch
Normal file
32
SOURCES/nfs-utils-2.5.4-gssd-segfault.patch
Normal file
@ -0,0 +1,32 @@
|
||||
commit 92995e0d38dc00e930c562cf936220f83c09d082
|
||||
Author: Paulo Andrade <pandrade@redhat.com>
|
||||
Date: Tue Jul 23 12:03:30 2024 -0400
|
||||
|
||||
rpc-gssd.service has status failed (due to rpc.gssd segfault)
|
||||
|
||||
Ensure strings are not NULL before doing a strdup() in error path.
|
||||
|
||||
Fixes: https://issues.redhat.com/browse/RHEL-43286
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
|
||||
index d7a28225..01ce7d18 100644
|
||||
--- a/utils/gssd/gssd.c
|
||||
+++ b/utils/gssd/gssd.c
|
||||
@@ -365,12 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
|
||||
|
||||
fail:
|
||||
printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
|
||||
- clp->upcall_address = strdup(address);
|
||||
- clp->upcall_port = strdup(port);
|
||||
+ clp->upcall_address = address ? strdup(address) : NULL;
|
||||
+ clp->upcall_port = port ? strdup(port) : NULL;
|
||||
clp->upcall_program = program;
|
||||
clp->upcall_vers = version;
|
||||
- clp->upcall_protoname = strdup(protoname);
|
||||
- clp->upcall_service = strdup(service);
|
||||
+ clp->upcall_protoname = protoname ? strdup(protoname) : NULL;
|
||||
+ clp->upcall_service = service ? strdup(service) : NULL;
|
||||
free(servername);
|
||||
free(protoname);
|
||||
clp->servicename = NULL;
|
69
SOURCES/nfs-utils-2.5.4-juncs-automount.patch
Normal file
69
SOURCES/nfs-utils-2.5.4-juncs-automount.patch
Normal file
@ -0,0 +1,69 @@
|
||||
commit cdbef4e97a1cbc68cbaf16ba57d71858d2c69973
|
||||
Author: Jeff Layton <jlayton@kernel.org>
|
||||
Date: Tue Jan 10 09:37:25 2023 -0500
|
||||
|
||||
nfs-utils: Don't allow junction tests to trigger automounts
|
||||
|
||||
JianHong reported some strange behavior with automounts on an nfs server
|
||||
without an explicit pseudoroot. When clients issued a readdir in the
|
||||
pseudoroot, automounted directories that were not yet mounted would show
|
||||
up even if they weren't exported, though the clients wouldn't be able to
|
||||
do anything with them.
|
||||
|
||||
The issue was that triggering the automount on a directory would cause
|
||||
the mountd upcall to time out, which would cause nfsd to include the
|
||||
automounted dentry in the readdir response. Eventually, the automount
|
||||
would work and report that it wasn't exported and subsequent attempts to
|
||||
access the dentry would (properly) fail.
|
||||
|
||||
We never want mountd to trigger an automount. The kernel should do that
|
||||
if it wants to use it. Change the junction checks to do an O_PATH open
|
||||
and use fstatat with AT_NO_AUTOMOUNT.
|
||||
|
||||
Cc: Chuck Lever <chuck.lever@oracle.com>
|
||||
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
|
||||
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
|
||||
Reported-by: JianHong Yin <jiyin@redhat.com>
|
||||
Signed-off-by: Jeff Layton <jlayton@kernel.org>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/support/junction/junction.c b/support/junction/junction.c
|
||||
index 41cce26..0628bb0 100644
|
||||
--- a/support/junction/junction.c
|
||||
+++ b/support/junction/junction.c
|
||||
@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
- if (fstat(fd, &stb) == -1) {
|
||||
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||
__func__, path);
|
||||
return FEDFS_ERR_ACCESS;
|
||||
@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
- if (fstat(fd, &stb) == -1) {
|
||||
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||
__func__, path);
|
||||
return FEDFS_ERR_ACCESS;
|
||||
@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
- if (fstat(fd, &stb) == -1) {
|
||||
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||
__func__, path);
|
||||
return FEDFS_ERR_ACCESS;
|
||||
@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
|
||||
if (retval != FEDFS_OK)
|
||||
return retval;
|
||||
|
||||
- if (fstat(fd, &stb) == -1) {
|
||||
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
|
||||
xlog(D_GENERAL, "%s: failed to stat %s: %m",
|
||||
__func__, pathname);
|
||||
(void)close(fd);
|
23
SOURCES/nfs-utils-2.5.4-man-nfsconf.patch
Normal file
23
SOURCES/nfs-utils-2.5.4-man-nfsconf.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff -up nfs-utils-2.5.4/systemd/nfs.conf.man.orig nfs-utils-2.5.4/systemd/nfs.conf.man
|
||||
--- nfs-utils-2.5.4/systemd/nfs.conf.man.orig 2023-06-06 09:51:19.931377748 -0400
|
||||
+++ nfs-utils-2.5.4/systemd/nfs.conf.man 2023-06-06 11:21:47.490616649 -0400
|
||||
@@ -131,8 +131,9 @@ but on the server, this will resolve to
|
||||
.TP
|
||||
.B exportd
|
||||
Recognized values:
|
||||
+.BR manage-gids ,
|
||||
.BR threads ,
|
||||
-.BR cache-use-upaddr ,
|
||||
+.BR cache-use-ipaddr ,
|
||||
.BR ttl ,
|
||||
.BR state-directory-path
|
||||
|
||||
@@ -197,7 +198,7 @@ Recognized values:
|
||||
.BR port ,
|
||||
.BR threads ,
|
||||
.BR reverse-lookup ,
|
||||
-.BR cache-use-upaddr ,
|
||||
+.BR cache-use-ipaddr ,
|
||||
.BR ttl ,
|
||||
.BR state-directory-path ,
|
||||
.BR ha-callout .
|
32
SOURCES/nfs-utils-2.5.4-mount-ebusy.patch
Normal file
32
SOURCES/nfs-utils-2.5.4-mount-ebusy.patch
Normal file
@ -0,0 +1,32 @@
|
||||
commit c547ad481dca5bc0b0a2e365ebcff3439848f664
|
||||
Author: Rohan Sable <rsable@redhat.com>
|
||||
Date: Mon Feb 14 11:15:22 2022 -0500
|
||||
|
||||
mount.nfs Fix error reporting for already mounted shares
|
||||
|
||||
When mount is triggered for an already mounted
|
||||
share (using auto negotiation), it displays
|
||||
"mount.nfs: Protocol not supported" or
|
||||
"mount.nfs: access denied by server while mounting"
|
||||
instead of EBUSY. This easily causes confusion if
|
||||
the mount was not tried verbose :
|
||||
|
||||
Signed-off-by: Rohan Sable <rsable@redhat.com>
|
||||
Signed-off-by: Yongcheng Yang <yoyang@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
|
||||
index 3c4e218a..573df6ee 100644
|
||||
--- a/utils/mount/stropts.c
|
||||
+++ b/utils/mount/stropts.c
|
||||
@@ -973,7 +973,9 @@ fall_back:
|
||||
if ((result = nfs_try_mount_v3v2(mi, FALSE)))
|
||||
return result;
|
||||
|
||||
- errno = olderrno;
|
||||
+ if (errno != EBUSY && errno != EACCES)
|
||||
+ errno = olderrno;
|
||||
+
|
||||
return result;
|
||||
}
|
||||
|
30
SOURCES/nfs-utils-2.5.4-mount-mountconf-typo.patch
Normal file
30
SOURCES/nfs-utils-2.5.4-mount-mountconf-typo.patch
Normal file
@ -0,0 +1,30 @@
|
||||
commit 608591ddf1ee59c4dda82ceca3f27c90486c5618
|
||||
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Date: Wed Apr 5 12:11:53 2023 -0400
|
||||
|
||||
nfsmount.conf: Fix typo of the attribute name
|
||||
|
||||
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfsmount.conf b/utils/mount/nfsmount.conf
|
||||
index 342063f..c498eb8 100644
|
||||
--- a/utils/mount/nfsmount.conf
|
||||
+++ b/utils/mount/nfsmount.conf
|
||||
@@ -59,13 +59,13 @@
|
||||
# acregmin=30
|
||||
#
|
||||
# The Maximum time (in seconds) file attributes are cached
|
||||
-# acregmin=60
|
||||
+# acregmax=60
|
||||
#
|
||||
# The minimum time (in seconds) directory attributes are cached
|
||||
-# acregmin=30
|
||||
+# acdirmin=30
|
||||
#
|
||||
# The Maximum time (in seconds) directory attributes are cached
|
||||
-# acregmin=60
|
||||
+# acdirmax=60
|
||||
#
|
||||
# Enable Access Control Lists
|
||||
# Acl=False
|
253
SOURCES/nfs-utils-2.5.4-mount-nov2.patch
Normal file
253
SOURCES/nfs-utils-2.5.4-mount-nov2.patch
Normal file
@ -0,0 +1,253 @@
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 8c714ff7..21d3e7b2 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -68,7 +68,6 @@
|
||||
# lease-time=90
|
||||
# udp=n
|
||||
# tcp=y
|
||||
-# vers2=n
|
||||
# vers3=y
|
||||
# vers4=y
|
||||
# vers4.0=y
|
||||
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
|
||||
index 4436a38a..be487a11 100644
|
||||
--- a/systemd/nfs.conf.man
|
||||
+++ b/systemd/nfs.conf.man
|
||||
@@ -171,7 +171,6 @@ Recognized values:
|
||||
.BR lease-time ,
|
||||
.BR udp ,
|
||||
.BR tcp ,
|
||||
-.BR vers2 ,
|
||||
.BR vers3 ,
|
||||
.BR vers4 ,
|
||||
.BR vers4.0 ,
|
||||
diff --git a/utils/mount/configfile.c b/utils/mount/configfile.c
|
||||
index 3d3684ef..1d88cbfc 100644
|
||||
--- a/utils/mount/configfile.c
|
||||
+++ b/utils/mount/configfile.c
|
||||
@@ -71,7 +71,7 @@ struct mnt_alias {
|
||||
int mnt_alias_sz = (sizeof(mnt_alias_tab)/sizeof(mnt_alias_tab[0]));
|
||||
|
||||
static const char *version_keys[] = {
|
||||
- "v2", "v3", "v4", "vers", "nfsvers", "minorversion", NULL
|
||||
+ "v3", "v4", "vers", "nfsvers", "minorversion", NULL
|
||||
};
|
||||
|
||||
static int strict;
|
||||
diff --git a/utils/mount/mount.nfs.man b/utils/mount/mount.nfs.man
|
||||
index 0409c96f..a78a3b0d 100644
|
||||
--- a/utils/mount/mount.nfs.man
|
||||
+++ b/utils/mount/mount.nfs.man
|
||||
@@ -27,7 +27,7 @@ can mount all NFS file system versions. Under earlier Linux kernel versions,
|
||||
.BR mount.nfs4
|
||||
must be used for mounting NFSv4 file systems while
|
||||
.BR mount.nfs
|
||||
-must be used for NFSv3 and v2.
|
||||
+must be used for NFSv3.
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
diff --git a/utils/mount/network.c b/utils/mount/network.c
|
||||
index e803dbbe..0d80d08c 100644
|
||||
--- a/utils/mount/network.c
|
||||
+++ b/utils/mount/network.c
|
||||
@@ -97,7 +97,7 @@ static const char *nfs_transport_opttbl[] = {
|
||||
};
|
||||
|
||||
static const char *nfs_version_opttbl[] = {
|
||||
- "v2",
|
||||
+ "v2", /* no longer supported */
|
||||
"v3",
|
||||
"v4",
|
||||
"vers",
|
||||
@@ -1290,7 +1290,7 @@ nfs_nfs_version(char *type, struct mount_options *options, struct nfs_version *v
|
||||
else if (found < 0)
|
||||
return 1;
|
||||
else if (found <= 2 ) {
|
||||
- /* v2, v3, v4 */
|
||||
+ /* v3, v4 */
|
||||
version_val = version_key + 1;
|
||||
version->v_mode = V_SPECIFIC;
|
||||
} else if (found > 2 ) {
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index f1b76936..83365a37 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -12,7 +12,7 @@ created by Sun Microsystems in 1984. NFS was developed
|
||||
to allow file sharing between systems residing
|
||||
on a local area network.
|
||||
Depending on kernel configuration, the Linux NFS client may
|
||||
-support NFS versions 2, 3, 4.0, 4.1, or 4.2.
|
||||
+support NFS versions 3, 4.0, 4.1, or 4.2.
|
||||
.P
|
||||
The
|
||||
.BR mount (8)
|
||||
@@ -941,11 +941,6 @@ file. See
|
||||
.BR nfsmount.conf(5)
|
||||
for details.
|
||||
.SH EXAMPLES
|
||||
-To mount an export using NFS version 2,
|
||||
-use the
|
||||
-.B nfs
|
||||
-file system type and specify the
|
||||
-.B nfsvers=2
|
||||
mount option.
|
||||
To mount using NFS version 3,
|
||||
use the
|
||||
@@ -972,13 +967,6 @@ reasonable defaults for NFS behavior.
|
||||
server:/export /mnt nfs defaults 0 0
|
||||
.fi
|
||||
.P
|
||||
-Here is an example from an /etc/fstab file for an NFS version 2 mount over UDP.
|
||||
-.P
|
||||
-.nf
|
||||
-.ta 8n +16n +6n +6n +30n
|
||||
- server:/export /mnt nfs nfsvers=2,proto=udp 0 0
|
||||
-.fi
|
||||
-.P
|
||||
This example shows how to mount using NFS version 4 over TCP
|
||||
with Kerberos 5 mutual authentication.
|
||||
.P
|
||||
@@ -1071,7 +1059,7 @@ and
|
||||
can safely be allowed to default to the largest values supported by
|
||||
both client and server, independent of the network's MTU size.
|
||||
.SS "Using the mountproto mount option"
|
||||
-This section applies only to NFS version 2 and version 3 mounts
|
||||
+This section applies only to NFS version 3 mounts
|
||||
since NFS version 4 does not use a separate protocol for mount
|
||||
requests.
|
||||
.P
|
||||
@@ -1474,7 +1462,7 @@ the use of the
|
||||
mount option.
|
||||
.SS "Using file locks with NFS"
|
||||
The Network Lock Manager protocol is a separate sideband protocol
|
||||
-used to manage file locks in NFS version 2 and version 3.
|
||||
+used to manage file locks in NFS version 3.
|
||||
To support lock recovery after a client or server reboot,
|
||||
a second sideband protocol --
|
||||
known as the Network Status Manager protocol --
|
||||
@@ -1894,8 +1882,6 @@ RFC 768 for the UDP specification.
|
||||
.br
|
||||
RFC 793 for the TCP specification.
|
||||
.br
|
||||
-RFC 1094 for the NFS version 2 specification.
|
||||
-.br
|
||||
RFC 1813 for the NFS version 3 specification.
|
||||
.br
|
||||
RFC 1832 for the XDR specification.
|
||||
diff --git a/utils/mount/nfsmount.conf b/utils/mount/nfsmount.conf
|
||||
index 6bdc225a..342063f7 100644
|
||||
--- a/utils/mount/nfsmount.conf
|
||||
+++ b/utils/mount/nfsmount.conf
|
||||
@@ -28,7 +28,7 @@
|
||||
# This statically named section defines global mount
|
||||
# options that can be applied on all NFS mount.
|
||||
#
|
||||
-# Protocol Version [2,3,4]
|
||||
+# Protocol Version [3,4]
|
||||
# This defines the default protocol version which will
|
||||
# be used to start the negotiation with the server.
|
||||
# Defaultvers=4
|
||||
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
|
||||
index fa67a66f..3c4e218a 100644
|
||||
--- a/utils/mount/stropts.c
|
||||
+++ b/utils/mount/stropts.c
|
||||
@@ -357,6 +357,7 @@ static int nfs_insert_sloppy_option(struct mount_options *options)
|
||||
|
||||
static int nfs_set_version(struct nfsmount_info *mi)
|
||||
{
|
||||
+
|
||||
if (!nfs_nfs_version(mi->type, mi->options, &mi->version))
|
||||
return 0;
|
||||
|
||||
@@ -1016,7 +1017,6 @@ static int nfs_try_mount(struct nfsmount_info *mi)
|
||||
}
|
||||
|
||||
switch (mi->version.major) {
|
||||
- case 2:
|
||||
case 3:
|
||||
result = nfs_try_mount_v3v2(mi, FALSE);
|
||||
break;
|
||||
@@ -1247,6 +1247,14 @@ static int nfsmount_start(struct nfsmount_info *mi)
|
||||
if (!nfs_validate_options(mi))
|
||||
return EX_FAIL;
|
||||
|
||||
+ /*
|
||||
+ * NFS v2 has been deprecated
|
||||
+ */
|
||||
+ if (mi->version.major == 2) {
|
||||
+ mount_error(mi->spec, mi->node, EOPNOTSUPP);
|
||||
+ return EX_FAIL;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* Avoid retry and negotiation logic when remounting
|
||||
*/
|
||||
diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
|
||||
index 77e6299a..a206a3e2 100644
|
||||
--- a/utils/mountd/mountd.man
|
||||
+++ b/utils/mountd/mountd.man
|
||||
@@ -286,10 +286,9 @@ The values recognized in the
|
||||
section include
|
||||
.BR TCP ,
|
||||
.BR UDP ,
|
||||
-.BR vers2 ,
|
||||
.BR vers3 ", and"
|
||||
.B vers4
|
||||
-which each have same same meaning as given by
|
||||
+which each have the same meaning as given by
|
||||
.BR rpc.nfsd (8).
|
||||
|
||||
.SH TCP_WRAPPERS SUPPORT
|
||||
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
|
||||
index b0741718..4016a761 100644
|
||||
--- a/utils/nfsd/nfsd.c
|
||||
+++ b/utils/nfsd/nfsd.c
|
||||
@@ -226,7 +226,6 @@ main(int argc, char **argv)
|
||||
}
|
||||
/* FALLTHRU */
|
||||
case 3:
|
||||
- case 2:
|
||||
NFSCTL_VERUNSET(versbits, c);
|
||||
break;
|
||||
default:
|
||||
@@ -251,7 +250,6 @@ main(int argc, char **argv)
|
||||
minorvers = minorversset = minormask;
|
||||
/* FALLTHRU */
|
||||
case 3:
|
||||
- case 2:
|
||||
NFSCTL_VERSET(versbits, c);
|
||||
break;
|
||||
default:
|
||||
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
|
||||
index 2701ba78..634b8a63 100644
|
||||
--- a/utils/nfsd/nfsd.man
|
||||
+++ b/utils/nfsd/nfsd.man
|
||||
@@ -57,7 +57,7 @@ This option can be used to request that
|
||||
.B rpc.nfsd
|
||||
does not offer certain versions of NFS. The current version of
|
||||
.B rpc.nfsd
|
||||
-can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.
|
||||
+can support major NFS versions 3,4 and the minor versions 4.0, 4.1 and 4.2.
|
||||
.TP
|
||||
.B \-s " or " \-\-syslog
|
||||
By default,
|
||||
@@ -84,7 +84,7 @@ This option can be used to request that
|
||||
.B rpc.nfsd
|
||||
offer certain versions of NFS. The current version of
|
||||
.B rpc.nfsd
|
||||
-can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.
|
||||
+can support major NFS versions 3,4 and the minor versions 4.0, 4.1 and 4.2.
|
||||
.TP
|
||||
.B \-L " or " \-\-lease-time seconds
|
||||
Set the lease-time used for NFSv4. This corresponds to how often
|
||||
@@ -156,8 +156,6 @@ Enable (with "on" or "yes" etc) or disable ("off", "no") UDP support.
|
||||
.B TCP
|
||||
Enable or disable TCP support.
|
||||
.TP
|
||||
-.B vers2
|
||||
-.TP
|
||||
.B vers3
|
||||
.TP
|
||||
.B vers4
|
27
SOURCES/nfs-utils-2.5.4-mount-null-ptr.patch
Normal file
27
SOURCES/nfs-utils-2.5.4-mount-null-ptr.patch
Normal file
@ -0,0 +1,27 @@
|
||||
commit ea536a2e641664c8ea439e5e571e757785f587c9
|
||||
Author: Zhi Li <yieli@redhat.com>
|
||||
Date: Mon Oct 24 13:31:41 2022 -0400
|
||||
|
||||
mount.nfs: fix NULL pointer derefernce in nfs_parse_square_bracket
|
||||
|
||||
In function nfs_parse_square_bracket, hostname could be NULL,
|
||||
dereferencing it in free(*hostname) may cause an unexpected segfault.
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2136807
|
||||
Signed-off-by: Zhi Li <yieli@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/parse_dev.c b/utils/mount/parse_dev.c
|
||||
index 0d3bcb95..2ade5d5d 100644
|
||||
--- a/utils/mount/parse_dev.c
|
||||
+++ b/utils/mount/parse_dev.c
|
||||
@@ -170,7 +170,8 @@ static int nfs_parse_square_bracket(const char *dev,
|
||||
if (pathname) {
|
||||
*pathname = strndup(cbrace, path_len);
|
||||
if (*pathname == NULL) {
|
||||
- free(*hostname);
|
||||
+ if (hostname)
|
||||
+ free(*hostname);
|
||||
return nfs_pdn_nomem_err();
|
||||
}
|
||||
}
|
69
SOURCES/nfs-utils-2.5.4-mount-sloppy.patch
Normal file
69
SOURCES/nfs-utils-2.5.4-mount-sloppy.patch
Normal file
@ -0,0 +1,69 @@
|
||||
commit 4dd8d833c9350d42528ada0fd65aee41b712f41d
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Tue Jul 20 17:14:04 2021 -0400
|
||||
|
||||
mount.nfs: Fix the sloppy option processing
|
||||
|
||||
The new mount API broke how the sloppy option is parsed.
|
||||
So the option processing needs to be moved up in
|
||||
the mount.nfs command.
|
||||
|
||||
The option needs to be the first option in the string
|
||||
that is passed into the kernel with the -s mount(8)
|
||||
and/or the -o sloppy is used.
|
||||
|
||||
Commit 92b664ef fixed the process of the -s flag
|
||||
and this version fixes the -o sloppy processing
|
||||
as well works when libmount-mount is and is not
|
||||
enabled plus cleans up the mount options passed
|
||||
to the kernel.
|
||||
|
||||
Reviewed-and-tested-by: Dave Wysochanski <dwysocha@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index f98cb47d..f1b76936 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -555,6 +555,13 @@ using the FS-Cache facility. See cachefilesd(8)
|
||||
and <kernel_source>/Documentation/filesystems/caching
|
||||
for detail on how to configure the FS-Cache facility.
|
||||
Default value is nofsc.
|
||||
+.TP 1.5i
|
||||
+.B sloppy
|
||||
+The
|
||||
+.B sloppy
|
||||
+option is an alternative to specifying
|
||||
+.BR mount.nfs " -s " option.
|
||||
+
|
||||
.SS "Options for NFS versions 2 and 3 only"
|
||||
Use these options, along with the options in the above subsection,
|
||||
for NFS versions 2 and 3 only.
|
||||
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
|
||||
index 82b054a5..fa67a66f 100644
|
||||
--- a/utils/mount/stropts.c
|
||||
+++ b/utils/mount/stropts.c
|
||||
@@ -339,11 +339,19 @@ static int nfs_verify_lock_option(struct mount_options *options)
|
||||
|
||||
static int nfs_insert_sloppy_option(struct mount_options *options)
|
||||
{
|
||||
- if (!sloppy || linux_version_code() < MAKE_VERSION(2, 6, 27))
|
||||
+ if (linux_version_code() < MAKE_VERSION(2, 6, 27))
|
||||
return 1;
|
||||
|
||||
- if (po_insert(options, "sloppy") == PO_FAILED)
|
||||
- return 0;
|
||||
+ if (po_contains(options, "sloppy")) {
|
||||
+ po_remove_all(options, "sloppy");
|
||||
+ sloppy++;
|
||||
+ }
|
||||
+
|
||||
+ if (sloppy) {
|
||||
+ if (po_insert(options, "sloppy") == PO_FAILED)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
26
SOURCES/nfs-utils-2.5.4-nfsd-man-4vers.patch
Normal file
26
SOURCES/nfs-utils-2.5.4-nfsd-man-4vers.patch
Normal file
@ -0,0 +1,26 @@
|
||||
commit d4de031fbb2d797ec9e738deda50feec97db7593
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Fri Oct 28 10:56:36 2022 -0400
|
||||
|
||||
nfsd.man: Explain that setting nfsv4=n turns off all v4 versions
|
||||
|
||||
Update the man page to explicitly say setting
|
||||
nfsv4=n turns off all v4 versions
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
|
||||
index 634b8a63..bb99fe2b 100644
|
||||
--- a/utils/nfsd/nfsd.man
|
||||
+++ b/utils/nfsd/nfsd.man
|
||||
@@ -159,7 +159,9 @@ Enable or disable TCP support.
|
||||
.B vers3
|
||||
.TP
|
||||
.B vers4
|
||||
-Enable or disable a major NFS version. 3 and 4 are normally enabled
|
||||
+Enable or disable
|
||||
+.B all
|
||||
+NFSv4 versions. All versions are normally enabled
|
||||
by default.
|
||||
.TP
|
||||
.B vers4.1
|
86
SOURCES/nfs-utils-2.5.4-nfsdcltrack-printf.patch
Normal file
86
SOURCES/nfs-utils-2.5.4-nfsdcltrack-printf.patch
Normal file
@ -0,0 +1,86 @@
|
||||
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c.orig nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c
|
||||
--- nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c 2021-08-18 13:44:11.839124879 -0400
|
||||
@@ -507,7 +507,7 @@ cltrack_gracedone(const char *timestr)
|
||||
{
|
||||
int ret;
|
||||
char *tail;
|
||||
- time_t gracetime;
|
||||
+ uint64_t gracetime;
|
||||
|
||||
|
||||
ret = sqlite_prepare_dbh(storagedir);
|
||||
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c.orig nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c
|
||||
--- nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c 2021-08-18 13:48:16.264408309 -0400
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <sqlite3.h>
|
||||
+#include <stdint.h>
|
||||
#include <linux/limits.h>
|
||||
|
||||
#include "xlog.h"
|
||||
@@ -539,7 +540,7 @@ out_err:
|
||||
* remove any client records that were not reclaimed since grace_start.
|
||||
*/
|
||||
int
|
||||
-sqlite_remove_unreclaimed(time_t grace_start)
|
||||
+sqlite_remove_unreclaimed(uint64_t grace_start)
|
||||
{
|
||||
int ret;
|
||||
char *err = NULL;
|
||||
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h.orig nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h
|
||||
--- nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h.orig 2021-06-10 14:07:47.000000000 -0400
|
||||
+++ nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h 2021-08-18 13:44:11.839124879 -0400
|
||||
@@ -26,7 +26,7 @@ int sqlite_insert_client(const unsigned
|
||||
int sqlite_remove_client(const unsigned char *clname, const size_t namelen);
|
||||
int sqlite_check_client(const unsigned char *clname, const size_t namelen,
|
||||
const bool has_session);
|
||||
-int sqlite_remove_unreclaimed(const time_t grace_start);
|
||||
+int sqlite_remove_unreclaimed(const uint64_t grace_start);
|
||||
int sqlite_query_reclaiming(const time_t grace_start);
|
||||
|
||||
#endif /* _SQLITE_H */
|
||||
diff --git a/utils/nfsdcltrack/nfsdcltrack.c b/utils/nfsdcltrack/nfsdcltrack.c
|
||||
index 2f8bea81..7c1c4bcc 100644
|
||||
--- a/utils/nfsdcltrack/nfsdcltrack.c
|
||||
+++ b/utils/nfsdcltrack/nfsdcltrack.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <fcntl.h>
|
||||
+#include <inttypes.h>
|
||||
#include <unistd.h>
|
||||
#include <libgen.h>
|
||||
#include <sys/inotify.h>
|
||||
@@ -525,7 +526,7 @@ cltrack_gracedone(const char *timestr)
|
||||
if (*tail)
|
||||
return -EINVAL;
|
||||
|
||||
- xlog(D_GENERAL, "%s: grace done. gracetime=%ld", __func__, gracetime);
|
||||
+ xlog(D_GENERAL, "%s: grace done. gracetime=%"PRIu64, __func__, gracetime);
|
||||
|
||||
ret = sqlite_remove_unreclaimed(gracetime);
|
||||
|
||||
diff --git a/utils/nfsdcltrack/sqlite.c b/utils/nfsdcltrack/sqlite.c
|
||||
index b6573544..78c22af8 100644
|
||||
--- a/utils/nfsdcltrack/sqlite.c
|
||||
+++ b/utils/nfsdcltrack/sqlite.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <fcntl.h>
|
||||
+#include <inttypes.h>
|
||||
#include <unistd.h>
|
||||
#include <sqlite3.h>
|
||||
#include <stdint.h>
|
||||
@@ -545,7 +546,7 @@ sqlite_remove_unreclaimed(uint64_t grace_start)
|
||||
int ret;
|
||||
char *err = NULL;
|
||||
|
||||
- ret = snprintf(buf, sizeof(buf), "DELETE FROM clients WHERE time < %ld",
|
||||
+ ret = snprintf(buf, sizeof(buf), "DELETE FROM clients WHERE time < %"PRIu64,
|
||||
grace_start);
|
||||
if (ret < 0) {
|
||||
return ret;
|
37
SOURCES/nfs-utils-2.5.4-nfsman-maxconnect.patch
Normal file
37
SOURCES/nfs-utils-2.5.4-nfsman-maxconnect.patch
Normal file
@ -0,0 +1,37 @@
|
||||
commit 28deb4f398363e4e75ea41ff0fe604b11f6ee91a
|
||||
Author: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Tue Sep 21 13:00:12 2021 -0400
|
||||
|
||||
nfs.man: adding new mount option max_connect
|
||||
|
||||
When client discovers trunkable servers, instead of dropping newly
|
||||
created trunkable connections, add this connection to the existing
|
||||
RPC client.
|
||||
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index f1b76936..57a693fd 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -416,6 +416,19 @@ Note that the
|
||||
option may also be used by some pNFS drivers to decide how many
|
||||
connections to set up to the data servers.
|
||||
.TP 1.5i
|
||||
+.BR max_connect= n
|
||||
+While
|
||||
+.BR nconnect
|
||||
+option sets a limit on the number of connections that can be established
|
||||
+to a given server IP,
|
||||
+.BR max_connect
|
||||
+option allows the user to specify maximum number of connections to different
|
||||
+server IPs that belong to the same NFSv4.1+ server (session trunkable
|
||||
+connections) up to a limit of 16. When client discovers that it established
|
||||
+a client ID to an already existing server, instead of dropping the newly
|
||||
+created network transport, the client will add this new connection to the
|
||||
+list of available transports for that RPC client.
|
||||
+.TP 1.5i
|
||||
.BR rdirplus " / " nordirplus
|
||||
Selects whether to use NFS v3 or v4 READDIRPLUS requests.
|
||||
If this option is not specified, the NFS client uses READDIRPLUS requests
|
@ -1,8 +1,8 @@
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index e97b31f5..e504d492 100644
|
||||
index c89d1cd2..df791a83 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -60,6 +60,8 @@ utils/statd/statd
|
||||
@@ -61,6 +61,8 @@ utils/statd/statd
|
||||
tools/locktest/testlk
|
||||
tools/getiversion/getiversion
|
||||
tools/nfsconf/nfsconf
|
||||
@ -12,10 +12,27 @@ index e97b31f5..e504d492 100644
|
||||
support/export/mount_clnt.c
|
||||
support/export/mount_xdr.c
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 6d464ac5..f462a645 100644
|
||||
index d01ce6e4..3f48bd54 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -639,6 +639,7 @@ AC_CONFIG_FILES([
|
||||
@@ -251,6 +251,16 @@ AC_ARG_ENABLE(nfsdcld,
|
||||
enable_nfsdcld=$enableval,
|
||||
enable_nfsdcld="yes")
|
||||
|
||||
+AC_ARG_ENABLE(nfsrahead,
|
||||
+ [AS_HELP_STRING([--disable-nfsrahead],[disable nfsrahead command @<:@default=no@:>@])],
|
||||
+ enable_nfsrahead=$enableval,
|
||||
+ enable_nfsrahead="yes")
|
||||
+ AM_CONDITIONAL(CONFIG_NFSRAHEAD, [test "$enable_nfsrahead" = "yes" ])
|
||||
+ if test "$enable_nfsrahead" = yes; then
|
||||
+ dnl Check for -lmount
|
||||
+ PKG_CHECK_MODULES([LIBMOUNT], [mount])
|
||||
+ fi
|
||||
+
|
||||
AC_ARG_ENABLE(nfsdcltrack,
|
||||
[AC_HELP_STRING([--disable-nfsdcltrack],
|
||||
[disable NFSv4 clientid tracking programs @<:@default=no@:>@])],
|
||||
@@ -712,6 +722,7 @@ AC_CONFIG_FILES([
|
||||
tools/rpcgen/Makefile
|
||||
tools/mountstats/Makefile
|
||||
tools/nfs-iostat/Makefile
|
||||
@ -24,7 +41,7 @@ index 6d464ac5..f462a645 100644
|
||||
tools/nfsdclnts/Makefile
|
||||
tools/nfsconf/Makefile
|
||||
diff --git a/nfs.conf b/nfs.conf
|
||||
index 86ed7d53..30f9e109 100644
|
||||
index bc1de8d1..6aec1dd9 100644
|
||||
--- a/nfs.conf
|
||||
+++ b/nfs.conf
|
||||
@@ -5,6 +5,10 @@
|
||||
@ -35,14 +52,14 @@ index 86ed7d53..30f9e109 100644
|
||||
+# nfs=15000
|
||||
+# nfs4=16000
|
||||
+#
|
||||
[exportfs]
|
||||
# debug=0
|
||||
[exports]
|
||||
# rootdir=/export
|
||||
#
|
||||
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
|
||||
index f32c690b..ebbf28d0 100644
|
||||
index be487a11..e74083e9 100644
|
||||
--- a/systemd/nfs.conf.man
|
||||
+++ b/systemd/nfs.conf.man
|
||||
@@ -245,6 +245,17 @@ Only
|
||||
@@ -294,6 +294,17 @@ Only
|
||||
.B debug=
|
||||
is recognized.
|
||||
|
||||
@ -58,18 +75,21 @@ index f32c690b..ebbf28d0 100644
|
||||
+for deatils.
|
||||
+
|
||||
.SH FILES
|
||||
.TP 10n
|
||||
.I /etc/nfs.conf
|
||||
.SH SEE ALSO
|
||||
diff --git a/tools/Makefile.am b/tools/Makefile.am
|
||||
index c3feabbe..40c17c37 100644
|
||||
index c3feabbe..48fd0cdf 100644
|
||||
--- a/tools/Makefile.am
|
||||
+++ b/tools/Makefile.am
|
||||
@@ -12,6 +12,6 @@ if CONFIG_NFSDCLD
|
||||
@@ -12,6 +12,10 @@ if CONFIG_NFSDCLD
|
||||
OPTDIRS += nfsdclddb
|
||||
endif
|
||||
|
||||
-SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts $(OPTDIRS)
|
||||
+SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts nfsrahead $(OPTDIRS)
|
||||
+if CONFIG_NFSRAHEAD
|
||||
+OPTDIRS += nfsrahead
|
||||
+endif
|
||||
+
|
||||
SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts $(OPTDIRS)
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
diff --git a/tools/nfsrahead/99-nfs.rules b/tools/nfsrahead/99-nfs.rules
|
||||
@ -88,13 +108,13 @@ index 00000000..648813c5
|
||||
+SUBSYSTEM=="bdi", ACTION=="add", PROGRAM="_libexecdir_/nfsrahead %k", ATTR{read_ahead_kb}="%c"
|
||||
diff --git a/tools/nfsrahead/Makefile.am b/tools/nfsrahead/Makefile.am
|
||||
new file mode 100644
|
||||
index 00000000..845ea0d5
|
||||
index 00000000..7e08233a
|
||||
--- /dev/null
|
||||
+++ b/tools/nfsrahead/Makefile.am
|
||||
@@ -0,0 +1,16 @@
|
||||
+libexec_PROGRAMS = nfsrahead
|
||||
+nfsrahead_SOURCES = main.c
|
||||
+nfsrahead_LDFLAGS= -lmount
|
||||
+nfsrahead_LDFLAGS= $(LIBMOUNT_LIBS)
|
||||
+nfsrahead_LDADD = ../../support/nfs/libnfsconf.la
|
||||
+
|
||||
+man5_MANS = nfsrahead.man
|
||||
@ -384,16 +404,3 @@ index 00000000..5488f633
|
||||
+.SH AUTHOR
|
||||
+
|
||||
+Thiago Rafael Becker <trbecker@gmail.com>
|
||||
diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
|
||||
index 2af16f31..1911c41b 100644
|
||||
--- a/utils/nfsidmap/nfsidmap.man
|
||||
+++ b/utils/nfsidmap/nfsidmap.man
|
||||
@@ -2,7 +2,7 @@
|
||||
.\"@(#)nfsidmap(8) - The NFS idmapper upcall program
|
||||
.\"
|
||||
.\" Copyright (C) 2010 Bryan Schumaker <bjschuma@netapp.com>
|
||||
-.TH nfsidmap 5 "1 October 2010"
|
||||
+.TH nfsidmap 8 "1 October 2010"
|
||||
.SH NAME
|
||||
nfsidmap \- The NFS idmapper upcall program
|
||||
.SH SYNOPSIS
|
36
SOURCES/nfs-utils-2.5.4-rpcctl-xprt.patch
Normal file
36
SOURCES/nfs-utils-2.5.4-rpcctl-xprt.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
|
||||
index b8df556b..d2110ad6 100755
|
||||
--- a/tools/rpcctl/rpcctl.py
|
||||
+++ b/tools/rpcctl/rpcctl.py
|
||||
@@ -90,10 +90,18 @@ class Xprt:
|
||||
self.dstaddr = write_addr_file(self.path / "dstaddr", newaddr)
|
||||
|
||||
def set_state(self, state):
|
||||
+ if self.info.get("main_xprt"):
|
||||
+ raise Exception(f"Main xprts cannot be set {state}")
|
||||
with open(self.path / "xprt_state", 'w') as f:
|
||||
f.write(state)
|
||||
self.read_state()
|
||||
|
||||
+ def remove(self):
|
||||
+ if self.info.get("main_xprt"):
|
||||
+ raise Exception("Main xprts cannot be removed")
|
||||
+ self.set_state("offline")
|
||||
+ self.set_state("remove")
|
||||
+
|
||||
def add_command(subparser):
|
||||
parser = subparser.add_parser("xprt", help="Commands for individual xprts")
|
||||
parser.set_defaults(func=Xprt.show, xprt=None)
|
||||
@@ -139,10 +147,9 @@ class Xprt:
|
||||
if args.property == "dstaddr":
|
||||
xprt.set_dstaddr(socket.gethostbyname(args.newaddr[0]))
|
||||
elif args.property == "remove":
|
||||
- xprt.set_state("offline")
|
||||
- xprt.set_state("remove")
|
||||
+ xprt.remove()
|
||||
else:
|
||||
- args.set_state(args.property)
|
||||
+ xprt.set_state(args.property)
|
||||
print(xprt)
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f2f2303b..6d464ac5 100644
|
||||
index 93520a80..d01ce6e4 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -639,6 +639,7 @@ AC_CONFIG_FILES([
|
||||
@@ -712,6 +712,7 @@ AC_CONFIG_FILES([
|
||||
tools/rpcgen/Makefile
|
||||
tools/mountstats/Makefile
|
||||
tools/nfs-iostat/Makefile
|
||||
@ -116,10 +116,10 @@ index 00000000..b87ba0df
|
||||
+Anna Schumaker <Anna.Schumaker@Netapp.com>
|
||||
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
|
||||
new file mode 100755
|
||||
index 00000000..d2110ad6
|
||||
index 00000000..b8df556b
|
||||
--- /dev/null
|
||||
+++ b/tools/rpcctl/rpcctl.py
|
||||
@@ -0,0 +1,262 @@
|
||||
@@ -0,0 +1,255 @@
|
||||
+#!/usr/bin/python3
|
||||
+import argparse
|
||||
+import collections
|
||||
@ -212,18 +212,10 @@ index 00000000..d2110ad6
|
||||
+ self.dstaddr = write_addr_file(self.path / "dstaddr", newaddr)
|
||||
+
|
||||
+ def set_state(self, state):
|
||||
+ if self.info.get("main_xprt"):
|
||||
+ raise Exception(f"Main xprts cannot be set {state}")
|
||||
+ with open(self.path / "xprt_state", 'w') as f:
|
||||
+ f.write(state)
|
||||
+ self.read_state()
|
||||
+
|
||||
+ def remove(self):
|
||||
+ if self.info.get("main_xprt"):
|
||||
+ raise Exception("Main xprts cannot be removed")
|
||||
+ self.set_state("offline")
|
||||
+ self.set_state("remove")
|
||||
+
|
||||
+ def add_command(subparser):
|
||||
+ parser = subparser.add_parser("xprt", help="Commands for individual xprts")
|
||||
+ parser.set_defaults(func=Xprt.show, xprt=None)
|
||||
@ -269,9 +261,10 @@ index 00000000..d2110ad6
|
||||
+ if args.property == "dstaddr":
|
||||
+ xprt.set_dstaddr(socket.gethostbyname(args.newaddr[0]))
|
||||
+ elif args.property == "remove":
|
||||
+ xprt.remove()
|
||||
+ xprt.set_state("offline")
|
||||
+ xprt.set_state("remove")
|
||||
+ else:
|
||||
+ xprt.set_state(args.property)
|
||||
+ args.set_state(args.property)
|
||||
+ print(xprt)
|
||||
+
|
||||
+
|
24
SOURCES/nfs-utils-2.5.4-rpcdebug-check-read-return.patch
Normal file
24
SOURCES/nfs-utils-2.5.4-rpcdebug-check-read-return.patch
Normal file
@ -0,0 +1,24 @@
|
||||
commit a746c35822e557766d1871ec976490a71e6962d9
|
||||
Author: Zhi Li <yieli@redhat.com>
|
||||
Date: Wed Apr 5 12:08:10 2023 -0400
|
||||
|
||||
rpcdebug: avoid buffer underflow if read() returns 0
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2176740
|
||||
|
||||
Signed-off-by: Zhi Li <yieli@redhat.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c
|
||||
index 68206cc5..ec05179e 100644
|
||||
--- a/tools/rpcdebug/rpcdebug.c
|
||||
+++ b/tools/rpcdebug/rpcdebug.c
|
||||
@@ -257,7 +257,7 @@ get_flags(char *module)
|
||||
perror(filename);
|
||||
exit(1);
|
||||
}
|
||||
- if ((len = read(sysfd, buffer, sizeof(buffer))) < 0) {
|
||||
+ if ((len = read(sysfd, buffer, sizeof(buffer))) <= 0) {
|
||||
perror("read");
|
||||
exit(1);
|
||||
}
|
40
SOURCES/nfs-utils-2.5.4-rpcidmapd-return.patch
Normal file
40
SOURCES/nfs-utils-2.5.4-rpcidmapd-return.patch
Normal file
@ -0,0 +1,40 @@
|
||||
commit 9abd3b4b57155dfdfd6895e6086ef550ee56fc49
|
||||
Author: Wenchao Hao <haowenchao@huawei.com>
|
||||
Date: Tue Feb 22 16:06:51 2022 -0500
|
||||
|
||||
idmapd: Fix error status when nfs-idmapd exits
|
||||
|
||||
nfs-idmapd.service would report following error when stopped:
|
||||
|
||||
Starting NFSv4 ID-name mapping service...
|
||||
rpc.idmapd[1198]: Setting log level to 0
|
||||
Started NFSv4 ID-name mapping service.
|
||||
rpc.idmapd[1198]: exiting on signal 15
|
||||
Stopping NFSv4 ID-name mapping service...
|
||||
nfs-idmapd.service: Main process exited, code=exited, status=1/FAILURE
|
||||
nfs-idmapd.service: Failed with result 'exit-code'.
|
||||
Stopped NFSv4 ID-name mapping service.
|
||||
|
||||
commit 93e8f092(idmapd: Add graceful exit and resource cleanup)
|
||||
redirected SIGTERM, so when executing "systemctl stop nfs-idmapd", the
|
||||
main() of idmapd would running to tail to return, while it returned 1
|
||||
which considered as error by systemd.
|
||||
|
||||
So here just return 0 in main().
|
||||
|
||||
Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
|
||||
index e2c160e8..e79c124d 100644
|
||||
--- a/utils/idmapd/idmapd.c
|
||||
+++ b/utils/idmapd/idmapd.c
|
||||
@@ -474,7 +474,7 @@ main(int argc, char **argv)
|
||||
event_free(svrdirev);
|
||||
event_base_free(evbase);
|
||||
|
||||
- return 1;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static void
|
31
SOURCES/nfs-utils-2.5.4-rpcpipefs-warn.patch
Normal file
31
SOURCES/nfs-utils-2.5.4-rpcpipefs-warn.patch
Normal file
@ -0,0 +1,31 @@
|
||||
commit 7f8463fe702174bd613df9d308cc899af25ae02e
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Wed Feb 23 15:19:51 2022 -0500
|
||||
|
||||
systemd: Fix format-overflow warning
|
||||
|
||||
rpc-pipefs-generator.c:35:23: error: '%s' directive output between 0 and 2147483653 bytes may exceed minimum required size of 4095 [-Werror=format-overflow=]
|
||||
35 | sprintf(path, "%s/%s", dirname, pipefs_unit);
|
||||
| ^
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/systemd/rpc-pipefs-generator.c b/systemd/rpc-pipefs-generator.c
|
||||
index c24db567..7b2bb4f7 100644
|
||||
--- a/systemd/rpc-pipefs-generator.c
|
||||
+++ b/systemd/rpc-pipefs-generator.c
|
||||
@@ -28,11 +28,12 @@ static int generate_mount_unit(const char *pipefs_path, const char *pipefs_unit,
|
||||
{
|
||||
char *path;
|
||||
FILE *f;
|
||||
+ size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit) + 1);
|
||||
|
||||
- path = malloc(strlen(dirname) + 1 + strlen(pipefs_unit));
|
||||
+ path = malloc(size);
|
||||
if (!path)
|
||||
return 1;
|
||||
- sprintf(path, "%s/%s", dirname, pipefs_unit);
|
||||
+ snprintf(path, size, "%s/%s", dirname, pipefs_unit);
|
||||
f = fopen(path, "w");
|
||||
if (!f)
|
||||
{
|
427
SOURCES/nfs-utils-2.5.4-support-for-rpc-with-tls.patch
Normal file
427
SOURCES/nfs-utils-2.5.4-support-for-rpc-with-tls.patch
Normal file
@ -0,0 +1,427 @@
|
||||
diff --git a/support/export/cache.c b/support/export/cache.c
|
||||
index a5823e92..396b3b73 100644
|
||||
--- a/support/export/cache.c
|
||||
+++ b/support/export/cache.c
|
||||
@@ -932,6 +932,7 @@ static void write_fsloc(char **bp, int *blen, struct exportent *ep)
|
||||
release_replicas(servers);
|
||||
}
|
||||
#endif
|
||||
+
|
||||
static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_mask)
|
||||
{
|
||||
struct sec_entry *p;
|
||||
@@ -949,7 +950,20 @@ static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_m
|
||||
qword_addint(bp, blen, p->flav->fnum);
|
||||
qword_addint(bp, blen, p->flags & flag_mask);
|
||||
}
|
||||
+}
|
||||
+
|
||||
+static void write_xprtsec(char **bp, int *blen, struct exportent *ep)
|
||||
+{
|
||||
+ struct xprtsec_entry *p;
|
||||
+
|
||||
+ for (p = ep->e_xprtsec; p->info; p++);
|
||||
+ if (p == ep->e_xprtsec)
|
||||
+ return;
|
||||
|
||||
+ qword_add(bp, blen, "xprtsec");
|
||||
+ qword_addint(bp, blen, p - ep->e_xprtsec);
|
||||
+ for (p = ep->e_xprtsec; p->info; p++)
|
||||
+ qword_addint(bp, blen, p->info->number);
|
||||
}
|
||||
|
||||
static int dump_to_cache(int f, char *buf, int blen, char *domain,
|
||||
@@ -992,6 +1006,7 @@ static int dump_to_cache(int f, char *buf, int blen, char *domain,
|
||||
qword_add(&bp, &blen, "uuid");
|
||||
qword_addhex(&bp, &blen, u, 16);
|
||||
}
|
||||
+ write_xprtsec(&bp, &blen, exp);
|
||||
xlog(D_AUTH, "granted access to %s for %s",
|
||||
path, *domain == '$' ? domain+1 : domain);
|
||||
} else {
|
||||
diff --git a/support/include/nfs/export.h b/support/include/nfs/export.h
|
||||
index 0eca828e..be5867cf 100644
|
||||
--- a/support/include/nfs/export.h
|
||||
+++ b/support/include/nfs/export.h
|
||||
@@ -40,4 +40,18 @@
|
||||
#define NFSEXP_OLD_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
|
||||
| NFSEXP_ALLSQUASH)
|
||||
|
||||
+/*
|
||||
+ * Transport layer security policies that are permitted to access
|
||||
+ * an export
|
||||
+ */
|
||||
+#define NFSEXP_XPRTSEC_NONE 0x0001
|
||||
+#define NFSEXP_XPRTSEC_TLS 0x0002
|
||||
+#define NFSEXP_XPRTSEC_MTLS 0x0004
|
||||
+
|
||||
+#define NFSEXP_XPRTSEC_NUM (3)
|
||||
+
|
||||
+#define NFSEXP_XPRTSEC_ALL (NFSEXP_XPRTSEC_NONE | \
|
||||
+ NFSEXP_XPRTSEC_TLS | \
|
||||
+ NFSEXP_XPRTSEC_MTLS)
|
||||
+
|
||||
#endif /* _NSF_EXPORT_H */
|
||||
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
|
||||
index 6faba71b..61c19933 100644
|
||||
--- a/support/include/nfslib.h
|
||||
+++ b/support/include/nfslib.h
|
||||
@@ -62,6 +62,18 @@ struct sec_entry {
|
||||
int flags;
|
||||
};
|
||||
|
||||
+#define XPRTSECMODE_COUNT 3
|
||||
+
|
||||
+struct xprtsec_info {
|
||||
+ const char *name;
|
||||
+ int number;
|
||||
+};
|
||||
+
|
||||
+struct xprtsec_entry {
|
||||
+ const struct xprtsec_info *info;
|
||||
+ int flags;
|
||||
+};
|
||||
+
|
||||
/*
|
||||
* Data related to a single exports entry as returned by getexportent.
|
||||
* FIXME: export options should probably be parsed at a later time to
|
||||
@@ -83,6 +95,7 @@ struct exportent {
|
||||
char * e_fslocdata;
|
||||
char * e_uuid;
|
||||
struct sec_entry e_secinfo[SECFLAVOR_COUNT+1];
|
||||
+ struct xprtsec_entry e_xprtsec[XPRTSECMODE_COUNT + 1];
|
||||
unsigned int e_ttl;
|
||||
char * e_realpath;
|
||||
};
|
||||
@@ -99,6 +112,7 @@ struct rmtabent {
|
||||
void setexportent(char *fname, char *type);
|
||||
struct exportent * getexportent(int,int);
|
||||
void secinfo_show(FILE *fp, struct exportent *ep);
|
||||
+void xprtsecinfo_show(FILE *fp, struct exportent *ep);
|
||||
void putexportent(struct exportent *xep);
|
||||
void endexportent(void);
|
||||
struct exportent * mkexportent(char *hname, char *path, char *opts);
|
||||
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
|
||||
index ec6f8013..d36f7664 100644
|
||||
--- a/support/nfs/exports.c
|
||||
+++ b/support/nfs/exports.c
|
||||
@@ -99,6 +99,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
|
||||
ee->e_fslocmethod = FSLOC_NONE;
|
||||
ee->e_fslocdata = NULL;
|
||||
ee->e_secinfo[0].flav = NULL;
|
||||
+ ee->e_xprtsec[0].info = NULL;
|
||||
ee->e_nsquids = 0;
|
||||
ee->e_nsqgids = 0;
|
||||
ee->e_uuid = NULL;
|
||||
@@ -122,7 +123,7 @@ getexportent(int fromkernel, int fromexports)
|
||||
if (first || (ok = getexport(exp, sizeof(exp))) == 0) {
|
||||
has_default_opts = 0;
|
||||
has_default_subtree_opts = 0;
|
||||
-
|
||||
+
|
||||
init_exportent(&def_ee, fromkernel);
|
||||
|
||||
ok = getpath(def_ee.e_path, sizeof(def_ee.e_path));
|
||||
@@ -146,7 +147,7 @@ getexportent(int fromkernel, int fromexports)
|
||||
if (exp[0] == '-' && !fromkernel) {
|
||||
if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0)
|
||||
return NULL;
|
||||
-
|
||||
+
|
||||
has_default_opts = 1;
|
||||
|
||||
ok = getexport(exp, sizeof(exp));
|
||||
@@ -239,7 +240,6 @@ void secinfo_show(FILE *fp, struct exportent *ep)
|
||||
if (ep->e_secinfo[0].flav == NULL)
|
||||
secinfo_addflavor(find_flavor("sys"), ep);
|
||||
for (p1=ep->e_secinfo; p1->flav; p1=p2) {
|
||||
-
|
||||
fprintf(fp, ",sec=%s", p1->flav->flavour);
|
||||
for (p2=p1+1; (p2->flav != NULL) && (p1->flags == p2->flags);
|
||||
p2++) {
|
||||
@@ -249,6 +249,17 @@ void secinfo_show(FILE *fp, struct exportent *ep)
|
||||
}
|
||||
}
|
||||
|
||||
+void xprtsecinfo_show(FILE *fp, struct exportent *ep)
|
||||
+{
|
||||
+ struct xprtsec_entry *p1, *p2;
|
||||
+
|
||||
+ for (p1 = ep->e_xprtsec; p1->info; p1 = p2) {
|
||||
+ fprintf(fp, ",xprtsec=%s", p1->info->name);
|
||||
+ for (p2 = p1 + 1; p2->info && (p1->flags == p2->flags); p2++)
|
||||
+ fprintf(fp, ":%s", p2->info->name);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void
|
||||
fprintpath(FILE *fp, const char *path)
|
||||
{
|
||||
@@ -345,6 +356,7 @@ putexportent(struct exportent *ep)
|
||||
}
|
||||
fprintf(fp, "anonuid=%d,anongid=%d", ep->e_anonuid, ep->e_anongid);
|
||||
secinfo_show(fp, ep);
|
||||
+ xprtsecinfo_show(fp, ep);
|
||||
fprintf(fp, ")\n");
|
||||
}
|
||||
|
||||
@@ -483,6 +495,75 @@ static unsigned int parse_flavors(char *str, struct exportent *ep)
|
||||
return out;
|
||||
}
|
||||
|
||||
+static const struct xprtsec_info xprtsec_name2info[] = {
|
||||
+ { "none", NFSEXP_XPRTSEC_NONE },
|
||||
+ { "tls", NFSEXP_XPRTSEC_TLS },
|
||||
+ { "mtls", NFSEXP_XPRTSEC_MTLS },
|
||||
+ { NULL, 0 }
|
||||
+};
|
||||
+
|
||||
+static const struct xprtsec_info *find_xprtsec_info(const char *name)
|
||||
+{
|
||||
+ const struct xprtsec_info *info;
|
||||
+
|
||||
+ for (info = xprtsec_name2info; info->name; info++)
|
||||
+ if (strcmp(info->name, name) == 0)
|
||||
+ return info;
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Append the given xprtsec mode to the exportent's e_xprtsec array,
|
||||
+ * or do nothing if it's already there. Returns the index of flavor in
|
||||
+ * the resulting array in any case.
|
||||
+ */
|
||||
+static int xprtsec_addmode(const struct xprtsec_info *info, struct exportent *ep)
|
||||
+{
|
||||
+ struct xprtsec_entry *p;
|
||||
+
|
||||
+ for (p = ep->e_xprtsec; p->info; p++)
|
||||
+ if (p->info == info || p->info->number == info->number)
|
||||
+ return p - ep->e_xprtsec;
|
||||
+
|
||||
+ if (p - ep->e_xprtsec >= XPRTSECMODE_COUNT) {
|
||||
+ xlog(L_ERROR, "more than %d xprtsec modes on an export\n",
|
||||
+ XPRTSECMODE_COUNT);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ p->info = info;
|
||||
+ p->flags = ep->e_flags;
|
||||
+ (p + 1)->info = NULL;
|
||||
+ return p - ep->e_xprtsec;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * @str is a colon seperated list of transport layer security modes.
|
||||
+ * Their order is recorded in @ep, and a bitmap corresponding to the
|
||||
+ * list is returned.
|
||||
+ *
|
||||
+ * A zero return indicates an error.
|
||||
+ */
|
||||
+static unsigned int parse_xprtsec(char *str, struct exportent *ep)
|
||||
+{
|
||||
+ unsigned int out = 0;
|
||||
+ char *name;
|
||||
+
|
||||
+ while ((name = strsep(&str, ":"))) {
|
||||
+ const struct xprtsec_info *info = find_xprtsec_info(name);
|
||||
+ int bit;
|
||||
+
|
||||
+ if (!info) {
|
||||
+ xlog(L_ERROR, "unknown xprtsec mode %s\n", name);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ bit = xprtsec_addmode(info, ep);
|
||||
+ if (bit < 0)
|
||||
+ return 0;
|
||||
+ out |= 1 << bit;
|
||||
+ }
|
||||
+ return out;
|
||||
+}
|
||||
+
|
||||
/* Sets the bits in @mask for the appropriate security flavor flags. */
|
||||
static void setflags(int mask, unsigned int active, struct exportent *ep)
|
||||
{
|
||||
@@ -621,7 +702,7 @@ parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
|
||||
ep->e_anonuid = strtol(opt+8, &oe, 10);
|
||||
if (opt[8]=='\0' || *oe != '\0') {
|
||||
xlog(L_ERROR, "%s: %d: bad anonuid \"%s\"\n",
|
||||
- flname, flline, opt);
|
||||
+ flname, flline, opt);
|
||||
bad_option:
|
||||
free(opt);
|
||||
return -1;
|
||||
@@ -631,7 +712,7 @@ bad_option:
|
||||
ep->e_anongid = strtol(opt+8, &oe, 10);
|
||||
if (opt[8]=='\0' || *oe != '\0') {
|
||||
xlog(L_ERROR, "%s: %d: bad anongid \"%s\"\n",
|
||||
- flname, flline, opt);
|
||||
+ flname, flline, opt);
|
||||
goto bad_option;
|
||||
}
|
||||
} else if (strncmp(opt, "squash_uids=", 12) == 0) {
|
||||
@@ -649,13 +730,13 @@ bad_option:
|
||||
setflags(NFSEXP_FSID, active, ep);
|
||||
} else {
|
||||
ep->e_fsid = strtoul(opt+5, &oe, 0);
|
||||
- if (opt[5]!='\0' && *oe == '\0')
|
||||
+ if (opt[5]!='\0' && *oe == '\0')
|
||||
setflags(NFSEXP_FSID, active, ep);
|
||||
else if (valid_uuid(opt+5))
|
||||
ep->e_uuid = strdup(opt+5);
|
||||
else {
|
||||
xlog(L_ERROR, "%s: %d: bad fsid \"%s\"\n",
|
||||
- flname, flline, opt);
|
||||
+ flname, flline, opt);
|
||||
goto bad_option;
|
||||
}
|
||||
}
|
||||
@@ -688,6 +769,9 @@ bad_option:
|
||||
active = parse_flavors(opt+4, ep);
|
||||
if (!active)
|
||||
goto bad_option;
|
||||
+ } else if (strncmp(opt, "xprtsec=", 8) == 0) {
|
||||
+ if (!parse_xprtsec(opt + 8, ep))
|
||||
+ goto bad_option;
|
||||
} else {
|
||||
xlog(L_ERROR, "%s:%d: unknown keyword \"%s\"\n",
|
||||
flname, flline, opt);
|
||||
@@ -709,7 +793,7 @@ out:
|
||||
if (warn && !had_subtree_opt)
|
||||
xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n"
|
||||
" Assuming default behaviour ('no_subtree_check').\n"
|
||||
- " NOTE: this default has changed since nfs-utils version 1.0.x\n",
|
||||
+ " NOTE: this default has changed since nfs-utils version 1.0.x\n",
|
||||
|
||||
flname, flline,
|
||||
ep->e_hostname, ep->e_path);
|
||||
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
|
||||
index 6ba615d1..a87a7806 100644
|
||||
--- a/utils/exportfs/exportfs.c
|
||||
+++ b/utils/exportfs/exportfs.c
|
||||
@@ -743,6 +743,7 @@ dump(int verbose, int export_format)
|
||||
#endif
|
||||
}
|
||||
secinfo_show(stdout, ep);
|
||||
+ xprtsecinfo_show(stdout, ep);
|
||||
printf("%c\n", (c != '(')? ')' : ' ');
|
||||
}
|
||||
}
|
||||
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
|
||||
index 54b3f877..83dd6807 100644
|
||||
--- a/utils/exportfs/exports.man
|
||||
+++ b/utils/exportfs/exports.man
|
||||
@@ -125,7 +125,55 @@ In that case you may include multiple sec= options, and following options
|
||||
will be enforced only for access using flavors listed in the immediately
|
||||
preceding sec= option. The only options that are permitted to vary in
|
||||
this way are ro, rw, no_root_squash, root_squash, and all_squash.
|
||||
+.SS Transport layer security
|
||||
+The Linux NFS server allows the use of RPC-with-TLS (RFC 9289) to
|
||||
+protect RPC traffic between itself and its clients.
|
||||
+Alternately, administrators can secure NFS traffic using a VPN,
|
||||
+or an ssh tunnel or similar mechanism, in a way that is transparent
|
||||
+to the server.
|
||||
.PP
|
||||
+To enable the use of RPC-with-TLS, the server's administrator must
|
||||
+install and configure
|
||||
+.BR tlshd
|
||||
+to handle transport layer security handshake requests from the local
|
||||
+kernel.
|
||||
+Clients can then choose to use RPC-with-TLS or they may continue
|
||||
+operating without it.
|
||||
+.PP
|
||||
+Administrators may require the use of RPC-with-TLS to protect access
|
||||
+to individual exports.
|
||||
+This is particularly useful when using non-cryptographic security
|
||||
+flavors such as
|
||||
+.IR sec=sys .
|
||||
+The
|
||||
+.I xprtsec=
|
||||
+option, followed by an unordered colon-delimited list of security policies,
|
||||
+can restrict access to the export to only clients that have negotiated
|
||||
+transport-layer security.
|
||||
+Currently supported transport layer security policies include:
|
||||
+.TP
|
||||
+.IR none
|
||||
+The server permits clients to access the export
|
||||
+without the use of transport layer security.
|
||||
+.TP
|
||||
+.IR tls
|
||||
+The server permits clients that have negotiated an RPC-with-TLS session
|
||||
+without peer authentication (confidentiality only) to access the export.
|
||||
+Clients are not required to offer an x.509 certificate
|
||||
+when establishing a transport layer security session.
|
||||
+.TP
|
||||
+.IR mtls
|
||||
+The server permits clients that have negotiated an RPC-with-TLS session
|
||||
+with peer authentication to access the export.
|
||||
+The server requires clients to offer an x.509 certificate
|
||||
+when establishing a transport layer security session.
|
||||
+.PP
|
||||
+If RPC-with-TLS is configured and enabled and the
|
||||
+.I xprtsec=
|
||||
+option is not specified, the default setting for an export is
|
||||
+.IR xprtsec=none:tls:mtls .
|
||||
+With this setting, the server permits clients to use any transport
|
||||
+layer security mechanism or none at all to access the export.
|
||||
.SS General Options
|
||||
.BR exportfs
|
||||
understands the following export options:
|
||||
@@ -581,7 +629,8 @@ a character class wildcard match.
|
||||
.BR netgroup (5),
|
||||
.BR mountd (8),
|
||||
.BR nfsd (8),
|
||||
-.BR showmount (8).
|
||||
+.BR showmount (8),
|
||||
+.BR tlshd (8).
|
||||
.\".SH DIAGNOSTICS
|
||||
.\"An error parsing the file is reported using syslogd(8) as level NOTICE from
|
||||
.\"a DAEMON whenever
|
||||
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
|
||||
index d9f34df3..dfc31a5d 100644
|
||||
--- a/utils/mount/nfs.man
|
||||
+++ b/utils/mount/nfs.man
|
||||
@@ -574,7 +574,43 @@ The
|
||||
.B sloppy
|
||||
option is an alternative to specifying
|
||||
.BR mount.nfs " -s " option.
|
||||
-
|
||||
+.TP 1.5i
|
||||
+.BI xprtsec= policy
|
||||
+Specifies the use of transport layer security to protect NFS network
|
||||
+traffic on behalf of this mount point.
|
||||
+.I policy
|
||||
+can be one of
|
||||
+.BR none ,
|
||||
+.BR tls ,
|
||||
+or
|
||||
+.BR mtls .
|
||||
+.IP
|
||||
+If
|
||||
+.B none
|
||||
+is specified,
|
||||
+transport layer security is forced off, even if the NFS server supports
|
||||
+transport layer security.
|
||||
+If
|
||||
+.B tls
|
||||
+is specified, the client uses RPC-with-TLS to provide in-transit
|
||||
+confidentiality.
|
||||
+If
|
||||
+.B mtls
|
||||
+is specified, the client uses RPC-with-TLS to authenticate itself and
|
||||
+to provide in-transit confidentiality.
|
||||
+If either
|
||||
+.B tls
|
||||
+or
|
||||
+.B mtls
|
||||
+is specified and the server does not support RPC-with-TLS or peer
|
||||
+authentication fails, the mount attempt fails.
|
||||
+.IP
|
||||
+If the
|
||||
+.B xprtsec=
|
||||
+option is not specified,
|
||||
+the default behavior depends on the kernel version,
|
||||
+but is usually equivalent to
|
||||
+.BR "xprtsec=none" .
|
||||
.SS "Options for NFS versions 2 and 3 only"
|
||||
Use these options, along with the options in the above subsection,
|
||||
for NFS versions 2 and 3 only.
|
31
SOURCES/nfs-utils-2.5.4-systemd-rpcstatd.patch
Normal file
31
SOURCES/nfs-utils-2.5.4-systemd-rpcstatd.patch
Normal file
@ -0,0 +1,31 @@
|
||||
commit 8a835cebb149ba2a54b6518722c79019cf8e3da4
|
||||
Author: Benjamin Coddington <bcodding@redhat.com>
|
||||
Date: Mon Aug 1 13:19:04 2022 -0400
|
||||
|
||||
rpc-statd.service: Stop rpcbind and rpc.stat in an exit race
|
||||
|
||||
When `systemctl stop rpcbind.socket` is run, the dependency means
|
||||
that systemd first sends SIGTERM to rpcbind, then sigterm to rpc.statd.
|
||||
|
||||
On SIGTERM, rpcbind tears down /var/run/rpcbind.sock. However,
|
||||
rpc-statd on SIGTERM attempts to unregister from rpcbind
|
||||
|
||||
systemd needs to wait for rpc.statd to exit before sending
|
||||
SIGTERM to rpcbind
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2100395
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
|
||||
index 095629f2..392750da 100644
|
||||
--- a/systemd/rpc-statd.service
|
||||
+++ b/systemd/rpc-statd.service
|
||||
@@ -5,7 +5,7 @@ Conflicts=umount.target
|
||||
Requires=nss-lookup.target rpcbind.socket
|
||||
Wants=network-online.target
|
||||
Wants=rpc-statd-notify.service
|
||||
-After=network-online.target nss-lookup.target rpcbind.socket
|
||||
+After=network-online.target nss-lookup.target rpcbind.service
|
||||
|
||||
PartOf=nfs-utils.service
|
||||
IgnoreOnIsolate=yes
|
@ -1,324 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Read in the deprecated /etc/sysconfig/nfs file and
|
||||
set the corresponding values in nfs.conf
|
||||
"""
|
||||
|
||||
from __future__ import print_function
|
||||
import os
|
||||
import sys
|
||||
import getopt
|
||||
import subprocess
|
||||
import configparser
|
||||
|
||||
CONF_NFS = '/etc/nfs.conf'
|
||||
CONF_IDMAP = '/etc/idmapd.conf'
|
||||
SYSCONF_NFS = '/etc/sysconfig/nfs'
|
||||
SYSCONF_BACKUP = ".rpmsave"
|
||||
CONF_TOOL = '/usr/sbin/nfsconf'
|
||||
|
||||
# options for nfsd found in RPCNFSDARGS
|
||||
OPTS_NFSD = 'dH:p:rR:N:V:stTuUG:L:'
|
||||
LONG_NFSD = ['debug', 'host=', 'port=', 'rdma=', 'nfs-version=', 'no-nfs-version=',
|
||||
'tcp', 'no-tcp', 'udp', 'no-udp', 'grace-time=', 'lease-time=']
|
||||
CONV_NFSD = {'-d': (CONF_NFS, 'nfsd', 'debug', 'all'),
|
||||
'-H': (CONF_NFS, 'nfsd', 'host', ','),
|
||||
'-p': (CONF_NFS, 'nfsd', 'port', '$1'),
|
||||
'-r': (CONF_NFS, 'nfsd', 'rdma', 'nfsrdma'),
|
||||
'-R': (CONF_NFS, 'nfsd', 'rdma', '$1'),
|
||||
'-N': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
|
||||
'-V': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
|
||||
'-t': (CONF_NFS, 'nfsd', 'tcp', '1'),
|
||||
'-T': (CONF_NFS, 'nfsd', 'tcp', '0'),
|
||||
'-u': (CONF_NFS, 'nfsd', 'udp', '1'),
|
||||
'-U': (CONF_NFS, 'nfsd', 'udp', '0'),
|
||||
'-G': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
|
||||
'-L': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
|
||||
'$1': (CONF_NFS, 'nfsd', 'threads', '$1'),
|
||||
'--debug': (CONF_NFS, 'nfsd', 'debug', 'all'),
|
||||
'--host': (CONF_NFS, 'nfsd', 'host', ','),
|
||||
'--port': (CONF_NFS, 'nfsd', 'port', '$1'),
|
||||
'--rdma': (CONF_NFS, 'nfsd', 'rdma', '$1'),
|
||||
'--no-nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
|
||||
'--nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
|
||||
'--tcp': (CONF_NFS, 'nfsd', 'tcp', '1'),
|
||||
'--no-tcp': (CONF_NFS, 'nfsd', 'tcp', '0'),
|
||||
'--udp': (CONF_NFS, 'nfsd', 'udp', '1'),
|
||||
'--no-udp': (CONF_NFS, 'nfsd', 'udp', '0'),
|
||||
'--grace-time': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
|
||||
'--lease-time': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
|
||||
}
|
||||
|
||||
# options for mountd found in RPCMOUNTDOPTS
|
||||
OPTS_MOUNTD = 'go:d:H:p:N:nrs:t:V:'
|
||||
LONG_MOUNTD = ['descriptors=', 'debug=', 'nfs-version=', 'no-nfs-version=',
|
||||
'port=', 'no-tcp', 'ha-callout=', 'state-directory-path=',
|
||||
'num-threads=', 'reverse-lookup', 'manage-gids', 'no-udp']
|
||||
|
||||
CONV_MOUNTD = {'-g': (CONF_NFS, 'mountd', 'manage-gids', '1'),
|
||||
'-o': (CONF_NFS, 'mountd', 'descriptors', '$1'),
|
||||
'-d': (CONF_NFS, 'mountd', 'debug', '$1'),
|
||||
'-H': (CONF_NFS, 'mountd', 'ha-callout', '$1'),
|
||||
'-p': (CONF_NFS, 'mountd', 'port', '$1'),
|
||||
'-N': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
|
||||
'-V': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
|
||||
'-n': (CONF_NFS, 'nfsd', 'tcp', '0'),
|
||||
'-s': (CONF_NFS, 'mountd', 'stat-directory-path', '$1'),
|
||||
'-t': (CONF_NFS, 'mountd', 'threads', '$1'),
|
||||
'-r': (CONF_NFS, 'mountd', 'reverse-lookup', '1'),
|
||||
'-u': (CONF_NFS, 'nfsd', 'udp', '0'),
|
||||
'--manage-gids': (CONF_NFS, 'mountd', 'manage-gids', '1'),
|
||||
'--descriptors': (CONF_NFS, 'mountd', 'descriptors', '$1'),
|
||||
'--debug': (CONF_NFS, 'mountd', 'debug', '$1'),
|
||||
'--ha-callout': (CONF_NFS, 'mountd', 'ha-callout', '$1'),
|
||||
'--port': (CONF_NFS, 'mountd', 'port', '$1'),
|
||||
'--nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
|
||||
'--no-nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
|
||||
'--no-tcp': (CONF_NFS, 'nfsd', 'tcp', '0'),
|
||||
'--state-directory-path': (CONF_NFS, 'mountd', 'state-directory-path', '$1'),
|
||||
'--num-threads': (CONF_NFS, 'mountd', 'threads', '$1'),
|
||||
'--reverse-lookup': (CONF_NFS, 'mountd', 'reverse-lookup', '1'),
|
||||
'--no-udp': (CONF_NFS, 'nfsd', 'udp', '0'),
|
||||
}
|
||||
|
||||
# options for statd found in STATDARG
|
||||
OPTS_STATD = 'o:p:T:U:n:P:H:L'
|
||||
LONG_STATD = ['outgoing-port=', 'port=', 'name=', 'state-directory-path=',
|
||||
'ha-callout=', 'nlm-port=', 'nlm-udp-port=', 'no-notify']
|
||||
CONV_STATD = {'-o': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
|
||||
'-p': (CONF_NFS, 'statd', 'port', '$1'),
|
||||
'-T': (CONF_NFS, 'lockd', 'port', '$1'),
|
||||
'-U': (CONF_NFS, 'lockd', 'udp-port', '$1'),
|
||||
'-n': (CONF_NFS, 'statd', 'name', '$1'),
|
||||
'-P': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
|
||||
'-H': (CONF_NFS, 'statd', 'ha-callout', '$1'),
|
||||
'-L': (CONF_NFS, 'statd', 'no-notify', '1'),
|
||||
'--outgoing-port': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
|
||||
'--port': (CONF_NFS, 'statd', 'port', '$1'),
|
||||
'--name': (CONF_NFS, 'statd', 'name', '$1'),
|
||||
'--state-directory-path': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
|
||||
'--ha-callout': (CONF_NFS, 'statd', 'ha-callout', '$1'),
|
||||
'--nlm-port': (CONF_NFS, 'lockd', 'port', '$1'),
|
||||
'--nlm-udp-port': (CONF_NFS, 'lockd', 'udp-port', '$1'),
|
||||
'--no-notify': (CONF_NFS, 'statd', 'no-notify', '1'),
|
||||
}
|
||||
|
||||
# options for sm-notify found in SMNOTIFYARGS
|
||||
OPTS_SMNOTIFY = 'dm:np:v:P:f'
|
||||
CONV_SMNOTIFY = {'-d': (CONF_NFS, 'sm-notify', 'debug', 'all'),
|
||||
'-m': (CONF_NFS, 'sm-notify', 'retry-time', '$1'),
|
||||
'-n': (CONF_NFS, 'sm-notify', 'update-state', '1'),
|
||||
'-p': (CONF_NFS, 'sm-notify', 'outgoing-port', '$1'),
|
||||
'-v': (CONF_NFS, 'sm-notify', 'outgoing-addr', '$1'),
|
||||
'-f': (CONF_NFS, 'sm-notify', 'force', '1'),
|
||||
'-P': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
|
||||
}
|
||||
|
||||
# options for idmapd found in RPCIDMAPDARGS
|
||||
OPTS_IDMAPD = 'vp:CS'
|
||||
CONV_IDMAPD = {'-v': (CONF_IDMAP, 'general', 'verbosity', '+'),
|
||||
'-p': (CONF_NFS, 'general', 'pipefs-directory', '$1'),
|
||||
'-C': (CONF_IDMAP, 'general', 'client-only', '1'),
|
||||
'-S': (CONF_IDMAP, 'general', 'server-only', '1'),
|
||||
}
|
||||
|
||||
# options for gssd found in RPCGSSDARGS
|
||||
OPTS_GSSD = 'Mnvrp:k:d:t:T:R:lD'
|
||||
CONV_GSSD = {'-M': (CONF_NFS, 'gssd', 'use-memcache', '1'),
|
||||
'-n': (CONF_NFS, 'gssd', 'root_uses_machine_creds', '0'),
|
||||
'-v': (CONF_NFS, 'gssd', 'verbosity', '+'),
|
||||
'-r': (CONF_NFS, 'gssd', 'rpc-verbosity', '+'),
|
||||
'-p': (CONF_NFS, 'general', 'pipefs-directory', '$1'),
|
||||
'-k': (CONF_NFS, 'gssd', 'keytab-file', '$1'),
|
||||
'-d': (CONF_NFS, 'gssd', 'cred-cache-directory', '$1'),
|
||||
'-t': (CONF_NFS, 'gssd', 'context-timeout', '$1'),
|
||||
'-T': (CONF_NFS, 'gssd', 'rpc-timeout', '$1'),
|
||||
'-R': (CONF_NFS, 'gssd', 'preferred-realm', '$1'),
|
||||
'-l': (CONF_NFS, 'gssd', 'limit-to-legacy-enctypes', '0'),
|
||||
'-D': (CONF_NFS, 'gssd', 'avoid-dns', '0'),
|
||||
}
|
||||
|
||||
# options for blkmapd found in BLKMAPDARGS
|
||||
OPTS_BLKMAPD = ''
|
||||
CONV_BLKMAPD = {}
|
||||
|
||||
# meta list of all the getopt lists
|
||||
GETOPT_MAPS = [('RPCNFSDARGS', OPTS_NFSD, LONG_NFSD, CONV_NFSD),
|
||||
('RPCMOUNTDOPTS', OPTS_MOUNTD, LONG_MOUNTD, CONV_MOUNTD),
|
||||
('STATDARG', OPTS_STATD, LONG_STATD, CONV_STATD),
|
||||
('STATDARGS', OPTS_STATD, LONG_STATD, CONV_STATD),
|
||||
('SMNOTIFYARGS', OPTS_SMNOTIFY, [], CONV_SMNOTIFY),
|
||||
('RPCIDMAPDARGS', OPTS_IDMAPD, [], CONV_IDMAPD),
|
||||
('RPCGSSDARGS', OPTS_GSSD, [], CONV_GSSD),
|
||||
('BLKMAPDARGS', OPTS_BLKMAPD, [], CONV_BLKMAPD),
|
||||
]
|
||||
|
||||
# any fixups we need to apply first
|
||||
GETOPT_FIXUP = {'RPCNFSDARGS': ('--rdma', '--rdma=nfsrdma'),
|
||||
}
|
||||
|
||||
# map for all of the single option values
|
||||
VALUE_MAPS = {'LOCKD_TCPPORT': (CONF_NFS, 'lockd', 'port', '$1'),
|
||||
'LOCKD_UDPPORT': (CONF_NFS, 'lockd', 'udp-port', '$1'),
|
||||
'RPCNFSDCOUNT': (CONF_NFS, 'nfsd', 'threads', '$1'),
|
||||
'NFSD_V4_GRACE': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
|
||||
'NFSD_V4_LEASE': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
|
||||
'MOUNTD_PORT': (CONF_NFS, 'mountd', 'port', '$1'),
|
||||
'STATD_PORT': (CONF_NFS, 'statd', 'port', '$1'),
|
||||
'STATD_OUTGOING_PORT': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
|
||||
'STATD_HA_CALLOUT': (CONF_NFS, 'statd', 'ha-callout', '$1'),
|
||||
'GSS_USE_PROXY': (CONF_NFS, 'gssd', 'use-gss-proxy', '$1')
|
||||
}
|
||||
|
||||
def eprint(*args, **kwargs):
|
||||
""" Print error to stderr """
|
||||
print(*args, file=sys.stderr, **kwargs)
|
||||
|
||||
def makesub(param, value):
|
||||
""" Variable substitution """
|
||||
return param.replace('$1', value)
|
||||
|
||||
def set_value(value, entry):
|
||||
""" Set a configuration value by running nfsconf tool"""
|
||||
cfile, section, tag, param = entry
|
||||
|
||||
tag = makesub(tag, value)
|
||||
param = makesub(param, value)
|
||||
if param == '+':
|
||||
param = value
|
||||
if param == ',':
|
||||
param = value
|
||||
args = [CONF_TOOL, "--file", cfile, "--set", section, tag, param]
|
||||
|
||||
try:
|
||||
subprocess.check_output(args, stderr=subprocess.STDOUT)
|
||||
except subprocess.CalledProcessError as e:
|
||||
print("Error running nfs-conf tool:\n %s" % (e.output.decode()))
|
||||
print("Args: %s\n" % args)
|
||||
raise Exception
|
||||
|
||||
def convert_getopt(optname, options, optstring, longopts, conversions):
|
||||
""" Parse option string into seperate config items
|
||||
|
||||
Take a getopt string and a table of conversions
|
||||
parse it all and spit out the converted config
|
||||
|
||||
Keyword arguments:
|
||||
options -- the argv string to convert
|
||||
optstring -- getopt format option list
|
||||
conversions -- table of translations
|
||||
"""
|
||||
optcount = 0
|
||||
try:
|
||||
args = options.strip('\"').split()
|
||||
if optname in GETOPT_FIXUP:
|
||||
(k, v) = GETOPT_FIXUP[optname]
|
||||
for i, opt in enumerate(args):
|
||||
if opt == k:
|
||||
args[i] = v
|
||||
elif opt == '--':
|
||||
break
|
||||
optlist, optargs = getopt.gnu_getopt(args, optstring, longopts=longopts)
|
||||
except getopt.GetoptError as err:
|
||||
eprint(err)
|
||||
raise Exception
|
||||
|
||||
setlist = {}
|
||||
for (k, v) in optlist:
|
||||
if k in conversions:
|
||||
# it's already been set once
|
||||
param = conversions[k][3]
|
||||
tag = k + makesub(conversions[k][2], v)
|
||||
if tag in setlist:
|
||||
value = setlist[tag][0]
|
||||
# is it a cummulative entry
|
||||
if param == '+':
|
||||
value = str(int(value) + 1)
|
||||
if param == ',':
|
||||
value += "," + v
|
||||
else:
|
||||
if param == '+':
|
||||
value = "1"
|
||||
elif param == ',':
|
||||
value = v
|
||||
else:
|
||||
value = v
|
||||
setlist[tag] = (value, conversions[k])
|
||||
else:
|
||||
if v:
|
||||
eprint("Ignoring unrecognised option %s=%s in %s" % (k, v, optname))
|
||||
else:
|
||||
eprint("Ignoring unrecognised option %s in %s" % (k, optname))
|
||||
|
||||
|
||||
for v, c in setlist.values():
|
||||
try:
|
||||
set_value(v, c)
|
||||
optcount += 1
|
||||
except Exception:
|
||||
raise
|
||||
|
||||
i = 1
|
||||
for o in optargs:
|
||||
opname = '$' + str(i)
|
||||
if opname in conversions:
|
||||
try:
|
||||
set_value(o, conversions[opname])
|
||||
optcount += 1
|
||||
except Exception:
|
||||
raise
|
||||
else:
|
||||
eprint("Unrecognised trailing arguments")
|
||||
raise Exception
|
||||
i += 1
|
||||
|
||||
return optcount
|
||||
|
||||
def map_values():
|
||||
""" Main function """
|
||||
mapcount = 0
|
||||
|
||||
# Lets load the old config
|
||||
with open(SYSCONF_NFS) as cfile:
|
||||
file_content = '[sysconf]\n' + cfile.read()
|
||||
sysconfig = configparser.RawConfigParser()
|
||||
sysconfig.read_string(file_content)
|
||||
|
||||
# Map all the getopt option lists
|
||||
for (name, opts, lopts, conv) in GETOPT_MAPS:
|
||||
if name in sysconfig['sysconf']:
|
||||
try:
|
||||
mapcount += convert_getopt(name, sysconfig['sysconf'][name], opts,
|
||||
lopts, conv)
|
||||
except Exception:
|
||||
eprint("Error whilst converting %s to nfsconf options." % (name))
|
||||
raise
|
||||
|
||||
# Map the single value options
|
||||
for name, opts in VALUE_MAPS.items():
|
||||
if name in sysconfig['sysconf']:
|
||||
try:
|
||||
value = sysconfig['sysconf'][name]
|
||||
set_value(value.strip('\"'), opts)
|
||||
mapcount += 1
|
||||
except Exception:
|
||||
raise
|
||||
|
||||
# All went well, move aside the old file
|
||||
# but dont bother if there were no changes and
|
||||
# an old config file already exists
|
||||
backupfile = SYSCONF_NFS + SYSCONF_BACKUP
|
||||
if mapcount > 0 or not os.path.exists(backupfile):
|
||||
try:
|
||||
os.replace(SYSCONF_NFS, backupfile)
|
||||
except OSError as err:
|
||||
eprint("Error moving old config %s: %s" % (SYSCONF_NFS, err))
|
||||
raise
|
||||
|
||||
# Main routine
|
||||
try:
|
||||
map_values()
|
||||
except Exception as e:
|
||||
eprint(e)
|
||||
eprint("Conversion failed. Please correct the error and try again.")
|
||||
exit(1)
|
@ -1,38 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# Convert /etc/sysconfig/nfs values in /etc/nfs.conf valuse
|
||||
#
|
||||
|
||||
#
|
||||
# No file no conversion
|
||||
#
|
||||
if [ ! -f /etc/sysconfig/nfs ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#
|
||||
# See if the conversion happen already
|
||||
#
|
||||
grep "nfs.conf" /etc/sysconfig/nfs > /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -f /etc/nfs.conf.rpmnew ]; then
|
||||
# See if it is the we want to use
|
||||
grep tag1234 /etc/nfs.conf.rpmnew > /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
cp /etc/nfs.conf /etc/nfs.conf.rpmsave
|
||||
cat /etc/nfs.conf.rpmnew | sed '/tag123/d' > /etc/nfs.conf
|
||||
rm /etc/nfs.conf.rpmnew
|
||||
fi
|
||||
else
|
||||
cp /etc/nfs.conf /etc/nfs.conf.rpmsave
|
||||
fi
|
||||
|
||||
#
|
||||
# Do the conversion
|
||||
#
|
||||
/usr/sbin/nfsconvert
|
||||
|
@ -1,124 +1,83 @@
|
||||
Summary: NFS utilities and supporting clients and daemons for the kernel NFS server
|
||||
Name: nfs-utils
|
||||
URL: http://linux-nfs.org/
|
||||
Version: 2.3.3
|
||||
Release: 59%{?dist}
|
||||
Version: 2.5.4
|
||||
Release: 27%{?dist}
|
||||
Epoch: 1
|
||||
|
||||
# group all 32bit related archs
|
||||
%define all_32bit_archs i386 i486 i586 i686 athlon ppc sparcv9
|
||||
%global all_32bit_archs i386 i486 i586 i686 athlon ppc sparcv9
|
||||
|
||||
Source0: https://www.kernel.org/pub/linux/utils/nfs-utils/%{version}/%{name}-%{version}.tar.xz
|
||||
Source1: id_resolver.conf
|
||||
Source2: lockd.conf
|
||||
Source3: 24-nfs-server.conf
|
||||
Source4: nfsconvert.py
|
||||
Source5: nfsconvert.sh
|
||||
Source6: nfs-convert.service
|
||||
Source4: 10-nfsv4.conf
|
||||
|
||||
#
|
||||
# RHEL 8.0
|
||||
# RHEL9.0
|
||||
#
|
||||
Patch001: nfs-utils-2.3.3-nfsd-disable-v4.patch
|
||||
Patch002: nfs-utils-2.3.3-remove-osd_login.patch
|
||||
Patch003: nfs-utils-2.3.3-mount-sharecache.patch
|
||||
Patch004: nfs-utils-2.3.3-gssd-usegssproxy.patch
|
||||
Patch005: nfs-utils-2.3.3-nfsconf-usegssproxy.patch
|
||||
Patch006: nfs-utils-2.3.3-man-tcpwrappers.patch
|
||||
Patch007: nfs-utils-2.3.3-junction-update.patch
|
||||
Patch001: nfs-utils-2.5.4-mount-sloppy.patch
|
||||
Patch002: nfs-utils-2.5.4-nfsdcltrack-printf.patch
|
||||
Patch003: nfs-utils-2.5.4-general-memory-fixes.patch
|
||||
Patch004: nfs-utils-2.5.4-mount-nov2.patch
|
||||
Patch005: nfs-utils-2.5.4-gssd-debug-msg.patch
|
||||
Patch006: nfs-utils-2.5.4-rpcctl.patch
|
||||
|
||||
#
|
||||
# RHEL 8.1
|
||||
# RHEL9.1
|
||||
#
|
||||
Patch008: nfs-utils-2.3.3-nfsconf-manage-gids.patch
|
||||
Patch009: nfs-utils-2.3.3-statd-force.patch
|
||||
Patch010: nfs-utils-2.3.3-statd-no-notify.patch
|
||||
Patch011: nfs-utils-2.3.3-gssd-verbose.patch
|
||||
Patch012: nfs-utils-2.3.3-nfsconf-inplace.patch
|
||||
Patch013: nfs-utils-2.3.3-covscan-resource-leaks.patch
|
||||
Patch014: nfs-utils-2.3.3-nfsman-typo.patch
|
||||
Patch015: nfs-utils-2.3.3-mount-fallback.patch
|
||||
Patch016: nfs-utils-2.3.3-mountd-memleak.patch
|
||||
Patch017: nfs-utils-2.3.3-lseek-error-handling.patch
|
||||
Patch018: nfs-utils-2.3.3-memleak-on-error.patch
|
||||
Patch007: nfs-utils-2.5.4-nfsman-maxconnect.patch
|
||||
Patch008: nfs-utils-2.5.4-rpcpipefs-warn.patch
|
||||
Patch009: nfs-utils-2.5.4-rpcidmapd-return.patch
|
||||
Patch010: nfs-utils-2.5.4-mount-ebusy.patch
|
||||
Patch011: nfs-utils-2.5.4-rpcctl-xprt.patch
|
||||
Patch012: nfs-utils-2.5.4-systemd-rpcstatd.patch
|
||||
|
||||
#
|
||||
# RHEL 8.2
|
||||
# RHEL9.2
|
||||
#
|
||||
Patch019: nfs-utils-2.3.3-nfsiostat-err-cnts.patch
|
||||
Patch020: nfs-utils-2.3.3-gssd-man-verbose.patch
|
||||
Patch021: nfs-utils-2.3.3-nfsconf-rdmaport.patch
|
||||
Patch022: nfs-utils-2.3.3-gssd-early-daemon.patch
|
||||
Patch023: nfs-utils-2.3.3-covscan-rm-deadcode-leaks.patch
|
||||
Patch024: nfs-utils-2.3.3-gssd-memoryleak.patch
|
||||
Patch013: nfs-utils-2.5.4-nfsd-man-4vers.patch
|
||||
Patch014: nfs-utils-2.5.4-mount-null-ptr.patch
|
||||
Patch015: nfs-utils-2.5.4-nfsrahead-cmd.patch
|
||||
Patch016: nfs-utils-2.5.4-covscan-return-value.patch
|
||||
|
||||
#
|
||||
# RHEL 8.3
|
||||
# RHEL9.3
|
||||
#
|
||||
Patch025: nfs-utils-2.3.3-junction-err-fix.patch
|
||||
Patch026: nfs-utils-2.3.3-nfsdcld-upstream-update.patch
|
||||
Patch027: nfs-utils-2.3.3-nconnect-manpage.patch
|
||||
Patch028: nfs-utils-2.3.3-nfsdclddb-rename.patch
|
||||
Patch029: nfs-utils-2.3.3-nfsclnts-cmd.patch
|
||||
Patch017: nfs-utils-2.5.4-juncs-automount.patch
|
||||
Patch018: nfs-utils-2.5.4-man-nfsconf.patch
|
||||
|
||||
#
|
||||
# RHEL 8.4
|
||||
# RHEL9.4
|
||||
#
|
||||
Patch030: nfs-utils-2.3.3-exportfs-man-labels.patch
|
||||
Patch031: nfs-utils-2.3.3-nfsiostat-div-zero.patch
|
||||
Patch032: nfs-utils-2.3.3-nfsiostat-key-error.patch
|
||||
Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch
|
||||
Patch034: nfs-utils-2.3.3-systemd-exportfs-nofail.patch
|
||||
Patch035: nfs-utils-2.3.3-exports-manpage-outdated.patch
|
||||
Patch036: nfs-utils-2.3.3-gssd-multithread-updates.patch
|
||||
Patch037: nfs-utils-2.3.3-mountd-pseudofs.patch
|
||||
Patch019: nfs-utils-2.5.4-gssd-dns-failure.patch
|
||||
Patch020: nfs-utils-2.5.4-gssd-bad-integ-error-support.patch
|
||||
Patch021: nfs-utils-2.5.4-mount-mountconf-typo.patch
|
||||
Patch022: nfs-utils-2.5.4-support-for-rpc-with-tls.patch
|
||||
Patch023: nfs-utils-2.5.4-fix-typos-in-messages.patch
|
||||
Patch024: nfs-utils-2.5.4-blkmapd-double-free.patch
|
||||
Patch025: nfs-utils-2.5.4-rpcdebug-check-read-return.patch
|
||||
|
||||
#
|
||||
# RHEL 8.5
|
||||
# RHEL9.5
|
||||
#
|
||||
Patch038: nfs-utils-2.3.3-gssd-k5identity.patch
|
||||
Patch039: nfs-utils-2.3.3-gssd-man-tflag.patch
|
||||
Patch040: nfs-utils-2.3.3-exportfs-root.patch
|
||||
Patch041: nfs-utils-2.3.3-mount-sloppy.patch
|
||||
Patch042: nfs-utils-2.3.3-gssd-failed-thread.patch
|
||||
Patch043: nfs-utils-2.3.3-gssd-timeout-thread.patch
|
||||
Patch044: nfs-utils-2.3.3-gssd-debug-cleanup.patch
|
||||
Patch045: nfs-utils-2.3.3-gssd-mutex-refcnt.patch
|
||||
|
||||
#
|
||||
# RHEL 8.6
|
||||
#
|
||||
Patch046: nfs-utils-2.3.3-mountd-v4-logging.patch
|
||||
Patch047: nfs-utils-2.3.3-gssd-printerr.patch
|
||||
Patch048: nfs-utils-2.3.3-mount-ebusy.patch
|
||||
Patch049: nfs-utils-2.3.3-nfsidmap-debug.patch
|
||||
|
||||
#
|
||||
# RHEL 8.7
|
||||
#
|
||||
Patch050: nfs-utils-2.3.3-nfsman-softreval.patch
|
||||
Patch051: nfs-utils-2.3.3-rpcctl.patch
|
||||
Patch052: nfs-utils-2.3.3-nfsrahead.patch
|
||||
Patch053: nfs-utils-2.3.3-rpcctl-subparser.patch
|
||||
Patch054: nfs-utils-2.3.3-rpcctl-posixpath.patch
|
||||
Patch055: nfs-utils-2.3.3-systemd-rpcstatd.patch
|
||||
|
||||
#
|
||||
# rhel 8.8
|
||||
#
|
||||
Patch056: nfs-utils-2.3.3-mountd-v4clnts.patch
|
||||
Patch057: nfs-utils-2.3.3-covscan-return-value.patch
|
||||
Patch026: nfs-utils-2.5.4-gssd-allowed-enctypes.patch
|
||||
Patch027: nfs-utils-2.5.4-gssd-segfault.patch
|
||||
|
||||
Patch100: nfs-utils-1.2.1-statdpath-man.patch
|
||||
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
|
||||
Patch102: nfs-utils-2.3.3-idmap-errmsg.patch
|
||||
Patch102: nfs-utils-1.2.5-idmap-errmsg.patch
|
||||
Patch103: nfs-utils-2.3.1-systemd-gssproxy-restart.patch
|
||||
Patch104: nfs-utils-2.3.1-systemd-svcgssd-removed.patch
|
||||
Patch104: nfs-utils-2.3.3-man-tcpwrappers.patch
|
||||
Patch105: nfs-utils-2.3.3-nfsconf-usegssproxy.patch
|
||||
Patch106: nfs-utils-2.4.2-systemd-svcgssd.patch
|
||||
|
||||
Provides: exportfs = %{epoch}:%{version}-%{release}
|
||||
Provides: nfsstat = %{epoch}:%{version}-%{release}
|
||||
Provides: showmount = %{epoch}:%{version}-%{release}
|
||||
Provides: rpcdebug = %{epoch}:%{version}-%{release}
|
||||
Provides: rpcctl = %{epoch}:%{version}-%{release}
|
||||
Provides: rpc.idmapd = %{epoch}:%{version}-%{release}
|
||||
Provides: rpc.mountd = %{epoch}:%{version}-%{release}
|
||||
Provides: rpc.nfsd = %{epoch}:%{version}-%{release}
|
||||
@ -132,9 +91,8 @@ Provides: sm-notify = %{epoch}:%{version}-%{release}
|
||||
Provides: start-statd = %{epoch}:%{version}-%{release}
|
||||
|
||||
License: MIT and GPLv2 and GPLv2+ and BSD
|
||||
Requires: rpcbind, sed, gawk, grep
|
||||
Requires: kmod, keyutils, quota, python3-pyyaml
|
||||
BuildRequires: libevent-devel libcap-devel
|
||||
BuildRequires: make
|
||||
BuildRequires: libevent-devel libcap-devel libuuid-devel
|
||||
BuildRequires: libtirpc-devel libblkid-devel
|
||||
BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
|
||||
BuildRequires: automake, libtool, gcc, device-mapper-devel
|
||||
@ -149,8 +107,51 @@ Requires(pre): coreutils
|
||||
Requires(preun): coreutils
|
||||
Requires: libnfsidmap libevent
|
||||
Requires: libtirpc >= 0.2.3-1 libblkid libcap libmount
|
||||
%{?systemd_requires}
|
||||
Requires: gssproxy => 0.7.0-3
|
||||
Requires: rpcbind, sed, gawk, grep
|
||||
Requires: kmod, keyutils, quota, python3-pyyaml
|
||||
%{?systemd_requires}
|
||||
|
||||
%package -n nfs-utils-coreos
|
||||
Summary: Minimal NFS utilities for supporting clients
|
||||
Provides: nfsstat = %{epoch}:%{version}-%{release}
|
||||
Provides: rpc.statd = %{epoch}:%{version}-%{release}
|
||||
Provides: rpc.gssd = %{epoch}:%{version}-%{release}
|
||||
Provides: mount.nfs = %{epoch}:%{version}-%{release}
|
||||
Provides: mount.nfs4 = %{epoch}:%{version}-%{release}
|
||||
Provides: umount.nfs = %{epoch}:%{version}-%{release}
|
||||
Provides: umount.nfs4 = %{epoch}:%{version}-%{release}
|
||||
Provides: start-statd = %{epoch}:%{version}-%{release}
|
||||
Provides: nfsidmap = %{epoch}:%{version}-%{release}
|
||||
Provides: showmount = %{epoch}:%{version}-%{release}
|
||||
Requires: rpcbind
|
||||
%{?systemd_requires}
|
||||
|
||||
%description -n nfs-utils-coreos
|
||||
Minimal NFS utilities for supporting clients
|
||||
|
||||
%package -n nfs-stats-utils
|
||||
Summary: NFS utilities for supporting clients
|
||||
Provides: nfsstat = %{epoch}:%{version}-%{release}
|
||||
Provides: mountstats = %{epoch}:%{version}-%{release}
|
||||
Provides: nfsiostat = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description -n nfs-stats-utils
|
||||
Show NFS client Statistics
|
||||
|
||||
%package -n nfsv4-client-utils
|
||||
Summary: NFSv4 utilities for supporting client
|
||||
Provides: rpc.gssd = %{epoch}:%{version}-%{release}
|
||||
Provides: rpcctl = %{epoch}:%{version}-%{release}
|
||||
Provides: mount.nfs = %{epoch}:%{version}-%{release}
|
||||
Provides: mount.nfs4 = %{epoch}:%{version}-%{release}
|
||||
Provides: umount.nfs = %{epoch}:%{version}-%{release}
|
||||
Provides: umount.nfs4 = %{epoch}:%{version}-%{release}
|
||||
Provides: nfsidmap = %{epoch}:%{version}-%{release}
|
||||
Requires: gssproxy => 0.7.0-3
|
||||
|
||||
%description -n nfsv4-client-utils
|
||||
The nfsv4-client-utils packages provided NFSv4 client support
|
||||
|
||||
%package -n libnfsidmap
|
||||
Summary: NFSv4 User and Group ID Mapping Library
|
||||
@ -158,8 +159,6 @@ Provides: libnfsidmap%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
License: BSD
|
||||
BuildRequires: pkgconfig, openldap-devel
|
||||
BuildRequires: automake, libtool
|
||||
Requires(postun): /sbin/ldconfig
|
||||
Requires(pre): /sbin/ldconfig
|
||||
Requires: openldap
|
||||
|
||||
%description -n libnfsidmap
|
||||
@ -176,8 +175,16 @@ developing programs which use the libnfsidmap library.
|
||||
|
||||
|
||||
%description
|
||||
The nfs-utils package provides various utilities for use with NFS
|
||||
clients and servers.
|
||||
The nfs-utils package provides a daemon for the kernel NFS server and
|
||||
related tools, which provides a much higher level of performance than the
|
||||
traditional Linux NFS server used by most users.
|
||||
|
||||
This package also contains the showmount program. Showmount queries the
|
||||
mount daemon on a remote host for information about the NFS (Network File
|
||||
System) server on the remote host. For example, showmount can display the
|
||||
clients which are mounted on that host.
|
||||
|
||||
This package also contains the mount.nfs and umount.nfs program.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
@ -190,10 +197,10 @@ find -name \*.py -exec sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' {
|
||||
|
||||
%build
|
||||
sh -x autogen.sh
|
||||
%define _statdpath /var/lib/nfs/statd
|
||||
%global _statdpath /var/lib/nfs/statd
|
||||
%configure \
|
||||
CFLAGS="%{build_cflags} -D_FILE_OFFSET_BITS=64 `pkg-config --cflags libtirpc`" \
|
||||
LDFLAGS="%{build_ldflags} `pkg-config --libs libtirpc`" \
|
||||
CFLAGS="%{build_cflags} -D_FILE_OFFSET_BITS=64" \
|
||||
LDFLAGS="%{build_ldflags}" \
|
||||
--enable-mountconfig \
|
||||
--enable-ipv6 \
|
||||
--with-statdpath=%{_statdpath} \
|
||||
@ -206,7 +213,7 @@ sh -x autogen.sh
|
||||
%make_build all
|
||||
|
||||
%install
|
||||
%define _pkgdir %{_prefix}/lib/systemd
|
||||
%global _pkgdir %{_prefix}/lib/systemd
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT/*
|
||||
|
||||
@ -224,17 +231,13 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/gssproxy
|
||||
|
||||
install -s -m 755 tools/rpcdebug/rpcdebug $RPM_BUILD_ROOT%{_sbindir}
|
||||
install -m 644 utils/mount/nfsmount.conf $RPM_BUILD_ROOT%{_sysconfdir}
|
||||
install -m 644 nfs.conf $RPM_BUILD_ROOT%{_sysconfdir}
|
||||
install -m 644 nfs.conf $RPM_BUILD_ROOT%{_sysconfdir}
|
||||
install -m 644 support/nfsidmap/idmapd.conf $RPM_BUILD_ROOT%{_sysconfdir}
|
||||
install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/request-key.d
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/scripts
|
||||
mkdir -p $RPM_BUILD_ROOT/run/sysconfig
|
||||
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d/lockd.conf
|
||||
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/gssproxy
|
||||
install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_sbindir}/nfsconvert
|
||||
install -m 755 %{SOURCE5} $RPM_BUILD_ROOT/%{_libexecdir}/nfs-utils/nfsconvert.sh
|
||||
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pkgdir}/system
|
||||
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
|
||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/libnfsidmap/*.{a,la}
|
||||
@ -249,6 +252,9 @@ mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/nfs/statd/sm.bak
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/nfs/v4recovery
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/exports.d
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/nfsmount.conf.d
|
||||
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/nfsmount.conf.d
|
||||
|
||||
|
||||
%pre
|
||||
# move files so the running service will have this applied as well
|
||||
@ -258,7 +264,7 @@ for x in gssd idmapd ; do
|
||||
fi
|
||||
done
|
||||
|
||||
%define rpcuser_uid 29
|
||||
%global rpcuser_uid 29
|
||||
# Create rpcuser gid as long as it does not already exist
|
||||
cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null
|
||||
if [ "$?" -eq 1 ]; then
|
||||
@ -275,7 +281,11 @@ else
|
||||
fi
|
||||
|
||||
# Using the 16-bit value of -2 for the nfsnobody uid and gid
|
||||
%define nfsnobody_uid 65534
|
||||
%global nfsnobody_uid 65534
|
||||
|
||||
# Nowadays 'nobody/65534' user/group are included in setup rpm. But on
|
||||
# systems installed previously, nobody/99 might be present, with user
|
||||
# 65534 missing. Let's create nfsnobody/65534 in that case.
|
||||
|
||||
# Create nfsnobody gid as long as it does not already exist
|
||||
cat /etc/group | cut -d':' -f 3 | grep --quiet %{nfsnobody_uid} 2>/dev/null
|
||||
@ -296,19 +306,37 @@ if [ $1 -eq 1 ] ; then
|
||||
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
|
||||
/bin/systemctl start nfs-client.target >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%systemd_post nfs-server
|
||||
|
||||
%post -n nfsv4-client-utils
|
||||
if [ $1 -eq 1 ] ; then
|
||||
# Initial installation
|
||||
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
|
||||
/bin/systemctl start nfs-client.target >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
%systemd_preun nfs-client.target
|
||||
%systemd_preun nfs-server.server
|
||||
%systemd_preun nfs-server.service
|
||||
fi
|
||||
|
||||
%preun -n nfsv4-client-utils
|
||||
if [ $1 -eq 0 ]; then
|
||||
%systemd_preun nfs-client.target
|
||||
|
||||
rm -rf /etc/nfsmount.conf.d
|
||||
rm -rf /var/lib/nfs/v4recovery
|
||||
fi
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart nfs-client.target
|
||||
%systemd_postun_with_restart nfs-server
|
||||
|
||||
%postun -n nfsv4-client-utils
|
||||
%systemd_postun_with_restart nfs-client.target
|
||||
|
||||
/bin/systemctl --system daemon-reload >/dev/null 2>&1 || :
|
||||
|
||||
if [ $1 -eq 0 ] ; then
|
||||
@ -319,6 +347,9 @@ fi
|
||||
%triggerin -- nfs-utils > 1:2.1.1-3
|
||||
/bin/systemctl try-restart gssproxy || :
|
||||
|
||||
%triggerun -- nfs-utils < 1:2.5.4-3
|
||||
/bin/systemctl disable nfs-convert >/dev/null 2>&1 || :
|
||||
|
||||
%files
|
||||
%config(noreplace) /etc/nfsmount.conf
|
||||
%dir %{_sysconfdir}/exports.d
|
||||
@ -329,13 +360,13 @@ fi
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm.bak
|
||||
%ghost %attr(644,root,root) %{_statdpath}/state
|
||||
%ghost %attr(644,rpcuser,rpcuser) %{_statdpath}/state
|
||||
%config(noreplace) %{_sharedstatedir}/nfs/etab
|
||||
%config(noreplace) %{_sharedstatedir}/nfs/rmtab
|
||||
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
|
||||
%config(noreplace) %{_sysconfdir}/modprobe.d/lockd.conf
|
||||
%config(noreplace) %{_sysconfdir}/nfs.conf
|
||||
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/24-nfs-server.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gssproxy/24-nfs-server.conf
|
||||
%doc linux-nfs/ChangeLog linux-nfs/KNOWNBUGS linux-nfs/NEW linux-nfs/README
|
||||
%doc linux-nfs/THANKS linux-nfs/TODO
|
||||
/sbin/rpc.statd
|
||||
@ -343,6 +374,7 @@ fi
|
||||
%{_sbindir}/exportfs
|
||||
%{_sbindir}/nfsstat
|
||||
%{_sbindir}/rpcdebug
|
||||
%{_sbindir}/rpcctl
|
||||
%{_sbindir}/rpc.mountd
|
||||
%{_sbindir}/rpc.nfsd
|
||||
%{_sbindir}/showmount
|
||||
@ -356,18 +388,15 @@ fi
|
||||
%{_sbindir}/blkmapd
|
||||
%{_sbindir}/nfsconf
|
||||
%{_sbindir}/nfsref
|
||||
%{_sbindir}/nfsconvert
|
||||
%{_sbindir}/nfsdclddb
|
||||
%{_sbindir}/nfsdcld
|
||||
%{_sbindir}/nfsdclddb
|
||||
%{_sbindir}/nfsdclnts
|
||||
%{_sbindir}/rpcctl
|
||||
%{_libexecdir}/nfsrahead
|
||||
%{_udevrulesdir}/99-nfs.rules
|
||||
%{_mandir}/*/*
|
||||
%{_pkgdir}/*/*
|
||||
|
||||
%attr(4755,root,root) /sbin/mount.nfs
|
||||
%attr(755,root,root) %{_libexecdir}/nfs-utils/nfsconvert.sh
|
||||
|
||||
/sbin/mount.nfs4
|
||||
/sbin/umount.nfs
|
||||
@ -378,6 +407,7 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/idmapd.conf
|
||||
%{_libdir}/libnfsidmap.so.*
|
||||
%{_libdir}/libnfsidmap/*.so
|
||||
%{_mandir}/man3/nfs4_uid_to_name.*
|
||||
|
||||
%files -n libnfsidmap-devel
|
||||
%{_libdir}/pkgconfig/libnfsidmap.pc
|
||||
@ -385,222 +415,375 @@ fi
|
||||
%{_includedir}/nfsidmap_plugin.h
|
||||
%{_libdir}/libnfsidmap.so
|
||||
|
||||
%files -n nfs-utils-coreos
|
||||
%dir %attr(555, root, root) %{_sharedstatedir}/nfs/rpc_pipefs
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm
|
||||
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm.bak
|
||||
%ghost %attr(644,rpcuser,rpcuser) %{_statdpath}/state
|
||||
%config(noreplace) %{_sysconfdir}/nfsmount.conf
|
||||
%config(noreplace) %{_sysconfdir}/nfs.conf
|
||||
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
|
||||
%{_sbindir}/nfsidmap
|
||||
%{_sbindir}/nfsstat
|
||||
%{_sbindir}/rpc.gssd
|
||||
%{_sbindir}/start-statd
|
||||
%{_sbindir}/showmount
|
||||
%{_libexecdir}/nfsrahead
|
||||
%{_udevrulesdir}/99-nfs.rules
|
||||
%attr(4755,root,root) /sbin/mount.nfs
|
||||
/sbin/mount.nfs4
|
||||
/sbin/rpc.statd
|
||||
/sbin/umount.nfs
|
||||
/sbin/umount.nfs4
|
||||
%{_mandir}/*/nfs.5.gz
|
||||
%{_mandir}/*/nfs.conf.5.gz
|
||||
%{_mandir}/*/nfsmount.conf.5.gz
|
||||
%{_mandir}/*/nfs.systemd.7.gz
|
||||
%{_mandir}/*/gssd.8.gz
|
||||
%{_mandir}/*/mount.nfs.8.gz
|
||||
%{_mandir}/*/nfsconf.8.gz
|
||||
%{_mandir}/*/nfsidmap.8.gz
|
||||
%{_mandir}/*/nfsstat.8.gz
|
||||
%{_mandir}/*/rpc.gssd.8.gz
|
||||
%{_mandir}/*/rpc.statd.8.gz
|
||||
%{_mandir}/*/showmount.8.gz
|
||||
%{_mandir}/*/statd.8.gz
|
||||
%{_mandir}/*/umount.nfs.8.gz
|
||||
%{_mandir}/*/nfsrahead.5.gz
|
||||
%{_pkgdir}/*/rpc-pipefs-generator
|
||||
%{_pkgdir}/*/auth-rpcgss-module.service
|
||||
%{_pkgdir}/*/nfs-client.target
|
||||
%{_pkgdir}/*/rpc-gssd.service
|
||||
%{_pkgdir}/*/rpc-statd.service
|
||||
%{_pkgdir}/*/rpc_pipefs.target
|
||||
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
|
||||
|
||||
%files -n nfsv4-client-utils
|
||||
%config(noreplace) /etc/nfsmount.conf
|
||||
%dir %{_sharedstatedir}/nfs/v4recovery
|
||||
%dir %attr(555, root, root) %{_sharedstatedir}/nfs/rpc_pipefs
|
||||
%dir %{_libexecdir}/nfs-utils
|
||||
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gssproxy/24-nfs-server.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/nfsmount.conf.d/10-nfsv4.conf
|
||||
%{_sbindir}/rpc.gssd
|
||||
%{_sbindir}/rpcctl
|
||||
%{_sbindir}/nfsidmap
|
||||
%{_sbindir}/nfsstat
|
||||
%{_libexecdir}/nfsrahead
|
||||
%{_udevrulesdir}/99-nfs.rules
|
||||
%attr(4755,root,root) /sbin/mount.nfs
|
||||
/sbin/mount.nfs4
|
||||
/sbin/umount.nfs
|
||||
/sbin/umount.nfs4
|
||||
%{_mandir}/*/nfs.5.gz
|
||||
%{_mandir}/*/nfs.conf.5.gz
|
||||
%{_mandir}/*/nfsmount.conf.5.gz
|
||||
%{_mandir}/*/nfsrahead.5.gz
|
||||
%{_mandir}/*/gssd.8.gz
|
||||
%{_mandir}/*/mount.nfs.8.gz
|
||||
%{_mandir}/*/nfsconf.8.gz
|
||||
%{_mandir}/*/nfsidmap.8.gz
|
||||
%{_mandir}/*/rpc.gssd.8.gz
|
||||
%{_mandir}/*/mount.nfs.8.gz
|
||||
%{_mandir}/*/umount.nfs.8.gz
|
||||
%{_mandir}/*/nfsidmap.8.gz
|
||||
%{_mandir}/*/nfsstat.8.gz
|
||||
%{_mandir}/*/rpcctl.8.gz
|
||||
%{_pkgdir}/*/rpc-pipefs-generator
|
||||
%{_pkgdir}/*/auth-rpcgss-module.service
|
||||
%{_pkgdir}/*/nfs-client.target
|
||||
%{_pkgdir}/*/rpc-gssd.service
|
||||
%{_pkgdir}/*/rpc_pipefs.target
|
||||
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
|
||||
|
||||
%files -n nfs-stats-utils
|
||||
%{_sbindir}/mountstats
|
||||
%{_sbindir}/nfsiostat
|
||||
%{_mandir}/*/mountstats.8.gz
|
||||
%{_mandir}/*/nfsiostat.8.gz
|
||||
|
||||
%changelog
|
||||
* Thu Jan 12 2023 Steve Dickson <steved@redhat.com> 2.3.3-59
|
||||
- Covscan Scan: Wrong Check of Return Value (bz 2151966)
|
||||
- Covscan Scan: Clang (experimental) (bz 2151971)
|
||||
* Fri Aug 9 2024 Steve Dickson <steved@redhat.com> 2.5.4-27
|
||||
- rpc-gssd.service has status failed (due to rpc.gssd segfault) (RHEL-43286)
|
||||
|
||||
* Mon Sep 26 2022 Steve Dickson <steved@redhat.com> 2.3.3-58
|
||||
- mountd: Check 'nfsd/clients' directory presence (bz 2123073)
|
||||
* Tue Apr 30 2024 Steve Dickson <steved@redhat.com> 2.5.4-26
|
||||
- gssd: add support for an "allowed-enctypes" option in nfs.conf (RHEL-31858)
|
||||
|
||||
* Tue Aug 2 2022 Steve Dickson <steved@redhat.com> 2.3.3-57
|
||||
- rpc-statd.service: Stop rpcbind and rpc.stat in an exit race (bz 2100395)
|
||||
* Sun Feb 18 2024 Steve Dickson <steved@redhat.com> 2.5.4-25
|
||||
- Update: Typos and documentation fixes (RHEL-22654)
|
||||
|
||||
* Thu Jun 30 2022 Steve Dickson <steved@redhat.com> 2.3.3-56
|
||||
- rpcctl: 'PosixPath' object has no attribute 'readlink' (bz 2087187)
|
||||
* Fri Feb 16 2024 Pavel Reichl <preichl@redhat.com> - 2.5.4-24
|
||||
- Fix gating (RHEL-25837)
|
||||
|
||||
* Mon Jun 27 2022 Steve Dickson <steved@redhat.com> 2.3.3-55
|
||||
- rpcctl: Remove subparser required option as that was added in py3.7 (bz 2087187)
|
||||
* Tue Feb 6 2024 Steve Dickson <steved@redhat.com> 2.5.4-23
|
||||
- Typos and documentation fixes (RHEL-22654)
|
||||
- blkmapd: fix coredump in bl_add_disk (RHEL-7941)
|
||||
- rpcdebug: avoid buffer underflow (RHEL-7931)
|
||||
|
||||
* Tue Jun 14 2022 Steve Dickson <steved@redhat.com> 2.3.3-54
|
||||
- Create the nfsrahead command (bz 1946283)
|
||||
* Thu Feb 1 2024 Steve Dickson <steved@redhat.com> 2.5.4-22
|
||||
- nfsmount.conf: Fix typo of the attribute name (RHEL-7904)
|
||||
- Update to support for the NFS RPC-with-TLS (RHEL-14754)
|
||||
|
||||
* Tue May 31 2022 Steve Dickson <steved@redhat.com> 2.3.3-53
|
||||
- rpcctl: Add a rpcctl.py tool (bz 2087187)
|
||||
* Thu Jan 11 2024 Steve Dickson <steved@redhat.com> 2.5.4-21
|
||||
- gssd: fix handling DNS lookup failure (RHEL-15035)
|
||||
- gssd: handle KRB5_AP_ERR_BAD_INTEGRITY errors (RHEL-15034)
|
||||
|
||||
* Tue May 24 2022 Steve Dickson <steved@redhat.com> 2.3.3-52
|
||||
- manpage: Add a description of the softreval/nosoftreval (bz 2073476)
|
||||
* Mon Aug 7 2023 Steve Dickson <steved@redhat.com> 2.5.4-20
|
||||
- Fixed a regression in the junction code (bz 2213669)
|
||||
|
||||
* Mon Mar 7 2022 Steve Dickson <steved@redhat.com> 2.3.3-51
|
||||
- libnfsidmap: Turn off default verbosity (bz 2057612)
|
||||
* Tue Jun 6 2023 Steve Dickson <steved@redhat.com> 2.5.4-19
|
||||
- Don't allow junction tests to trigger automounts (bz 2148353)
|
||||
- Fix typo in man page nfs.conf.man (bz 2203092)
|
||||
|
||||
* Sat Feb 19 2022 Steve Dickson <steved@redhat.com> 2.3.3-50
|
||||
- mount.nfs: Fix Typo auto negotiating code. (bz 1946346)
|
||||
* Thu Jan 26 2023 Steve Dickson <steved@redhat.com> 2.5.4-18
|
||||
- Covscan Scan: Wrong Check of Return Value (bz 2151968)
|
||||
|
||||
* Mon Feb 14 2022 Steve Dickson <steved@redhat.com> 2.3.3-49
|
||||
- mount.nfs Fix error reporting for already mounted shares (bz 1946346)
|
||||
* Thu Dec 1 2022 Steve Dickson <steved@redhat.com> 2.5.4-17
|
||||
- Create the nfsrahead command (bz 2143747)
|
||||
|
||||
* Thu Nov 4 2021 Steve Dickson <steved@redhat.com> 2.3.3-48
|
||||
- gssd: fix crash in debug message (bz 1988283)
|
||||
* Mon Nov 14 2022 Steve Dickson <steved@redhat.com> 2.5.4-16
|
||||
- nfsd.man: Explain that setting nfsv4=n turns off all v4 versions (bz 2042362)
|
||||
- mount.nfs: fix NULL pointer derefernce in nfs_parse_square_bracket (bz 2136807)
|
||||
|
||||
* Tue Nov 2 2021 Steve Dickson <steved@redhat.com> 2.3.3-47
|
||||
- Enable logging for NFSv4 mount requests (bz 2004151)
|
||||
* Thu Aug 18 2022 Steve Dickson <steved@redhat.com> 2.5.4-15
|
||||
- Fix uninstall warnings (bz 2048023)
|
||||
- rpc-statd.service: Stop rpcbind and rpc.stat in an exit race (bz 2112941)
|
||||
|
||||
* Wed Jul 28 2021 Steve Dickson <steved@redhat.com> 2.3.3-46
|
||||
- mount.nfs: Fix the sloppy option processing (bz 1967883)
|
||||
* Mon Aug 1 2022 Steve Dickson <steved@redhat.com> 2.5.4-14
|
||||
- Fix the typo of dependency tag "Provides: rpcclt" (bz 2104406)
|
||||
|
||||
* Thu Jul 22 2021 Steve Dickson <steved@redhat.com> 2.3.3-45
|
||||
- gssd: use mutex to protect decrement of refcount (bz 1511706)
|
||||
* Thu Jul 28 2022 Steve Dickson <steved@redhat.com> 2.5.4-13
|
||||
- mount.nfs: Fix Typo auto negotiating code. (bz 2054300)
|
||||
|
||||
* Mon Jul 19 2021 Steve Dickson <steved@redhat.com> 2.3.3-44
|
||||
- gssd: Deal with failed thread creation (bz 1981400)
|
||||
- gssd: Add timeout for upcall threads (bz 1981403)
|
||||
- gssd: Cleaned up debug messages (bz 1961056)
|
||||
- spec: Updated description of the nfs-utils rpm (bz 1981419)
|
||||
* Fri Jul 22 2022 Steve Dickson <steved@redhat.com> 2.5.4-12
|
||||
- idmapd: Fix error status when nfs-idmapd exits (bz 2001764)
|
||||
- mount.nfs Fix error reporting for already mounted shares (bz 2054300)
|
||||
- rpcctl - fix failure when setting xprt offline and online (bz 2081934)
|
||||
- rpc-pipefs-generator: allocate enough space (bz 2109420)
|
||||
|
||||
* Sat Jul 10 2021 Steve Dickson <steved@redhat.com> 2.3.3-43
|
||||
- mount.nfs: insert 'sloppy' at beginning of the options (bz 1967883)
|
||||
* Sat Jul 16 2022 Steve Dickson <steved@redhat.com> 2.5.4-11
|
||||
- nfs.man: adding new mount option max_connect (bz 2106848)
|
||||
- systemd: Fix format-overflow warning (bz 2106896)
|
||||
|
||||
* Mon May 10 2021 Steve Dickson <steved@redhat.com> 2.3.3-42
|
||||
- gssd: Add options to allow for the use of ~/.k5identity file (bz 1868087)
|
||||
- man: Correct gssd(8) description of rpc-timeout and context-timeout (bz 1908232)
|
||||
- exportfs: fix unexporting of '/' (bz 1944119)
|
||||
* Mon Feb 28 2022 Steve Dickson <steved@redhat.com> 2.5.4-10
|
||||
- Added the rpcctl command (bz 2059245)
|
||||
|
||||
* Wed Jan 20 2021 Steve Dickson <steved@redhat.com> 2.3.3-41
|
||||
- mountd: never root squash on the pseudofs (bz 1804912)
|
||||
* Sat Jan 22 2022 Steve Dickson <steved@redhat.com> 2.5.4-9
|
||||
- manpage: remove the no longer supported value "vers2" (bz 1966643)
|
||||
|
||||
* Mon Dec 14 2020 Steve Dickson <steved@redhat.com> 2.3.3-40
|
||||
- gssd: upstream multithreaded updates (bz 1906792)
|
||||
* Thu Jan 13 2022 Steve Dickson <steved@redhat.com> 2.5.4-8
|
||||
- Added the tests directory for the gatings tests (bz 1996211)
|
||||
|
||||
* Fri Dec 11 2020 Steve Dickson <steved@redhat.com> 2.3.3-39
|
||||
- systemd: Ingnore export failures in nfs-server.serivce unit (bz 1894873)
|
||||
- exports.man: Remove some outdated verbiage (bz 1769688)
|
||||
* Tue Jan 11 2022 Steve Dickson <steved@redhat.com> 2.5.4-7
|
||||
- Added a gating.yaml file (bz 1996211)
|
||||
- gssd: fix crash in debug message. (bz 1999476)
|
||||
|
||||
* Thu Dec 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-38
|
||||
- exports man page: warn about subdirectory exports (bz 1652437)
|
||||
- Don't modify /etc/group on upgrades (bz 1856881)
|
||||
- nfs-iostat: divide by zero with fresh mount (bz 1861823)
|
||||
- nfsiostat: Drop autofs entries before calling compare_iostats() (bz 1859130)
|
||||
- nfsdclddb: clddb-tool was recently renamed to nfsdclddb (bz 1893599)
|
||||
* Mon Jan 10 2022 Steve Dickson <steved@redhat.com> 2.5.4-6
|
||||
- Update tools to reflect removal of NFS v2 support (bz 1966643)
|
||||
|
||||
* Thu Dec 10 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-37
|
||||
- Remove manual enabling of nfs-convert (bz 1683895)
|
||||
* Thu Aug 26 2021 Alice Mitchell <ajmitchell@redhat.com> 2.5.4-5
|
||||
- triggerun doesn't work correctly unless the epoch is given (bz 1937811)
|
||||
- Restored the nfs-utils-2.5.4-mount-sloppy.patch (bz 1987070)
|
||||
- General memory fixes (bz 1938822)
|
||||
|
||||
* Fri Oct 9 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-36
|
||||
- Fix uninstall warnings (bz 1733170)
|
||||
* Tue Aug 24 2021 Alice Mitchell <ajmitchell@redhat.com> 2.5.4-4
|
||||
- explicitly disable any previous nfs-convert (bz 1937811)
|
||||
|
||||
* Wed Jun 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-35
|
||||
- Fix dependency problems with nfsdclnts (bz 1841502)
|
||||
* Fri Aug 20 2021 Steve Dickson <steved@redhat.com> 2.5.4-3
|
||||
- mount.nfs: insert 'sloppy' at beginning of the options (bz 1987070)
|
||||
- spec: Fix dependency problems with nfsdclnts (bz 1924708)
|
||||
- nfsdcltrack: Fix printf format (bz 1995316)
|
||||
|
||||
* Tue Jun 9 2020 Steve Dickson <steved@redhat.com> 2.3.3-34
|
||||
- New nfsdclnts command added (bz 1841502)
|
||||
* Mon Aug 16 2021 Steve Dickson <steved@redhat.com> 2.5.4-2
|
||||
- Remove nfsconvert command (bz 1937811)
|
||||
|
||||
* Mon May 18 2020 Steve Dickson <steved@redhat.com> 2.3.3-33
|
||||
- manpage: Add a description of the 'nconnect' mount option (bz 1761352)
|
||||
- nfsdclddb: Redname clddb-tool to nfsdclddb (bz 1836924)
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.5.4-1
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed May 6 2020 Steve Dickson <steved@redhat.com> 2.3.3-32
|
||||
- junction: Fixed debug statement (bz 1831829)
|
||||
- Userspace support for the latest nfsdcld daemon (bz 1817756)
|
||||
* Thu Jun 24 2021 Steve Dickson <steved@redhat.com> 2.5.4-0
|
||||
- Rebased to upstream release: nfs-utils-2-5-4 (bz 1971684)
|
||||
|
||||
* Fri Mar 6 2020 Steve Dickson <steved@redhat.com> 2.3.3-31
|
||||
- gssd: Closed a memory leak in find_keytab_entry() (bz 1809277)
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.5.3-2.rc1.1
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Fri Feb 7 2020 Steve Dickson <steved@redhat.com> 2.3.3-30
|
||||
- Removed dead code that was flagged by a covscan (bz 1746572)
|
||||
* Tue Mar 16 2021 Steve Dickson <steved@redhat.com> 2.5.3-3.rc1
|
||||
- Enable NFS server RDMA by default (bz 1931565)
|
||||
|
||||
* Thu Jan 16 2020 Steve Dickson <steved@redhat.com> 2.3.3-29
|
||||
- statd: Fix permission denied error path (bz 1776096)
|
||||
* Mon Mar 15 2021 Steve Dickson <steved@redhat.com> 2.5.3-2.rc1
|
||||
- Updated to the latest RC release: nfs-utils-2-5-4-rc1 (bz 1939257)
|
||||
|
||||
* Tue Nov 26 2019 Steve Dickson <steved@redhat.com> 2.3.3-28
|
||||
- gssd: daemonize earlier (bz 1762847)
|
||||
* Sat Mar 13 2021 Steve Dickson <steved@redhat.com> 2.5.3-1
|
||||
- Created a V4 only client package
|
||||
- Broke out the stat cmds using python into a separate package
|
||||
|
||||
* Mon Nov 11 2019 Steve Dickson <steved@redhat.com> 2.3.3-27
|
||||
- More coverity scans updates (bz 1746572)
|
||||
- nfsd: Adjust nfs.conf setting/parsing of rdma port (bz 1710532)
|
||||
- Add plain --rdma option to nfs.conf convertor (bz 1747295)
|
||||
- mountstats: Add per-op error counts to iostat command (bz 1719983)
|
||||
- gssd: add configure options verbosity to man page (bz 1749642)
|
||||
* Sun Feb 21 2021 Steve Dickson <steved@redhat.com> 2.5.3-0
|
||||
- Updated to latest upstream release: nfs-utils-2-5-3 (bz 1931101)
|
||||
|
||||
* Wed Sep 18 2019 Steve Dickson <steved@redhat.com> 2.3.3-26
|
||||
- Updated coverity scans patch to not do a double free (bz 1752326)
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5.2-1.rc4.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Mon Aug 19 2019 Steve Dickson <steved@redhat.com> 2.3.3-25
|
||||
- Change the owner/group of the state file (bz 1733445)
|
||||
* Thu Jan 7 2021 Steve Dickson <steved@redhat.com> 2.5.2-1.rc4
|
||||
- Updated to the latest RC release: nfs-utils-2-5-3-rc4 (bz 1913830)
|
||||
|
||||
* Mon Aug 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-24
|
||||
- nfs.man: Fixed small typo in man page (bz 1732877)
|
||||
- mount: Report correct error in the fall_back cases (bz 1709963)
|
||||
- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1712202)
|
||||
- spec: Remove redundant manpage files (bz 1718738)
|
||||
* Thu Dec 17 2020 Steve Dickson <steved@redhat.com> 2.5.2-1.rc3
|
||||
- Updated to the latest RC release: nfs-utils-2-5-3-rc3 (bz 1906841)
|
||||
|
||||
* Wed Jul 31 2019 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-23
|
||||
- Fix memory leak on error (bz 1440524)
|
||||
- Fix error handling on lseek (bz 1733887)
|
||||
* Tue Nov 10 2020 Steve Dickson <steved@redhat.com> 2.5.2-1.rc1
|
||||
- Updated to the latest RC release: nfs-utils-2-5-3-rc1 (bz 1896543)
|
||||
|
||||
* Thu Jul 18 2019 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-22
|
||||
- Revert the forced chmod of nfs.conf as unneccessary (bz 1687496)
|
||||
* Mon Oct 26 2020 Steve Dickson <steved@redhat.com> 2.5.2-0
|
||||
- Updated to latest upstream release: nfs-utils-2-5-2 (bz 1880563)
|
||||
|
||||
* Mon Jul 15 2019 Steve Dickson <steved@redhat.com> 2.3.3-21
|
||||
- Gating tests: run tests from tests namespace (bz 1653927)
|
||||
* Tue Sep 15 2020 Steve Dickson <steved@redhat.com> 2.5.2-5.rc4
|
||||
- Rebuild for the soname change on libevent
|
||||
|
||||
* Tue Jul 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-20
|
||||
- Gating tests: Fix _env data and source it in every test run (bz 1653927)
|
||||
* Tue Sep 08 2020 Steve Dickson <steved@redhat.com> 2.5.2-4.rc4
|
||||
- rpc.idmapd: Do not free config variables (bz 1873965)
|
||||
- nfsiostat: Drop autofs entries before calling compare_iostats()
|
||||
|
||||
* Fri May 3 2019 Steve Dickson <steved@redhat.com> 2.3.3-19
|
||||
- Removed resource leaks found by coverity scans (bz 1602633)
|
||||
* Mon Aug 31 2020 Steve Dickson <steved@redhat.com> 2.5.2-3.rc4
|
||||
- Fixed rpc.gssd: munmap_chunk(): invalid pointer
|
||||
|
||||
* Thu Apr 25 2019 Steve Dickson <steved@redhat.com> 2.3.3-18
|
||||
- Modify nfs.conf in-place instead of replacing the file (bz 1687496)
|
||||
* Mon Aug 31 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc4
|
||||
- Updated to the latest RC release: nfs-utils-2-5-2-rc4
|
||||
|
||||
* Tue Mar 19 2019 Steve Dickson <steved@redhat.com> 2.3.3-17
|
||||
- Moved the gating tests out of a patch and into the top dir (bz 1653927)
|
||||
- Move the mode corrections on /etc/nfs.conf to nfsconvert.py (bz 1655880)
|
||||
- gssd: add verbosity options to the rpc.gssd man page (bz 1668026)
|
||||
* Fri Aug 07 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc3
|
||||
- rpc.idmapd: Turn down the verbosity in flush_inotify() (bz 1867172)
|
||||
- Don't modify /etc/group on upgrades (bz 1856890)
|
||||
|
||||
* Fri Mar 8 2019 Steve Dickson <steved@redhat.com> 2.3.3-16
|
||||
- Add a conversion for new sm-notify force option in nfs.conf (bz 1677576)
|
||||
- Correct the modes on /etc/nfs.conf after a conversion (bz 1655880)
|
||||
* Tue Aug 04 2020 Steve Dickson <steved@redhat.com> 2.5.1-1.rc3
|
||||
- Updated to the latest RC release: nfs-utils-2-5-2-rc3 (bz 1856958)
|
||||
|
||||
* Tue Mar 5 2019 Steve Dickson <steved@redhat.com> 2.3.3-15
|
||||
- nfs.conf: Fixed manage-gids option typo (bz 1672395)
|
||||
- sm-notify: Added -f flag to nfs.conf parsing (bz 1677576)
|
||||
- Add nfs.conf equivalent for the statd --no-notify cmdline option (bz 1683714)
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5.1-1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Feb 13 2019 Steve Dickson <steved@redhat.com> 2.3.3-14
|
||||
- Fix typo in checking for the 65534 uid/gid (bz 1655960)
|
||||
* Mon Jul 13 2020 Steve Dickson <steved@redhat.com> 2.5.1-0
|
||||
- Updated to latest upstream release: nfs-utils-2-5-1
|
||||
|
||||
* Tue Feb 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-13
|
||||
- Always have the nfs-convert service enabled (bz 1673685)
|
||||
* Tue Apr 07 2020 Steve Dickson <steved@redhat.com> 2.4.3-1.rc2
|
||||
- Updated to the latest RC release: nfs-utils-2-4-4-rc2 (bz 1807999)
|
||||
|
||||
* Sat Feb 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-12
|
||||
- Change nfsconvert.sh not to set the immutable bit (bz 1673685)
|
||||
- Change nfsconvert.py not to create the new dummy /etc/sysconfig/nfs (bz 1673685)
|
||||
* Tue Mar 03 2020 Steve Dickson <steved@redhat.com> 2.4.3-1.rc1
|
||||
- Updated to the latest RC release: nfs-utils-2-4-4-rc1 (bz 1807999)
|
||||
|
||||
* Sat Feb 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-11
|
||||
- Do not install /etc/sysconfig/nfs (bz 1673685)
|
||||
* Mon Feb 10 2020 Steve Dickson <steved@redhat.com> 2.4.3-0
|
||||
- Updated to latest upstream release: nfs-utils-2-4-3 (bz 1787831)
|
||||
- Fix error in preuninstall scriptlet (bz 1785816)
|
||||
- Fix update conflicts (bz 1724305)
|
||||
|
||||
* Fri Jan 25 2019 Steve Dickson <steved@redhat.com> 2.3.3-10
|
||||
- Only create nfsnobody when uid 65534 does not exist (bz 1655960)
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.4.2-3.rc3.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jan 23 2019 Steve Dickson <steved@redhat.com> 2.3.3-9
|
||||
- Critical component nfs-utils requires tests for gating (bz 1653927)
|
||||
* Thu Dec 19 2019 Steve Dickson <steved@redhat.com> 2.4.2-3.rc3
|
||||
- Updated to the latest upstream RC release: nfs-utils-2-4-3-rc3 (bz 1782349)
|
||||
- Remove rpc-svcgssd from auth-rpcgss-module (bz 1662737)
|
||||
- libnfsidmap: Turn off default verbosity (bz 1774787)
|
||||
|
||||
* Wed Dec 12 2018 Steve Dickson <steved@redhat.com> 2.3.3-8
|
||||
- Update junction code with latest upstream code (1543126)
|
||||
- Make sure /etc/sysconfig/nfs is immutabl (1639432)
|
||||
* Fri Nov 22 2019 Steve Dickson <steved@redhat.com> 2.4.2-2.rc2
|
||||
- mount: Fix return 0 from void function
|
||||
|
||||
* Tue Nov 6 2018 Steve Dickson <steved@redhat.com> 2.3.3-7
|
||||
- Use systemd scripts to convert NFS configurations (bz 1646626)
|
||||
* Fri Nov 22 2019 Steve Dickson <steved@redhat.com> 2.4.2-1.rc2
|
||||
- Updated to the latest upstream RC release: nfs-utils-2-4-3-rc2 (bz 1772987)
|
||||
|
||||
* Fri Oct 26 2018 Steve Dickson <steved@redhat.com> 2.3.3-6
|
||||
- Changed /var/lib/nfs/rpc_pipefs to have 555 permissions (bz 1583489)
|
||||
- Removed tcp wrappers support from man pages (bz 1642596)
|
||||
- Reload not restart gssproxy in nfs-server.service (bz 1592660)
|
||||
* Wed Nov 13 2019 Steve Dickson <steved@redhat.com> 2.4.2-0
|
||||
- Updated to the latest upstream release: 2.4.2 (bz 1772987)
|
||||
|
||||
* Thu Oct 25 2018 Steve Dickson <steved@redhat.com> 2.3.3-5
|
||||
- mount.nfs: Add braces around EBUSY code (bz 1629644)
|
||||
* Tue Nov 05 2019 Christian Glombek <lorbus@fedoraproject.org> 2.4.1-1.rc1
|
||||
- Added missing Requires and statd dirs to nfs-utils-coreos package (bz 1768897)
|
||||
|
||||
* Mon Oct 22 2018 Steve Dickson <steved@redhat.com> 2.3.3-4
|
||||
- Deprecated /etc/sysconfig/nfs (bz 1639432)
|
||||
* Thu Aug 29 2019 Steve Dickson <steved@redhat.com> 2.4.1-1.rc1
|
||||
- Updated to the latest upstream RC release: nfs-utils-2-4-2-rc1
|
||||
|
||||
* Sat Oct 20 2018 Steve Dickson <steved@redhat.com> 2.3.3-3
|
||||
- Ensure /var/lib/nfs/rpc_pipefs has the correct permissions (bz 1583489)
|
||||
- mount.nfs: Only ignore EBUSY when a filesystem is already mount (bz 1629644)
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.4.1-1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Oct 19 2018 Steve Dickson <steved@redhat.com> 2.3.3-2
|
||||
- Enable NFS basic junction support (bz 1543126)
|
||||
- Removed osd_login (bz 1636434)
|
||||
* Mon Jun 24 2019 Steve Dickson <steved@redhat.com> 2.4.1-0
|
||||
- Updated to the latest upstream release: 2.4.1 (bz 1719016)
|
||||
|
||||
* Fri Oct 5 2018 Steve Dickson <steved@redhat.com> 2.3.3-1
|
||||
- nfs.conf: fail to disable major NFS version 4 using "vers4=n" (bz 1624319)
|
||||
* Tue May 28 2019 Steve Dickson <steved@redhat.com> 2.3.4-2
|
||||
- rpc.mountd: Fix mountd segfault (bz 1713937)
|
||||
|
||||
* Thu Sep 13 2018 Steve Dickson <steved@redhat.com> 2.3.3-0
|
||||
- Updated to the latest upstream release: nfs-utils-2-3-3 (bz 1543126)
|
||||
* Thu May 23 2019 Steve Dickson <steved@redhat.com> 2.3.4-1
|
||||
- mount: Report correct error in the fall_back cases (bz 1709961)
|
||||
- sqlite.c: Use PRIx64 macro to print 64-bit integers
|
||||
- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1713360)
|
||||
|
||||
* Fri Sep 7 2018 Steve Dickson <steved@redhat.com> 2.3.1-8.rc1
|
||||
- Ensure /var/lib/nfs/rpc_pipefs has the correct permissions (bz 1583489)
|
||||
- Remove rpc.svcgssd from systemd scripts (bz 1591700)
|
||||
* Fri May 10 2019 Steve Dickson <steved@redhat.com> 2.3.4-0
|
||||
- Updated to the latest upstream release: 2.3.4 (bz 1708690)
|
||||
|
||||
* Wed Feb 20 2019 Steve Dickson <steved@redhat.com> 2.3.3-7.rc2
|
||||
- Added nfs-utils-coreos package (bz 1667889)
|
||||
|
||||
* Tue Feb 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-6.rc2
|
||||
- Always have the nfs-convert service enabled (bz 1668836)
|
||||
|
||||
* Mon Feb 11 2019 Steve Dickson <steved@redhat.com> 2.3.3-5.rc2
|
||||
- Do not install /etc/sysconfig/nfs (bz 1668836)
|
||||
- Change nfsconvert.sh not to set the immutable bit (bz 1668836)
|
||||
- Change nfsconvert.py not to create the new dummy /etc/sysconfig/nfs (bz 1668836)
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.3-4.rc2.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Jan 30 2019 Steve Dickson <steved@redhat.com> 2.3.3-4.rc2
|
||||
- Make sysconfig/nfs mutable when the package is removed
|
||||
- Removed new error=format-overflow=2 errors
|
||||
|
||||
* Tue Dec 11 2018 Steve Dickson <steved@redhat.com> 2.3.3-3.rc2
|
||||
- Updated to latest RC release: nfs-utils-2-3-4-rc2
|
||||
- Addeding libxml2-devel dependency
|
||||
- Make sure /etc/sysconfig/nfs is immutable
|
||||
- Added Requires: e2fsprogs (bz 1647727)
|
||||
- nfsref: switch the way libraries are linked
|
||||
|
||||
* Fri Nov 9 2018 Steve Dickson <steved@redhat.com> 2.3.3-3.rc1
|
||||
- Fix typo in the spec file.
|
||||
|
||||
* Mon Nov 5 2018 Steve Dickson <steved@redhat.com> 2.3.3-2.rc1
|
||||
- Deprecated /etc/sysconfig/nfs (bz 1644049)
|
||||
- Remove nfs server legacy systemd unit files
|
||||
|
||||
* Sat Oct 27 2018 Steve Dickson <steved@redhat.com> 2.3.3-1.rc1
|
||||
- Changed /var/lib/nfs/rpc_pipefs to have 555 permissions
|
||||
- Removed tcp wrappers support from man pages
|
||||
- Reload not restart gssproxy in nfs-server.service
|
||||
|
||||
* Sat Oct 27 2018 Steve Dickson <steved@redhat.com> 2.3.3-0.rc1
|
||||
- Updated to latest uupstream RC release: nfs-utils-2-3-4-rc1
|
||||
|
||||
* Thu Sep 6 2018 Steve Dickson <steved@redhat.com> 2.3.3-0
|
||||
- Updated to latest upstream release: nfs-utils-2-3-3
|
||||
|
||||
* Wed Jul 18 2018 Steve Dickson <steved@redhat.com> 2.3.2-1.rc3
|
||||
- Update to latest RC release: nfs-utils-2-3-3-rc3 (bz 1595927)
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2-1.rc2.2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:2.3.2-1.rc2.1
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Wed Jun 27 2018 Steve Dickson <steved@redhat.com> 2.3.2-1-rc2
|
||||
- Revert: gssd.c: Remomved a couple of warning errors
|
||||
|
||||
* Mon Jun 25 2018 Steve Dickson <steved@redhat.com> 2.3.2-0-rc2
|
||||
- Update to latest RC release: nfs-utils-2-3-3-rc2
|
||||
|
||||
* Tue Jun 19 2018 Miro Hronok <mhroncok@redhat.com> - 1:2.3.2-0.rc1.1
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Thu Jun 7 2018 Steve Dickson <steved@redhat.com> 2.3.2-0-rc1
|
||||
- Update to latest RC release: nfs-utils-2-3-3-rc1
|
||||
|
||||
* Thu May 24 2018 Steve Dickson <steved@redhat.com> 2.3.2-0
|
||||
- Updated to latest upstream release: 2.3.2 (bz 1582341)
|
||||
|
||||
* Tue May 15 2018 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> 2.3.1-9.rc1
|
||||
- Only try to create nfsnobody if the uid/gid are not found (bz 1488897)
|
||||
- Turn off the building of rpcgen
|
||||
|
||||
* Thu May 3 2018 Steve Dickson <steved@redhat.com> 2.3.1-8.rc1
|
||||
- nfsd: Set default minor versions (bz 1570066)
|
||||
|
Loading…
Reference in New Issue
Block a user