Compare commits

...

No commits in common. "c9-beta" and "c8" have entirely different histories.
c9-beta ... c8

95 changed files with 12111 additions and 2912 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/nfs-utils-2.5.4.tar.xz SOURCES/nfs-utils-2.3.3.tar.xz

View File

@ -1 +1 @@
1b097d511c85f95671619f51b37abd75d56ea777 SOURCES/nfs-utils-2.5.4.tar.xz a60aa17b057734c63bf7ce1598898e83f2132644 SOURCES/nfs-utils-2.3.3.tar.xz

View File

@ -1,9 +0,0 @@
[ NFSMount_Global_Options ]
# This statically named section defines global mount
# options that can be applied on all NFS mount.
#
# Setting this option makes it mandatory the server supports the
# given version. The mount will fail if the given version is
# not support by the server.
Nfsvers=4

View File

@ -0,0 +1,24 @@
[Unit]
Description=Preprocess NFS configuration convertion
DefaultDependencies=no
Before=nfs-server.service nfs-mountd.service nfs-idmapd.service
Before=nfs-blkmap.service rpc-statd.service rpc-gssd.service
Before=rpc-statd-notify.service
After=initrd-root-fs.target
ConditionPathExists=/etc/sysconfig/nfs
[Service]
Type=oneshot
ExecStart=/usr/libexec/nfs-utils/nfsconvert.sh
[Install]
RequiredBy=nfs-server.service
RequiredBy=nfs-mountd.service
RequiredBy=nfs-idmapd.service
RequiredBy=nfs-blkmap.service
RequiredBy=rpc-statd.service
RequiredBy=rpc-gssd.service
RequiredBy=rpc-statd-notify.service

View File

@ -1,6 +1,6 @@
diff -up nfs-utils-2.5.4/utils/statd/sm-notify.man.orig nfs-utils-2.5.4/utils/statd/sm-notify.man diff -up nfs-utils-2.1.1/utils/statd/sm-notify.man.orig nfs-utils-2.1.1/utils/statd/sm-notify.man
--- nfs-utils-2.5.4/utils/statd/sm-notify.man.orig 2021-06-10 14:07:47.000000000 -0400 --- nfs-utils-2.1.1/utils/statd/sm-notify.man.orig 2017-04-26 12:45:14.205742654 -0400
+++ nfs-utils-2.5.4/utils/statd/sm-notify.man 2021-06-24 14:46:32.413626193 -0400 +++ nfs-utils-2.1.1/utils/statd/sm-notify.man 2017-04-26 12:45:44.042630801 -0400
@@ -184,7 +184,7 @@ where NSM state information resides. @@ -184,7 +184,7 @@ where NSM state information resides.
If this option is not specified, If this option is not specified,
.B sm-notify .B sm-notify
@ -10,7 +10,7 @@ diff -up nfs-utils-2.5.4/utils/statd/sm-notify.man.orig nfs-utils-2.5.4/utils/st
by default. by default.
.IP .IP
After starting, After starting,
@@ -338,13 +338,13 @@ Currently, the @@ -330,13 +330,13 @@ Currently, the
command supports sending notification only via datagram transport protocols. command supports sending notification only via datagram transport protocols.
.SH FILES .SH FILES
.TP 2.5i .TP 2.5i
@ -27,10 +27,10 @@ diff -up nfs-utils-2.5.4/utils/statd/sm-notify.man.orig nfs-utils-2.5.4/utils/st
NSM state number for this host NSM state number for this host
.TP 2.5i .TP 2.5i
.I /proc/sys/fs/nfs/nsm_local_state .I /proc/sys/fs/nfs/nsm_local_state
diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/statd.man diff -up nfs-utils-2.1.1/utils/statd/statd.man.orig nfs-utils-2.1.1/utils/statd/statd.man
--- nfs-utils-2.5.4/utils/statd/statd.man.orig 2021-06-10 14:07:47.000000000 -0400 --- nfs-utils-2.1.1/utils/statd/statd.man.orig 2017-01-12 10:21:39.000000000 -0500
+++ nfs-utils-2.5.4/utils/statd/statd.man 2021-06-24 14:46:32.414626197 -0400 +++ nfs-utils-2.1.1/utils/statd/statd.man 2017-04-26 12:45:44.043630798 -0400
@@ -251,7 +251,7 @@ where NSM state information resides. @@ -253,7 +253,7 @@ where NSM state information resides.
If this option is not specified, If this option is not specified,
.B rpc.statd .B rpc.statd
uses uses
@ -39,7 +39,7 @@ diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/
by default. by default.
.IP .IP
After starting, After starting,
@@ -431,13 +431,13 @@ If set to a positive integer, has the sa @@ -425,13 +425,13 @@ If set to a positive integer, has the sa
.IR \-\-no\-notify . .IR \-\-no\-notify .
.SH FILES .SH FILES
.TP 2.5i .TP 2.5i
@ -55,4 +55,4 @@ diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/
+.I /var/lib/nfs/statd/state +.I /var/lib/nfs/statd/state
NSM state number for this host NSM state number for this host
.TP 2.5i .TP 2.5i
.I /run/run.statd.pid .I /var/run/run.statd.pid

View File

@ -1,12 +0,0 @@
diff -up nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c.orig nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c
--- nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c.orig 2019-11-11 14:15:50.000000000 -0500
+++ nfs-utils-2.4.2/utils/nfsidmap/nfsidmap.c 2019-11-11 14:29:47.355661037 -0500
@@ -434,7 +434,7 @@ int main(int argc, char **argv)
xlog_stderr(verbose);
if ((argc - optind) != 2) {
- xlog_warn("Bad arg count. Check /etc/request-key.conf");
+ xlog_warn("Bad arg count. Check /etc/request-key.d/request-key.conf");
xlog_warn(USAGE, progname);
return EXIT_FAILURE;
}

View File

@ -1,6 +1,6 @@
diff -up nfs-utils-2.5.2/systemd/nfs-server.service.orig nfs-utils-2.5.2/systemd/nfs-server.service diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
--- nfs-utils-2.5.2/systemd/nfs-server.service.orig 2020-12-16 12:31:27.677558163 -0500 --- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2020-12-11 09:05:23.499222371 -0500
+++ nfs-utils-2.5.2/systemd/nfs-server.service 2020-12-16 12:33:56.751806659 -0500 +++ nfs-utils-2.3.3/systemd/nfs-server.service 2020-12-11 09:06:38.970186395 -0500
@@ -23,6 +23,7 @@ Type=oneshot @@ -23,6 +23,7 @@ Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
ExecStartPre=-/usr/sbin/exportfs -r ExecStartPre=-/usr/sbin/exportfs -r

View File

@ -0,0 +1,65 @@
diff -up nfs-utils-2.3.3/systemd/auth-rpcgss-module.service.orig nfs-utils-2.3.3/systemd/auth-rpcgss-module.service
--- nfs-utils-2.3.3/systemd/auth-rpcgss-module.service.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/systemd/auth-rpcgss-module.service 2018-10-17 10:42:17.682830880 -0400
@@ -1,5 +1,5 @@
-# We want to start gss-proxy on kernels that support it and rpc.svcgssd
-# on those that don't. Those services check for support by checking
+# We want to start gss-proxy on kernels that support it
+# Those services check for support by checking
# for existence of the path /proc/net/rpc/use-gss-proxy. Before they
# can perform that check, they need this module loaded. (Unless
# rpcsec_gss support is built directly into the kernel, in which case this
@@ -7,8 +7,8 @@
[Unit]
Description=Kernel Module supporting RPCSEC_GSS
DefaultDependencies=no
-Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
-Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
+Before=gssproxy.service rpc-gssd.service
+Wants=gssproxy.service rpc-gssd.service
ConditionPathExists=/etc/krb5.keytab
[Service]
diff -up nfs-utils-2.3.3/systemd/nfs-client.target.orig nfs-utils-2.3.3/systemd/nfs-client.target
--- nfs-utils-2.3.3/systemd/nfs-client.target.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/systemd/nfs-client.target 2018-10-17 10:42:17.682830880 -0400
@@ -9,7 +9,7 @@ Wants=rpc-statd-notify.service
# GSS services dependencies and ordering
Wants=auth-rpcgss-module.service
-After=rpc-gssd.service rpc-svcgssd.service gssproxy.service
+After=rpc-gssd.service gssproxy.service
[Install]
WantedBy=multi-user.target
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2018-10-17 10:42:17.682830880 -0400
@@ -226,15 +226,6 @@ See
for details.
.TP
-.B svcgssd
-Recognized values:
-.BR principal .
-
-See
-.BR rpc.svcgssd (8)
-for details.
-
-.TP
.B exportfs
Only
.B debug=
diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
--- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2018-10-17 10:41:24.347121069 -0400
+++ nfs-utils-2.3.3/systemd/nfs-server.service 2018-10-17 10:42:17.683830874 -0400
@@ -14,7 +14,7 @@ Before= rpc-statd-notify.service
# GSS services dependencies and ordering
Wants=auth-rpcgss-module.service
-After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
+After=rpc-gssd.service gssproxy.service
[Service]
Type=oneshot

View File

@ -0,0 +1,597 @@
diff -up nfs-utils-2.3.3/configure.ac.orig nfs-utils-2.3.3/configure.ac
--- nfs-utils-2.3.3/configure.ac.orig 2019-09-18 10:57:14.190810677 -0400
+++ nfs-utils-2.3.3/configure.ac 2019-09-18 10:57:56.715567641 -0400
@@ -561,6 +561,7 @@ my_am_cflags="\
-Werror=parentheses \
-Werror=aggregate-return \
-Werror=unused-result \
+ -Wno-cast-function-type \
-fno-strict-aliasing \
"
diff -up nfs-utils-2.3.3/support/junction/path.c.orig nfs-utils-2.3.3/support/junction/path.c
--- nfs-utils-2.3.3/support/junction/path.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/junction/path.c 2019-09-18 10:57:56.715567641 -0400
@@ -163,8 +163,10 @@ nsdb_count_components(const char *pathna
break;
next = strchrnul(component, '/');
tmp = (size_t)(next - component);
- if (tmp > 255)
+ if (tmp > 255) {
+ free(start);
return false;
+ }
length += XDR_UINT_BYTES + (nsdb_quadlen(tmp) << 2);
count++;
@@ -328,11 +330,13 @@ nsdb_posix_to_path_array(const char *pat
length = (size_t)(next - component);
if (length > 255) {
nsdb_free_string_array(result);
+ free(normalized);
return FEDFS_ERR_SVRFAULT;
}
result[i] = strndup(component, length);
if (result[i] == NULL) {
+ free(normalized);
nsdb_free_string_array(result);
return FEDFS_ERR_SVRFAULT;
}
diff -up nfs-utils-2.3.3/support/nfs/exports.c.orig nfs-utils-2.3.3/support/nfs/exports.c
--- nfs-utils-2.3.3/support/nfs/exports.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/exports.c 2019-09-18 10:57:56.715567641 -0400
@@ -714,6 +714,7 @@ parsesquash(char *list, int **idp, int *
}
if (id0 == -1 || id1 == -1) {
syntaxerr("uid/gid -1 not permitted");
+ xfree(id);
return -1;
}
if ((len % 8) == 0)
@@ -724,6 +725,7 @@ parsesquash(char *list, int **idp, int *
break;
if (*cp != ',') {
syntaxerr("bad uid/gid list");
+ xfree(id);
return -1;
}
cp++;
diff -up nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c
--- nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c 2019-09-18 10:57:56.716567635 -0400
@@ -406,8 +406,10 @@ int nfs4_init_name_mapping(char *conffil
nfs4_methods = conf_get_list("Translation", "Method");
if (nfs4_methods) {
IDMAP_LOG(1, ("libnfsidmap: processing 'Method' list"));
- if (load_plugins(nfs4_methods, &nfs4_plugins) == -1)
+ if (load_plugins(nfs4_methods, &nfs4_plugins) == -1) {
+ conf_free_list(nfs4_methods);
return -ENOENT;
+ }
} else {
struct conf_list list;
struct conf_list_node node;
@@ -475,11 +477,15 @@ out:
if (ret) {
if (nfs4_plugins)
unload_plugins(nfs4_plugins);
- if (gss_plugins)
+ if (gss_plugins) {
unload_plugins(gss_plugins);
+ }
nfs4_plugins = gss_plugins = NULL;
}
+ if (gss_methods)
+ conf_free_list(gss_methods);
+
return ret ? -ENOENT: 0;
}
diff -up nfs-utils-2.3.3/support/nfsidmap/static.c.orig nfs-utils-2.3.3/support/nfsidmap/static.c
--- nfs-utils-2.3.3/support/nfsidmap/static.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfsidmap/static.c 2019-09-18 10:57:56.716567635 -0400
@@ -347,6 +347,7 @@ static int static_init(void) {
warnx("static_init: calloc (1, %lu) failed",
(unsigned long)sizeof *unode);
free(pw);
+ conf_free_list(princ_list);
return -ENOMEM;
}
unode->uid = pw->pw_uid;
@@ -355,6 +356,9 @@ static int static_init(void) {
unode->localname = conf_get_str("Static", cln->field);
if (!unode->localname) {
free(pw);
+ free(unode->principal);
+ free(unode);
+ conf_free_list(princ_list);
return -ENOENT;
}
@@ -379,6 +383,7 @@ static int static_init(void) {
warnx("static_init: calloc (1, %lu) failed",
(unsigned long)sizeof *gnode);
free(gr);
+ conf_free_list(princ_list);
return -ENOMEM;
}
gnode->gid = gr->gr_gid;
@@ -387,6 +392,9 @@ static int static_init(void) {
gnode->localgroup = conf_get_str("Static", cln->field);
if (!gnode->localgroup) {
free(gr);
+ free(gnode->principal);
+ free(gnode);
+ conf_free_list(princ_list);
return -ENOENT;
}
@@ -394,6 +402,8 @@ static int static_init(void) {
LIST_INSERT_HEAD (&gid_mappings[gid_hash(gnode->gid)], gnode, link);
}
+
+ conf_free_list(princ_list);
return 0;
}
diff -up nfs-utils-2.3.3/support/nfs/mydaemon.c.orig nfs-utils-2.3.3/support/nfs/mydaemon.c
--- nfs-utils-2.3.3/support/nfs/mydaemon.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/mydaemon.c 2019-09-18 10:57:56.716567635 -0400
@@ -123,6 +123,7 @@ daemon_init(bool fg)
dup2(tempfd, 0);
dup2(tempfd, 1);
dup2(tempfd, 2);
+ close(tempfd);
closelog();
dup2(pipefds[1], 3);
pipefds[1] = 3;
diff -up nfs-utils-2.3.3/support/nfs/rpcmisc.c.orig nfs-utils-2.3.3/support/nfs/rpcmisc.c
--- nfs-utils-2.3.3/support/nfs/rpcmisc.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/rpcmisc.c 2019-09-18 10:57:56.716567635 -0400
@@ -102,6 +102,7 @@ makesock(int port, int proto)
if (bind(sock, (struct sockaddr *) &sin, sizeof(sin)) == -1) {
xlog(L_FATAL, "Could not bind name to socket: %s",
strerror(errno));
+ close(sock);
return -1;
}
diff -up nfs-utils-2.3.3/support/nfs/svc_socket.c.orig nfs-utils-2.3.3/support/nfs/svc_socket.c
--- nfs-utils-2.3.3/support/nfs/svc_socket.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/svc_socket.c 2019-09-18 10:57:56.717567629 -0400
@@ -134,6 +134,7 @@ svc_socket (u_long number, int type, int
if (ret < 0)
{
xlog(L_ERROR, "svc_socket: socket reuse problem: %m");
+ (void) __close(sock);
return ret;
}
}
diff -up nfs-utils-2.3.3/support/nfs/xcommon.c.orig nfs-utils-2.3.3/support/nfs/xcommon.c
--- nfs-utils-2.3.3/support/nfs/xcommon.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/xcommon.c 2019-09-18 10:57:56.717567629 -0400
@@ -53,14 +53,17 @@ char *
xstrconcat3 (const char *s, const char *t, const char *u) {
char *res;
- if (!s) s = "";
+ int dofree = 1;
+
+ if (!s) s = "", dofree=0;
if (!t) t = "";
if (!u) u = "";
res = xmalloc(strlen(s) + strlen(t) + strlen(u) + 1);
strcpy(res, s);
strcat(res, t);
strcat(res, u);
- free((void *) s);
+ if (dofree)
+ free((void *) s);
return res;
}
@@ -69,7 +72,9 @@ char *
xstrconcat4 (const char *s, const char *t, const char *u, const char *v) {
char *res;
- if (!s) s = "";
+ int dofree = 1;
+
+ if (!s) s = "", dofree=0;
if (!t) t = "";
if (!u) u = "";
if (!v) v = "";
@@ -78,7 +83,8 @@ xstrconcat4 (const char *s, const char *
strcat(res, t);
strcat(res, u);
strcat(res, v);
- free((void *) s);
+ if (dofree)
+ free((void *) s);
return res;
}
diff -up nfs-utils-2.3.3/support/nfs/xlog.c.orig nfs-utils-2.3.3/support/nfs/xlog.c
--- nfs-utils-2.3.3/support/nfs/xlog.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/xlog.c 2019-09-18 10:57:56.717567629 -0400
@@ -135,10 +135,14 @@ xlog_from_conffile(char *service)
struct conf_list_node *n;
kinds = conf_get_list(service, "debug");
- if (!kinds || !kinds->cnt)
+ if (!kinds || !kinds->cnt) {
+ free(kinds);
return;
+ }
TAILQ_FOREACH(n, &(kinds->fields), link)
xlog_sconfig(n->field, 1);
+
+ conf_free_list(kinds);
}
int
diff -up nfs-utils-2.3.3/support/nsm/file.c.orig nfs-utils-2.3.3/support/nsm/file.c
--- nfs-utils-2.3.3/support/nsm/file.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nsm/file.c 2019-09-18 10:57:56.717567629 -0400
@@ -533,6 +533,7 @@ nsm_update_kernel_state(const int state)
len = snprintf(buf, sizeof(buf), "%d", state);
if (error_check(len, sizeof(buf))) {
xlog_warn("Failed to form NSM state number string");
+ close(fd);
return;
}
diff -up nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c.orig nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c
--- nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/systemd/rpc-pipefs-generator.c 2019-09-18 10:57:56.717567629 -0400
@@ -69,12 +69,16 @@ int generate_target(char *pipefs_path, c
return 1;
ret = generate_mount_unit(pipefs_path, pipefs_unit, dirname);
- if (ret)
+ if (ret) {
+ free(pipefs_unit);
return ret;
+ }
path = malloc(strlen(dirname) + 1 + sizeof(filebase));
- if (!path)
+ if (!path) {
+ free(pipefs_unit);
return 2;
+ }
sprintf(path, "%s", dirname);
mkdir(path, 0755);
strcat(path, filebase);
@@ -82,6 +86,7 @@ int generate_target(char *pipefs_path, c
if (!f)
{
free(path);
+ free(pipefs_unit);
return 1;
}
@@ -90,6 +95,7 @@ int generate_target(char *pipefs_path, c
fprintf(f, "After=%s\n", pipefs_unit);
fclose(f);
free(path);
+ free(pipefs_unit);
return 0;
}
diff -up nfs-utils-2.3.3/utils/blkmapd/device-discovery.c.orig nfs-utils-2.3.3/utils/blkmapd/device-discovery.c
--- nfs-utils-2.3.3/utils/blkmapd/device-discovery.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/blkmapd/device-discovery.c 2019-09-18 10:58:54.444237714 -0400
@@ -186,8 +186,11 @@ static void bl_add_disk(char *filepath)
}
}
- if (disk && diskpath)
+ if (disk && diskpath) {
+ if (serial)
+ free(serial);
return;
+ }
/* add path */
path = malloc(sizeof(struct bl_disk_path));
@@ -223,6 +226,8 @@ static void bl_add_disk(char *filepath)
disk->size = size;
disk->valid_path = path;
}
+ if (serial)
+ free(serial);
}
return;
@@ -232,6 +237,9 @@ static void bl_add_disk(char *filepath)
free(path->full_path);
free(path);
}
+ if (serial)
+ free(serial);
+
return;
}
@@ -375,7 +383,12 @@ static void bl_rpcpipe_cb(void)
if (event->mask & IN_CREATE) {
BL_LOG_WARNING("nfs pipe dir created\n");
bl_watch_dir(nfspipe_dir, &nfs_pipedir_wfd);
+ if (bl_pipe_fd >= 0)
+ close(bl_pipe_fd);
bl_pipe_fd = open(bl_pipe_file, O_RDWR);
+ if (bl_pipe_fd < 0)
+ BL_LOG_ERR("open %s failed: %s\n",
+ event->name, strerror(errno));
} else if (event->mask & IN_DELETE) {
BL_LOG_WARNING("nfs pipe dir deleted\n");
inotify_rm_watch(bl_watch_fd, nfs_pipedir_wfd);
@@ -388,6 +401,8 @@ static void bl_rpcpipe_cb(void)
continue;
if (event->mask & IN_CREATE) {
BL_LOG_WARNING("blocklayout pipe file created\n");
+ if (bl_pipe_fd >= 0)
+ close(bl_pipe_fd);
bl_pipe_fd = open(bl_pipe_file, O_RDWR);
if (bl_pipe_fd < 0)
BL_LOG_ERR("open %s failed: %s\n",
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2019-09-18 10:57:56.718567624 -0400
@@ -698,6 +698,8 @@ gssd_search_krb5_keytab(krb5_context con
"we failed to unparse principal name: %s\n",
k5err);
k5_free_kt_entry(context, kte);
+ free(k5err);
+ k5err = NULL;
continue;
}
printerr(4, "Processing keytab entry for principal '%s'\n",
@@ -899,6 +901,8 @@ find_keytab_entry(krb5_context context,
k5err = gssd_k5_err_msg(context, code);
printerr(1, "%s while building principal for '%s'\n",
k5err, spn);
+ free(k5err);
+ k5err = NULL;
continue;
}
code = krb5_kt_get_entry(context, kt, princ, 0, 0, kte);
@@ -1168,7 +1172,8 @@ gssd_get_krb5_machine_cred_list(char ***
*list = l;
retval = 0;
goto out;
- }
+ } else
+ free((void *)l);
out:
return retval;
}
@@ -1216,6 +1221,8 @@ gssd_destroy_krb5_machine_creds(void)
printerr(0, "WARNING: %s while resolving credential "
"cache '%s' for destruction\n", k5err,
ple->ccname);
+ free(k5err);
+ k5err = NULL;
continue;
}
diff -up nfs-utils-2.3.3/utils/mount/configfile.c.orig nfs-utils-2.3.3/utils/mount/configfile.c
--- nfs-utils-2.3.3/utils/mount/configfile.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/mount/configfile.c 2019-09-18 10:57:56.718567624 -0400
@@ -404,7 +404,7 @@ char *conf_get_mntopts(char *spec, char
/* list_size + optlen + ',' + '\0' */
config_opts = calloc(1, (list_size+optlen+2));
- if (server == NULL) {
+ if (config_opts == NULL) {
xlog_warn("conf_get_mountops: Unable calloc memory for config_opts");
free_all();
return mount_opts;
diff -up nfs-utils-2.3.3/utils/mountd/cache.c.orig nfs-utils-2.3.3/utils/mountd/cache.c
--- nfs-utils-2.3.3/utils/mountd/cache.c.orig 2019-09-18 10:57:14.190810677 -0400
+++ nfs-utils-2.3.3/utils/mountd/cache.c 2019-09-18 10:57:56.718567624 -0400
@@ -1240,7 +1240,7 @@ static struct exportent *lookup_junction
goto out;
}
status = nfs_get_basic_junction(pathname, &locations);
- switch (status) {
+ if (status) {
xlog(L_WARNING, "Dangling junction %s: %s",
pathname, strerror(status));
goto out;
@@ -1248,10 +1248,11 @@ static struct exportent *lookup_junction
parent = lookup_parent_export(dom, pathname, ai);
if (parent == NULL)
- goto out;
+ goto free_locations;
exp = locations_to_export(locations, pathname, parent);
+free_locations:
nfs_free_locations(locations->ns_list);
free(locations);
diff -up nfs-utils-2.3.3/utils/mountd/fsloc.c.orig nfs-utils-2.3.3/utils/mountd/fsloc.c
--- nfs-utils-2.3.3/utils/mountd/fsloc.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/mountd/fsloc.c 2019-09-18 10:57:56.719567618 -0400
@@ -102,6 +102,7 @@ static struct servers *parse_list(char *
cp = strchr(list[i], '@');
if ((!cp) || list[i][0] != '/') {
xlog(L_WARNING, "invalid entry '%s'", list[i]);
+ free(mp);
continue; /* XXX Need better error handling */
}
res->h_mp[i] = mp;
diff -up nfs-utils-2.3.3/utils/mount/nfsmount.c.orig nfs-utils-2.3.3/utils/mount/nfsmount.c
--- nfs-utils-2.3.3/utils/mount/nfsmount.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/mount/nfsmount.c 2019-09-18 10:57:56.730567555 -0400
@@ -452,6 +452,7 @@ parse_options(char *old_opts, struct nfs
nfs_error(_("%s: Bad nfs mount parameter: %s\n"), progname, opt);
out_bad:
free(tmp_opts);
+ free(mounthost);
return 0;
}
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2019-09-18 10:57:14.183810717 -0400
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2019-09-18 10:57:56.730567555 -0400
@@ -982,8 +982,11 @@ static int nfs_try_mount(struct nfsmount
}
if (!nfs_append_addr_option(address->ai_addr,
- address->ai_addrlen, mi->options))
+ address->ai_addrlen, mi->options)) {
+ freeaddrinfo(address);
+ errno = ENOMEM;
return 0;
+ }
mi->address = address;
}
diff -up nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c.orig nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c
--- nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/nfsdcltrack/sqlite.c 2019-09-18 10:57:56.731567549 -0400
@@ -215,6 +215,8 @@ sqlite_maindb_init_v2(void)
&err);
if (ret != SQLITE_OK) {
xlog(L_ERROR, "Unable to begin transaction: %s", err);
+ if (err)
+ sqlite3_free(err);
return ret;
}
diff -up nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c
--- nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c.orig 2019-11-11 08:49:06.044870974 -0500
+++ nfs-utils-2.3.3/support/nfsidmap/libnfsidmap.c 2019-11-11 09:19:10.391896845 -0500
@@ -486,6 +486,9 @@ out:
if (gss_methods)
conf_free_list(gss_methods);
+ if (nfs4_methods)
+ conf_free_list(nfs4_methods);
+
return ret ? -ENOENT: 0;
}
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2019-11-11 08:49:06.045870979 -0500
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2019-11-11 09:19:10.393896856 -0500
@@ -911,6 +911,8 @@ find_keytab_entry(krb5_context context,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
+ free(k5err);
+ k5err = NULL;
/*
* We tried the active directory machine account
* with the hostname part as-is and failed...
@@ -1013,6 +1015,8 @@ query_krb5_ccache(const char* cred_cache
char *str = NULL;
char *princstring;
+ *ret_princname = *ret_realm = NULL;
+
ret = krb5_init_context(&context);
if (ret)
return 0;
@@ -1047,7 +1051,7 @@ err_princ:
krb5_cc_close(context, ccache);
err_cache:
krb5_free_context(context);
- return found;
+ return (*ret_princname && *ret_realm);
}
/*==========================*/
@@ -1230,6 +1234,8 @@ gssd_destroy_krb5_machine_creds(void)
k5err = gssd_k5_err_msg(context, code);
printerr(0, "WARNING: %s while destroying credential "
"cache '%s'\n", k5err, ple->ccname);
+ free(k5err);
+ k5err = NULL;
}
}
krb5_free_context(context);
diff -up nfs-utils-2.3.3/utils/idmapd/idmapd.c.orig nfs-utils-2.3.3/utils/idmapd/idmapd.c
--- nfs-utils-2.3.3/utils/idmapd/idmapd.c.orig 2019-11-11 08:49:06.029870889 -0500
+++ nfs-utils-2.3.3/utils/idmapd/idmapd.c 2019-11-11 09:19:10.393896856 -0500
@@ -517,14 +517,16 @@ static void
clntscancb(int UNUSED(fd), short UNUSED(which), void *data)
{
struct idmap_clientq *icq = data;
- struct idmap_client *ic;
+ struct idmap_client *ic, *ic_next;
- TAILQ_FOREACH(ic, icq, ic_next)
+ for (ic = TAILQ_FIRST(icq); ic != NULL; ic = ic_next) {
+ ic_next = TAILQ_NEXT(ic, ic_next);
if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
close(ic->ic_dirfd);
TAILQ_REMOVE(icq, ic, ic_next);
free(ic);
}
+ }
}
static void
diff -up nfs-utils-2.3.3/utils/statd/monitor.c.orig nfs-utils-2.3.3/utils/statd/monitor.c
--- nfs-utils-2.3.3/utils/statd/monitor.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/statd/monitor.c 2019-11-11 09:19:10.393896856 -0500
@@ -66,7 +66,7 @@ sm_mon_1_svc(struct mon *argp, struct sv
*my_name = argp->mon_id.my_id.my_name;
struct my_id *id = &argp->mon_id.my_id;
char *cp;
- notify_list *clnt;
+ notify_list *clnt = NULL;
struct sockaddr_in my_addr = {
.sin_family = AF_INET,
.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
@@ -223,6 +224,7 @@ sm_mon_1_svc(struct mon *argp, struct sv
failure:
xlog_warn("STAT_FAIL to %s for SM_MON of %s", my_name, mon_name);
+ free(clnt);
return (&result);
}
@@ -242,6 +244,7 @@ load_one_host(const char *hostname,
clnt->dns_name = strdup(hostname);
if (clnt->dns_name == NULL) {
nlist_free(NULL, clnt);
+ free(clnt);
return 0;
}
diff -up nfs-utils-2.3.3/utils/statd/notlist.c.orig nfs-utils-2.3.3/utils/statd/notlist.c
--- nfs-utils-2.3.3/utils/statd/notlist.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/statd/notlist.c 2019-11-11 09:19:10.394896861 -0500
@@ -210,7 +210,6 @@ nlist_free(notify_list **head, notify_li
if (NL_MON_NAME(entry))
free(NL_MON_NAME(entry));
free(entry->dns_name);
- free(entry);
}
/*
@@ -219,8 +218,14 @@ nlist_free(notify_list **head, notify_li
void
nlist_kill(notify_list **head)
{
- while (*head)
+ notify_list *next;
+
+ while (*head) {
+ next = (*head)->next;
nlist_free(head, *head);
+ free(*head);
+ *head = next;
+ }
}
/*

View File

@ -0,0 +1,25 @@
diff -up nfs-utils-2.3.3/support/export/client.c.orig nfs-utils-2.3.3/support/export/client.c
--- nfs-utils-2.3.3/support/export/client.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/export/client.c 2023-01-12 08:59:44.171609492 -0500
@@ -689,6 +689,9 @@ check_netgroup(const nfs_client *clp, co
/* check whether the IP itself is in the netgroup */
ip = calloc(INET6_ADDRSTRLEN, 1);
+ if (ip == NULL)
+ goto out;
+
if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
if (innetgr(netgroup, ip, NULL, NULL)) {
free(hname);
diff -up nfs-utils-2.3.3/tools/nfsrahead/main.c.orig nfs-utils-2.3.3/tools/nfsrahead/main.c
--- nfs-utils-2.3.3/tools/nfsrahead/main.c.orig 2023-01-12 08:58:28.297466979 -0500
+++ nfs-utils-2.3.3/tools/nfsrahead/main.c 2023-01-12 09:00:37.988419866 -0500
@@ -167,7 +167,7 @@ int main(int argc, char **argv)
if ((ret = get_device_info(argv[optind], &device)) == 0)
break;
- if (ret != 0) {
+ if (ret != 0 || device.fstype == NULL) {
xlog(D_GENERAL, "unable to find device %s\n", argv[optind]);
goto out;
}

View File

@ -0,0 +1,27 @@
From c9305f75070abe76155d6db29889bf5dead218c2 Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Fri, 7 Feb 2020 10:18:21 -0500
Subject: [PATCH] query_krb5_ccache: Removed dead code that was flagged by a
covscan
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index bff759f..a1c43d2 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1066,8 +1066,6 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
*ret_realm = strdup(str+1);
}
k5_free_unparsed_name(context, princstring);
- } else {
- found = 0;
}
}
krb5_free_principal(context, principal);
--
2.24.1

View File

@ -0,0 +1,50 @@
commit 7d5dcd2358df55353eed94a0e84b77bb3597634e
Author: J. Bruce Fields <bfields@redhat.com>
Date: Fri Mar 27 13:11:28 2020 -0400
exports man page: warn about subdirectory exports
Subdirectory exports have a number of problems which have been poorly
documented.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index e3a16f6b..1d171849 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -494,6 +494,33 @@ export entry for
.B /home/joe
in the example section below, which maps all requests to uid 150 (which
is supposedly that of user joe).
+
+.SS Subdirectory Exports
+
+Normally you should only export only the root of a filesystem. The NFS
+server will also allow you to export a subdirectory of a filesystem,
+however, this has drawbacks:
+
+First, it may be possible for a malicious user to access files on the
+filesystem outside of the exported subdirectory, by guessing filehandles
+for those other files. The only way to prevent this is by using the
+.IR no_subtree_check
+option, which can cause other problems.
+
+Second, export options may not be enforced in the way that you would
+expect. For example, the
+.IR security_label
+option will not work on subdirectory exports, and if nested subdirectory
+exports change the
+.IR security_label
+or
+.IR sec=
+options, NFSv4 clients will normally see only the options on the parent
+export. Also, where security options differ, a malicious client may use
+filehandle-guessing attacks to access the files from one subdirectory
+using the options from another.
+
+
.SS Extra Export Tables
After reading
.I /etc/exports

View File

@ -0,0 +1,43 @@
commit ac266e2edc4f40eef810d52c72657b645e4010db
Author: Ondrej Mosnacek <omosnace@redhat.com>
Date: Tue Apr 6 15:57:37 2021 -0400
exportfs: fix unexporting of '/'
The code that has been added to strip trailing slashes from path in
unexportfs_parsed() forgot to account for the case of the root
directory, which is simply '/'. In that case it accesses path[-1] and
reduces the path to an empty string, which then fails to match any
export.
Fix it by stopping the stripping when the path is just a single
character - it doesn't matter if it's a '/' or not, we want to keep it
either way in that case.
Reproducer:
exportfs localhost:/
exportfs -u localhost:/
Without this patch, the unexport step fails with "exportfs: Could not
find 'localhost:/' to unexport."
Fixes: a9a7728d8743 ("exportfs: Deal with path's trailing "/" in unexportfs_parsed()")
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1941171
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index 262dd19a..25d757d8 100644
--- a/utils/exportfs/exportfs.c
+++ b/utils/exportfs/exportfs.c
@@ -383,7 +383,7 @@ unexportfs_parsed(char *hname, char *path, int verbose)
* so need to deal with it.
*/
size_t nlen = strlen(path);
- while (path[nlen - 1] == '/')
+ while ((nlen > 1) && (path[nlen - 1] == '/'))
nlen--;
for (exp = exportlist[htype].p_head; exp; exp = exp->m_next) {

View File

@ -0,0 +1,30 @@
commit ba90d61be3abca5a699765ce08759ca6b986781d
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 14:05:23 2020 -0500
exports.man: Remove some outdated verbiage
Years ago, commit 6a7d90cea765 removed the warning
this verbiage was talking about, but was never
removed from the man page.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 1d171849..54b3f877 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -169,13 +169,6 @@ default. In all releases after 1.0.0,
is the default, and
.I async
must be explicitly requested if needed.
-To help make system administrators aware of this change,
-.B exportfs
-will issue a warning if neither
-.I sync
-nor
-.I async
-is specified.
.TP
.IR no_wdelay
This option has no effect if

View File

@ -0,0 +1,290 @@
diff -up nfs-utils-2.3.3/utils/gssd/err_util.c.orig nfs-utils-2.3.3/utils/gssd/err_util.c
--- nfs-utils-2.3.3/utils/gssd/err_util.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/gssd/err_util.c 2021-07-19 12:29:21.366829573 -0400
@@ -70,3 +70,17 @@ int get_verbosity(void)
{
return verbosity;
}
+
+char *
+sec2time(int value)
+{
+ static char buf[BUFSIZ];
+ int hr, min, sec;
+
+ hr = (value / 3600);
+ min = (value - (3600*hr))/60;
+ sec = (value - (3600*hr) - (min*60));
+ sprintf(buf, "%dh:%dm:%ds", hr, min, sec);
+ return(buf);
+}
+
diff -up nfs-utils-2.3.3/utils/gssd/err_util.h.orig nfs-utils-2.3.3/utils/gssd/err_util.h
--- nfs-utils-2.3.3/utils/gssd/err_util.h.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/gssd/err_util.h 2021-07-19 12:29:21.367829599 -0400
@@ -34,5 +34,6 @@
void initerr(char *progname, int verbosity, int fg);
void printerr(int priority, char *format, ...);
int get_verbosity(void);
+char * sec2time(int);
#endif /* _ERR_UTIL_H_ */
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 12:24:13.963644016 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 12:29:21.368829626 -0400
@@ -396,7 +396,7 @@ gssd_free_client(struct clnt_info *clp)
if (refcnt > 0)
return;
- printerr(3, "freeing client %s\n", clp->relpath);
+ printerr(4, "freeing client %s\n", clp->relpath);
if (clp->krb5_fd >= 0)
close(clp->krb5_fd);
@@ -417,7 +417,7 @@ gssd_free_client(struct clnt_info *clp)
static void
gssd_destroy_client(struct clnt_info *clp)
{
- printerr(3, "destroying client %s\n", clp->relpath);
+ printerr(4, "destroying client %s\n", clp->relpath);
if (clp->krb5_ev) {
event_del(clp->krb5_ev);
@@ -494,7 +494,7 @@ scan_active_thread_list(void)
* upcall_thread_info from the list and free it.
*/
if (tret == PTHREAD_CANCELED)
- printerr(3, "watchdog: thread id 0x%lx cancelled successfully\n",
+ printerr(2, "watchdog: thread id 0x%lx cancelled successfully\n",
info->tid);
saveprev = info->list.tqe_prev;
TAILQ_REMOVE(&active_thread_list, info, list);
@@ -783,7 +783,7 @@ gssd_scan(void)
{
struct dirent *d;
- printerr(3, "doing a full rescan\n");
+ printerr(4, "doing a full rescan\n");
rewinddir(pipefs_dir);
while ((d = readdir(pipefs_dir))) {
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 12:24:13.964644043 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 12:29:21.368829626 -0400
@@ -166,8 +166,9 @@ do_downcall(int k5_fd, uid_t uid, struct
unsigned int buf_size = 0;
pthread_t tid = pthread_self();
- printerr(2, "do_downcall(0x%x): lifetime_rec=%u acceptor=%.*s\n",
- tid, lifetime_rec, acceptor->length, acceptor->value);
+ if (get_verbosity() > 1)
+ printerr(2, "do_downcall(0x%lx): lifetime_rec=%s acceptor=%.*s\n",
+ tid, sec2time(lifetime_rec), acceptor->length, acceptor->value);
buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) +
sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length +
sizeof(context_token->length) + context_token->length +
@@ -193,7 +194,7 @@ do_downcall(int k5_fd, uid_t uid, struct
return;
out_err:
free(buf);
- printerr(1, "do_downcall(0x%x): Failed to write downcall!\n", tid);
+ printerr(1, "do_downcall(0x%lx): Failed to write downcall!\n", tid);
return;
}
@@ -204,8 +205,9 @@ do_error_downcall(int k5_fd, uid_t uid,
char *p = buf, *end = buf + 1024;
unsigned int timeout = 0;
int zero = 0;
+ pthread_t tid = pthread_self();
- printerr(2, "doing error downcall\n");
+ printerr(2, "do_error_downcall(0x%lx): uid %d err %d\n", tid, uid, err);
if (WRITE_BYTES(&p, end, uid)) goto out_err;
if (WRITE_BYTES(&p, end, timeout)) goto out_err;
@@ -328,6 +330,7 @@ create_auth_rpc_client(struct clnt_info
struct timeval timeout;
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
socklen_t salen;
+ pthread_t tid = pthread_self();
sec.qop = GSS_C_QOP_DEFAULT;
sec.svc = RPCSEC_GSS_SVC_NONE;
@@ -361,8 +364,8 @@ create_auth_rpc_client(struct clnt_info
/* create an rpc connection to the nfs server */
- printerr(2, "creating %s client for server %s\n", clp->protocol,
- clp->servername);
+ printerr(3, "create_auth_rpc_client(0x%lx): creating %s client for server %s\n",
+ tid, clp->protocol, clp->servername);
protocol = IPPROTO_TCP;
if ((strcmp(clp->protocol, "udp")) == 0)
@@ -405,7 +408,8 @@ create_auth_rpc_client(struct clnt_info
if (!tgtname)
tgtname = clp->servicename;
- printerr(2, "creating context with server %s\n", tgtname);
+ printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
+ tid, tgtname);
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
/* Our caller should print appropriate message */
@@ -507,9 +511,10 @@ krb5_not_machine_creds(struct clnt_info
gss_cred_id_t gss_cred;
char **dname;
int err, resp = -1;
+ pthread_t tid = pthread_self();
- printerr(2, "krb5_not_machine_creds: uid %d tgtname %s\n",
- uid, tgtname);
+ printerr(2, "krb5_not_machine_creds(0x%lx): uid %d tgtname %s\n",
+ tid, uid, tgtname);
*chg_err = change_identity(uid);
if (*chg_err) {
@@ -555,9 +560,10 @@ krb5_use_machine_creds(struct clnt_info
char **ccname;
int nocache = 0;
int success = 0;
+ pthread_t tid = pthread_self();
- printerr(2, "krb5_use_machine_creds: uid %d tgtname %s\n",
- uid, tgtname);
+ printerr(2, "krb5_use_machine_creds(0x%lx): uid %d tgtname %s\n",
+ tid, uid, tgtname);
do {
gssd_refresh_krb5_machine_credential(clp->servername,
@@ -874,6 +880,7 @@ start_upcall_thread(void (*func)(struct
pthread_t th;
struct upcall_thread_info *tinfo;
int ret;
+ pthread_t tid = pthread_self();
tinfo = alloc_upcall_thread_info();
if (!tinfo)
@@ -896,6 +903,9 @@ start_upcall_thread(void (*func)(struct
free(tinfo);
return ret;
}
+ printerr(2, "start_upcall_thread(0x%lx): created thread id 0x%lx\n",
+ tid, th);
+
tinfo->tid = th;
pthread_mutex_lock(&active_thread_list_lock);
clock_gettime(CLOCK_MONOTONIC, &tinfo->timeout);
@@ -958,7 +968,7 @@ handle_gssd_upcall(struct clnt_info *clp
}
lbuf[lbuflen-1] = 0;
- printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
+ printerr(2, "\n%s(0x%lx): '%s' (%s)\n", __func__, tid,
lbuf, clp->relpath);
for (p = strtok(lbuf, " "); p; p = strtok(NULL, " ")) {
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-07-19 12:24:13.951643697 -0400
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-07-19 12:36:27.746223992 -0400
@@ -375,6 +375,7 @@ gssd_get_single_krb5_cred(krb5_context c
char *cache_type;
char *pname = NULL;
char *k5err = NULL;
+ pthread_t tid = pthread_self();
memset(&my_creds, 0, sizeof(my_creds));
@@ -385,8 +386,8 @@ gssd_get_single_krb5_cred(krb5_context c
now += 300;
pthread_mutex_lock(&ple_lock);
if (ple->ccname && ple->endtime > now && !nocache) {
- printerr(3, "INFO: Credentials in CC '%s' are good until %d\n",
- ple->ccname, ple->endtime);
+ printerr(3, "%s(0x%lx): Credentials in CC '%s' are good until %s",
+ __func__, tid, ple->ccname, ctime((time_t *)&ple->endtime));
code = 0;
pthread_mutex_unlock(&ple_lock);
goto out;
@@ -486,7 +487,8 @@ gssd_get_single_krb5_cred(krb5_context c
}
code = 0;
- printerr(2, "%s: principal '%s' ccache:'%s'\n", __func__, pname, cc_name);
+ printerr(2, "%s(0x%lx): principal '%s' ccache:'%s'\n",
+ __func__, tid, pname, cc_name);
out:
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS
if (init_opts)
@@ -615,6 +617,7 @@ get_full_hostname(const char *inhost, ch
struct addrinfo hints;
int retval;
char *c;
+ pthread_t tid = pthread_self();
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
@@ -624,8 +627,8 @@ get_full_hostname(const char *inhost, ch
/* Get full target hostname */
retval = getaddrinfo(inhost, NULL, &hints, &addrs);
if (retval) {
- printerr(1, "%s while getting full hostname for '%s'\n",
- gai_strerror(retval), inhost);
+ printerr(1, "%s(0x%lx): getaddrinfo(%s) failed: %s\n",
+ __func__, tid, inhost, gai_strerror(retval));
goto out;
}
strncpy(outhost, addrs->ai_canonname, outhostlen);
@@ -633,7 +636,10 @@ get_full_hostname(const char *inhost, ch
for (c = outhost; *c != '\0'; c++)
*c = tolower(*c);
- printerr(3, "Full hostname for '%s' is '%s'\n", inhost, outhost);
+ if (get_verbosity() && strcmp(inhost, outhost))
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
+ inhost, outhost);
+
retval = 0;
out:
return retval;
@@ -819,6 +825,7 @@ find_keytab_entry(krb5_context context,
krb5_principal princ;
const char *notsetstr = "not set";
char *adhostoverride = NULL;
+ pthread_t tid = pthread_self();
/* Get full target hostname */
@@ -972,7 +979,7 @@ find_keytab_entry(krb5_context context,
tried_upper = 1;
}
} else {
- printerr(2, "Success getting keytab entry for '%s'\n",spn);
+ printerr(2, "find_keytab_entry(0x%lx): Success getting keytab entry for '%s'\n",tid, spn);
retval = 0;
goto out;
}
@@ -1113,9 +1120,6 @@ gssd_refresh_krb5_machine_credential_int
char *k5err = NULL;
const char *svcnames[] = { "$", "root", "nfs", "host", NULL };
- printerr(2, "%s: hostname=%s ple=%p service=%s srchost=%s\n",
- __func__, hostname, ple, service, srchost);
-
/*
* If a specific service name was specified, use it.
* Otherwise, use the default list.
@@ -1124,9 +1128,10 @@ gssd_refresh_krb5_machine_credential_int
svcnames[0] = service;
svcnames[1] = NULL;
}
- if (hostname == NULL && ple == NULL)
+ if (hostname == NULL && ple == NULL) {
+ printerr(0, "ERROR: %s: Invalid args\n", __func__);
return EINVAL;
-
+ }
code = krb5_init_context(&context);
if (code) {
k5err = gssd_k5_err_msg(NULL, code);

View File

@ -0,0 +1,17 @@
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2019-11-11 09:23:28.920435729 -0500
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2019-11-26 13:59:52.812685585 -0500
@@ -1020,11 +1020,11 @@ main(int argc, char *argv[])
"support setting debug levels\n");
#endif
+ daemon_init(fg);
+
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
- daemon_init(fg);
-
event_init();
pipefs_dir = opendir(pipefs_path);

View File

@ -0,0 +1,402 @@
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 09:39:04.273895536 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 09:40:13.942751214 -0400
@@ -364,7 +364,7 @@ out:
/* Actually frees clp and fields that might be used from other
* threads if was last reference.
*/
-static void
+void
gssd_free_client(struct clnt_info *clp)
{
int refcnt;
@@ -416,55 +416,6 @@ gssd_destroy_client(struct clnt_info *cl
static void gssd_scan(void);
-static int
-start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
-{
- pthread_attr_t attr;
- pthread_t th;
- int ret;
-
- ret = pthread_attr_init(&attr);
- if (ret != 0) {
- printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
- ret, strerror(errno));
- return ret;
- }
- ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
- if (ret != 0) {
- printerr(0, "ERROR: failed to create pthread attr: ret %d: "
- "%s\n", ret, strerror(errno));
- return ret;
- }
-
- ret = pthread_create(&th, &attr, (void *)func, (void *)info);
- if (ret != 0)
- printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
- ret, strerror(errno));
- return ret;
-}
-
-static struct clnt_upcall_info *alloc_upcall_info(struct clnt_info *clp)
-{
- struct clnt_upcall_info *info;
-
- info = malloc(sizeof(struct clnt_upcall_info));
- if (info == NULL)
- return NULL;
-
- pthread_mutex_lock(&clp_lock);
- clp->refcount++;
- pthread_mutex_unlock(&clp_lock);
- info->clp = clp;
-
- return info;
-}
-
-void free_upcall_info(struct clnt_upcall_info *info)
-{
- gssd_free_client(info->clp);
- free(info);
-}
-
/* For each upcall read the upcall info into the buffer, then create a
* thread in a detached state so that resources are released back into
* the system without the need for a join.
@@ -473,44 +424,16 @@ static void
gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
{
struct clnt_info *clp = data;
- struct clnt_upcall_info *info;
-
- info = alloc_upcall_info(clp);
- if (info == NULL)
- return;
-
- info->lbuflen = read(clp->gssd_fd, info->lbuf, sizeof(info->lbuf));
- if (info->lbuflen <= 0 || info->lbuf[info->lbuflen-1] != '\n') {
- printerr(0, "WARNING: %s: failed reading request\n", __func__);
- free_upcall_info(info);
- return;
- }
- info->lbuf[info->lbuflen-1] = 0;
- if (start_upcall_thread(handle_gssd_upcall, info))
- free_upcall_info(info);
+ handle_gssd_upcall(clp);
}
static void
gssd_clnt_krb5_cb(int UNUSED(fd), short UNUSED(which), void *data)
{
struct clnt_info *clp = data;
- struct clnt_upcall_info *info;
-
- info = alloc_upcall_info(clp);
- if (info == NULL)
- return;
-
- if (read(clp->krb5_fd, &info->uid,
- sizeof(info->uid)) < (ssize_t)sizeof(info->uid)) {
- printerr(0, "WARNING: %s: failed reading uid from krb5 "
- "upcall pipe: %s\n", __func__, strerror(errno));
- free_upcall_info(info);
- return;
- }
- if (start_upcall_thread(handle_krb5_upcall, info))
- free_upcall_info(info);
+ handle_krb5_upcall(clp);
}
static struct clnt_info *
diff -up nfs-utils-2.3.3/utils/gssd/gssd.h.orig nfs-utils-2.3.3/utils/gssd/gssd.h
--- nfs-utils-2.3.3/utils/gssd/gssd.h.orig 2021-07-19 09:39:04.269895430 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.h 2021-07-19 09:40:13.943751240 -0400
@@ -84,14 +84,17 @@ struct clnt_info {
struct clnt_upcall_info {
struct clnt_info *clp;
- char lbuf[RPC_CHAN_BUF_SIZE];
- int lbuflen;
uid_t uid;
+ int fd;
+ char *srchost;
+ char *target;
+ char *service;
};
-void handle_krb5_upcall(struct clnt_upcall_info *clp);
-void handle_gssd_upcall(struct clnt_upcall_info *clp);
+void handle_krb5_upcall(struct clnt_info *clp);
+void handle_gssd_upcall(struct clnt_info *clp);
void free_upcall_info(struct clnt_upcall_info *info);
+void gssd_free_client(struct clnt_info *clp);
#endif /* _RPC_GSSD_H_ */
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 09:39:04.269895430 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 09:40:13.944751267 -0400
@@ -80,6 +80,8 @@
#include "nfslib.h"
#include "gss_names.h"
+extern pthread_mutex_t clp_lock;
+
/* Encryption types supported by the kernel rpcsec_gss code */
int num_krb5_enctypes = 0;
krb5_enctype *krb5_enctypes = NULL;
@@ -719,22 +721,133 @@ out_return_error:
goto out;
}
-void
-handle_krb5_upcall(struct clnt_upcall_info *info)
-{
- struct clnt_info *clp = info->clp;
+static struct clnt_upcall_info *
+alloc_upcall_info(struct clnt_info *clp, uid_t uid, int fd, char *srchost,
+ char *target, char *service)
+{
+ struct clnt_upcall_info *info;
+
+ info = malloc(sizeof(struct clnt_upcall_info));
+ if (info == NULL)
+ return NULL;
+
+ memset(info, 0, sizeof(*info));
+ pthread_mutex_lock(&clp_lock);
+ clp->refcount++;
+ pthread_mutex_unlock(&clp_lock);
+ info->clp = clp;
+ info->uid = uid;
+ info->fd = fd;
+ if (srchost) {
+ info->srchost = strdup(srchost);
+ if (info->srchost == NULL)
+ goto out_info;
+ }
+ if (target) {
+ info->target = strdup(target);
+ if (info->target == NULL)
+ goto out_srchost;
+ }
+ if (service) {
+ info->service = strdup(service);
+ if (info->service == NULL)
+ goto out_target;
+ }
+
+out:
+ return info;
- printerr(2, "\n%s: uid %d (%s)\n", __func__, info->uid, clp->relpath);
+out_target:
+ if (info->target)
+ free(info->target);
+out_srchost:
+ if (info->srchost)
+ free(info->srchost);
+out_info:
+ free(info);
+ info = NULL;
+ goto out;
+}
+
+void free_upcall_info(struct clnt_upcall_info *info)
+{
+ gssd_free_client(info->clp);
+ if (info->service)
+ free(info->service);
+ if (info->target)
+ free(info->target);
+ if (info->srchost)
+ free(info->srchost);
+ free(info);
+}
- process_krb5_upcall(clp, info->uid, clp->krb5_fd, NULL, NULL, NULL);
+static void
+gssd_work_thread_fn(struct clnt_upcall_info *info)
+{
+ process_krb5_upcall(info->clp, info->uid, info->fd, info->srchost, info->target, info->service);
free_upcall_info(info);
}
+static int
+start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
+{
+ pthread_attr_t attr;
+ pthread_t th;
+ int ret;
+
+ ret = pthread_attr_init(&attr);
+ if (ret != 0) {
+ printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
+ ret, strerror(errno));
+ return ret;
+ }
+ ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+ if (ret != 0) {
+ printerr(0, "ERROR: failed to create pthread attr: ret %d: "
+ "%s\n", ret, strerror(errno));
+ return ret;
+ }
+
+ ret = pthread_create(&th, &attr, (void *)func, (void *)info);
+ if (ret != 0)
+ printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
+ ret, strerror(errno));
+ return ret;
+}
+
void
-handle_gssd_upcall(struct clnt_upcall_info *info)
+handle_krb5_upcall(struct clnt_info *clp)
{
- struct clnt_info *clp = info->clp;
uid_t uid;
+ struct clnt_upcall_info *info;
+ int err;
+
+ if (read(clp->krb5_fd, &uid, sizeof(uid)) < (ssize_t)sizeof(uid)) {
+ printerr(0, "WARNING: failed reading uid from krb5 "
+ "upcall pipe: %s\n", strerror(errno));
+ return;
+ }
+ printerr(2, "\n%s: uid %d (%s)\n", __func__, uid, clp->relpath);
+
+ info = alloc_upcall_info(clp, uid, clp->krb5_fd, NULL, NULL, NULL);
+ if (info == NULL) {
+ printerr(0, "%s: failed to allocate clnt_upcall_info\n", __func__);
+ do_error_downcall(clp->krb5_fd, uid, -EACCES);
+ return;
+ }
+ err = start_upcall_thread(gssd_work_thread_fn, info);
+ if (err != 0) {
+ do_error_downcall(clp->krb5_fd, uid, -EACCES);
+ free_upcall_info(info);
+ }
+}
+
+void
+handle_gssd_upcall(struct clnt_info *clp)
+{
+ uid_t uid;
+ char lbuf[RPC_CHAN_BUF_SIZE];
+ int lbuflen = 0;
char *p;
char *mech = NULL;
char *uidstr = NULL;
@@ -742,20 +855,22 @@ handle_gssd_upcall(struct clnt_upcall_in
char *service = NULL;
char *srchost = NULL;
char *enctypes = NULL;
- char *upcall_str;
- char *pbuf = info->lbuf;
pthread_t tid = pthread_self();
+ struct clnt_upcall_info *info;
+ int err;
- printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
- info->lbuf, clp->relpath);
-
- upcall_str = strdup(info->lbuf);
- if (upcall_str == NULL) {
- printerr(0, "ERROR: malloc failure\n");
- goto out_nomem;
+ lbuflen = read(clp->gssd_fd, lbuf, sizeof(lbuf));
+ if (lbuflen <= 0 || lbuf[lbuflen-1] != '\n') {
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "failed reading request\n");
+ return;
}
+ lbuf[lbuflen-1] = 0;
+
+ printerr(2, "\n%s(0x%x): '%s' (%s)\n", __func__, tid,
+ lbuf, clp->relpath);
- while ((p = strsep(&pbuf, " "))) {
+ for (p = strtok(lbuf, " "); p; p = strtok(NULL, " ")) {
if (!strncmp(p, "mech=", strlen("mech=")))
mech = p + strlen("mech=");
else if (!strncmp(p, "uid=", strlen("uid=")))
@@ -773,8 +888,8 @@ handle_gssd_upcall(struct clnt_upcall_in
if (!mech || strlen(mech) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to find gss mechanism name "
- "in upcall string '%s'\n", upcall_str);
- goto out;
+ "in upcall string '%s'\n", lbuf);
+ return;
}
if (uidstr) {
@@ -786,21 +901,21 @@ handle_gssd_upcall(struct clnt_upcall_in
if (!uidstr) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to find uid "
- "in upcall string '%s'\n", upcall_str);
- goto out;
+ "in upcall string '%s'\n", lbuf);
+ return;
}
if (enctypes && parse_enctypes(enctypes) != 0) {
printerr(0, "WARNING: handle_gssd_upcall: "
"parsing encryption types failed: errno %d\n", errno);
- goto out;
+ return;
}
if (target && strlen(target) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to parse target name "
- "in upcall string '%s'\n", upcall_str);
- goto out;
+ "in upcall string '%s'\n", lbuf);
+ return;
}
/*
@@ -814,21 +929,26 @@ handle_gssd_upcall(struct clnt_upcall_in
if (service && strlen(service) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to parse service type "
- "in upcall string '%s'\n", upcall_str);
- goto out;
+ "in upcall string '%s'\n", lbuf);
+ return;
}
- if (strcmp(mech, "krb5") == 0 && clp->servername)
- process_krb5_upcall(clp, uid, clp->gssd_fd, srchost, target, service);
- else {
+ if (strcmp(mech, "krb5") == 0 && clp->servername) {
+ info = alloc_upcall_info(clp, uid, clp->gssd_fd, srchost, target, service);
+ if (info == NULL) {
+ printerr(0, "%s: failed to allocate clnt_upcall_info\n", __func__);
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
+ return;
+ }
+ err = start_upcall_thread(gssd_work_thread_fn, info);
+ if (err != 0) {
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
+ free_upcall_info(info);
+ }
+ } else {
if (clp->servername)
printerr(0, "WARNING: handle_gssd_upcall: "
"received unknown gss mech '%s'\n", mech);
do_error_downcall(clp->gssd_fd, uid, -EACCES);
}
-out:
- free(upcall_str);
-out_nomem:
- free_upcall_info(info);
- return;
}

View File

@ -0,0 +1,141 @@
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
--- nfs-utils-2.3.3/nfs.conf.orig 2021-04-17 10:49:23.660184527 -0400
+++ nfs-utils-2.3.3/nfs.conf 2021-04-17 11:14:41.482108562 -0400
@@ -21,6 +21,7 @@ use-gss-proxy=1
# keytab-file=/etc/krb5.keytab
# cred-cache-directory=
# preferred-realm=
+# set-home=1
#
[lockd]
# port=0
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2021-04-17 10:49:23.696185472 -0400
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2021-04-17 11:14:41.483108588 -0400
@@ -222,7 +222,8 @@ Recognized values:
.BR rpc-timeout ,
.BR keytab-file ,
.BR cred-cache-directory ,
-.BR preferred-realm .
+.BR preferred-realm ,
+.BR set-home .
See
.BR rpc.gssd (8)
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-04-17 10:49:23.684185157 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-04-17 11:14:41.483108588 -0400
@@ -87,6 +87,8 @@ unsigned int context_timeout = 0;
unsigned int rpc_timeout = 5;
char *preferred_realm = NULL;
char *ccachedir = NULL;
+/* set $HOME to "/" by default */
+static bool set_home = true;
/* Avoid DNS reverse lookups on server names */
static bool avoid_dns = true;
static bool use_gssproxy = false;
@@ -885,7 +887,7 @@ sig_die(int signal)
static void
usage(char *progname)
{
- fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D]\n",
+ fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H]\n",
progname);
exit(1);
}
@@ -926,6 +928,7 @@ read_gss_conf(void)
preferred_realm = s;
use_gssproxy = conf_get_bool("gssd", "use-gss-proxy", use_gssproxy);
+ set_home = conf_get_bool("gssd", "set-home", set_home);
}
int
@@ -946,7 +949,7 @@ main(int argc, char *argv[])
verbosity = conf_get_num("gssd", "verbosity", verbosity);
rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
- while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
+ while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
@@ -994,6 +997,9 @@ main(int argc, char *argv[])
case 'D':
avoid_dns = false;
break;
+ case 'H':
+ set_home = false;
+ break;
default:
usage(argv[0]);
break;
@@ -1003,13 +1009,19 @@ main(int argc, char *argv[])
/*
* Some krb5 routines try to scrape info out of files in the user's
* home directory. This can easily deadlock when that homedir is on a
- * kerberized NFS mount. By setting $HOME unconditionally to "/", we
- * prevent this behavior in routines that use $HOME in preference to
- * the results of getpw*.
+ * kerberized NFS mount. By setting $HOME to "/" by default, we prevent
+ * this behavior in routines that use $HOME in preference to the results
+ * of getpw*.
+ *
+ * Some users do not use Kerberized home dirs and need $HOME to remain
+ * unchanged. Those users can leave $HOME unchanged by setting set_home
+ * to false.
*/
- if (setenv("HOME", "/", 1)) {
- printerr(0, "gssd: Unable to set $HOME: %s\n", strerror(errno));
- exit(1);
+ if (set_home) {
+ if (setenv("HOME", "/", 1)) {
+ printerr(0, "gssd: Unable to set $HOME: %s\n", strerror(errno));
+ exit(1);
+ }
}
if (use_gssproxy) {
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-04-17 10:49:23.650184264 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-04-17 11:14:41.484108615 -0400
@@ -8,7 +8,7 @@
rpc.gssd \- RPCSEC_GSS daemon
.SH SYNOPSIS
.B rpc.gssd
-.RB [ \-DfMnlvr ]
+.RB [ \-DfMnlvrH ]
.RB [ \-k
.IR keytab ]
.RB [ \-p
@@ -297,6 +297,16 @@ The default timeout is set to 5 seconds.
If you get messages like "WARNING: can't create tcp rpc_clnt to server
%servername% for user with uid %uid%: RPC: Remote system error -
Connection timed out", you should consider an increase of this timeout.
+.TP
+.B -H
+Avoids setting $HOME to "/". This allows rpc.gssd to read per user k5identity
+files versus trying to read /.k5identity for each user.
+
+If
+.B \-H
+is not set, rpc.gssd will use the first match found in
+/var/kerberos/krb5/user/$EUID/client.keytab and will not use a principal based on
+host and/or service parameters listed in $HOME/.k5identity.
.SH CONFIGURATION FILE
Many of the options that can be set on the command line can also be
controlled through values set in the
@@ -354,6 +364,13 @@ Equivalent to
.B preferred-realm
Equivalent to
.BR -R .
+.TP
+.B set-home
+Setting to
+.B false
+is equivalent to providing the
+.B -H
+flag.
.P
In addtion, the following value is recognized from the
.B [general]

View File

@ -0,0 +1,17 @@
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-04-17 11:21:18.326543446 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-04-17 12:35:59.867574517 -0400
@@ -347,11 +347,11 @@ Equivalent to
.TP
.B context-timeout
Equivalent to
-.BR -T .
+.BR -t .
.TP
.B rpc-timeout
Equivalent to
-.BR -t .
+.BR -T .
.TP
.B keytab-file
Equivalent to

View File

@ -0,0 +1,29 @@
commit 52db5259fe78c2b948df279b697412f99e12f229
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
Date: Fri Aug 23 14:06:42 2019 -0400
gssd: add configure options verbosity to man page rpc.gssd(8)
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index e620f0d1..cc3a210a 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -305,6 +305,14 @@ section of the
.I /etc/nfs.conf
configuration file. Values recognized include:
.TP
+.B verbosity
+Value which is equivalent to the number of
+.BR -v .
+.TP
+.B rpc-verbosity
+Value which is equivalent to the number of
+.BR -r .
+.TP
.B use-memcache
A Boolean flag equivalent to
.BR -M .

View File

@ -0,0 +1,118 @@
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index eb993aab..26e51edf 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -459,7 +459,7 @@ gssd_get_single_krb5_cred(krb5_context context,
if (ccache)
krb5_cc_close(context, ccache);
krb5_free_cred_contents(context, &my_creds);
- free(k5err);
+ krb5_free_string(context, k5err);
return (code);
}
@@ -698,7 +698,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
"we failed to unparse principal name: %s\n",
k5err);
k5_free_kt_entry(context, kte);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -745,7 +745,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
if (retval < 0)
retval = 0;
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -774,7 +774,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
int tried_all = 0, tried_default = 0, tried_upper = 0;
krb5_principal princ;
const char *notsetstr = "not set";
- char *adhostoverride;
+ char *adhostoverride = NULL;
/* Get full target hostname */
@@ -802,7 +802,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
adhostoverride);
/* No overflow: Windows cannot handle strings longer than 19 chars */
strcpy(myhostad, adhostoverride);
- free(adhostoverride);
} else {
strcpy(myhostad, myhostname);
for (i = 0; myhostad[i] != 0; ++i) {
@@ -811,6 +810,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
myhostad[i] = '$';
myhostad[i+1] = 0;
}
+ if (adhostoverride)
+ krb5_free_string(context, adhostoverride);
if (!srchost) {
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
@@ -901,7 +902,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(1, "%s while building principal for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -911,7 +912,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
/*
* We tried the active directory machine account
@@ -960,7 +961,7 @@ out:
k5_free_default_realm(context, default_realm);
if (realmnames)
krb5_free_host_realm(context, realmnames);
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}
@@ -1223,7 +1224,7 @@ gssd_destroy_krb5_machine_creds(void)
printerr(0, "WARNING: %s while resolving credential "
"cache '%s' for destruction\n", k5err,
ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
continue;
}
@@ -1232,13 +1233,13 @@ gssd_destroy_krb5_machine_creds(void)
k5err = gssd_k5_err_msg(context, code);
printerr(0, "WARNING: %s while destroying credential "
"cache '%s'\n", k5err, ple->ccname);
- free(k5err);
+ krb5_free_string(context, k5err);
k5err = NULL;
}
}
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
}
/*
@@ -1321,7 +1322,7 @@ out_free_kt:
out_free_context:
krb5_free_context(context);
out:
- free(k5err);
+ krb5_free_string(context, k5err);
return retval;
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,43 @@
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-07-22 15:27:27.728680553 -0400
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-07-22 15:30:08.916979585 -0400
@@ -165,18 +165,28 @@ static int gssd_get_single_krb5_cred(krb
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
char **ret_realm);
-static void release_ple(krb5_context context, struct gssd_k5_kt_princ *ple)
+static void release_ple_locked(krb5_context context,
+ struct gssd_k5_kt_princ *ple)
{
if (--ple->refcount)
return;
- printerr(3, "freeing cached principal (ccname=%s, realm=%s)\n", ple->ccname, ple->realm);
+ printerr(3, "freeing cached principal (ccname=%s, realm=%s)\n",
+ ple->ccname, ple->realm);
krb5_free_principal(context, ple->princ);
free(ple->ccname);
free(ple->realm);
free(ple);
}
+static void release_ple(krb5_context context, struct gssd_k5_kt_princ *ple)
+{
+ pthread_mutex_lock(&ple_lock);
+ release_ple_locked(context, ple);
+ pthread_mutex_unlock(&ple_lock);
+}
+
+
/*
* Called from the scandir function to weed out potential krb5
* credentials cache files
@@ -1396,7 +1406,7 @@ gssd_destroy_krb5_principals(int destroy
}
}
- release_ple(context, ple);
+ release_ple_locked(context, ple);
}
pthread_mutex_unlock(&ple_lock);
krb5_free_context(context);

View File

@ -0,0 +1,14 @@
diff -up nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig nfs-utils-2.3.3/utils/gssd/krb5_util.c
--- nfs-utils-2.3.3/utils/gssd/krb5_util.c.orig 2021-11-04 10:13:07.788142847 -0400
+++ nfs-utils-2.3.3/utils/gssd/krb5_util.c 2021-11-04 10:14:10.829841090 -0400
@@ -647,8 +647,8 @@ get_full_hostname(const char *inhost, ch
*c = tolower(*c);
if (get_verbosity() && strcmp(inhost, outhost))
- printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
- inhost, outhost);
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost '%s'\n",
+ __func__, tid, inhost, outhost);
retval = 0;
out:

View File

@ -0,0 +1,625 @@
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
--- nfs-utils-2.3.3/nfs.conf.orig 2021-07-19 09:45:40.441448059 -0400
+++ nfs-utils-2.3.3/nfs.conf 2021-07-19 12:08:55.314182838 -0400
@@ -22,6 +22,8 @@ use-gss-proxy=1
# cred-cache-directory=
# preferred-realm=
# set-home=1
+# upcall-timeout=30
+# cancel-timed-out-upcalls=0
#
[lockd]
# port=0
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2021-07-19 09:45:40.448448246 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2021-07-19 12:08:55.315182865 -0400
@@ -96,8 +96,29 @@ pthread_mutex_t clp_lock = PTHREAD_MUTEX
static bool signal_received = false;
static struct event_base *evbase = NULL;
+int upcall_timeout = DEF_UPCALL_TIMEOUT;
+static bool cancel_timed_out_upcalls = false;
+
TAILQ_HEAD(topdir_list_head, topdir) topdir_list;
+/*
+ * active_thread_list:
+ *
+ * used to track upcalls for timeout purposes.
+ *
+ * protected by the active_thread_list_lock mutex.
+ *
+ * upcall_thread_info structures are added to the tail of the list
+ * by start_upcall_thread(), so entries closer to the head of the list
+ * will be closer to hitting the upcall timeout.
+ *
+ * upcall_thread_info structures are removed from the list upon a
+ * sucessful join of the upcall thread by the watchdog thread (via
+ * scan_active_thread_list().
+ */
+TAILQ_HEAD(active_thread_list_head, upcall_thread_info) active_thread_list;
+pthread_mutex_t active_thread_list_lock = PTHREAD_MUTEX_INITIALIZER;
+
struct topdir {
TAILQ_ENTRY(topdir) list;
TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
@@ -436,6 +457,138 @@ gssd_clnt_krb5_cb(int UNUSED(fd), short
handle_krb5_upcall(clp);
}
+/*
+ * scan_active_thread_list:
+ *
+ * Walks the active_thread_list, trying to join as many upcall threads as
+ * possible. For threads that have terminated, the corresponding
+ * upcall_thread_info will be removed from the list and freed. Threads that
+ * are still busy and have exceeded the upcall_timeout will cause an error to
+ * be logged and may be canceled (depending on the value of
+ * cancel_timed_out_upcalls).
+ *
+ * Returns the number of seconds that the watchdog thread should wait before
+ * calling scan_active_thread_list() again.
+ */
+static int
+scan_active_thread_list(void)
+{
+ struct upcall_thread_info *info;
+ struct timespec now;
+ unsigned int sleeptime;
+ bool sleeptime_set = false;
+ int err;
+ void *tret, *saveprev;
+
+ sleeptime = upcall_timeout;
+ pthread_mutex_lock(&active_thread_list_lock);
+ clock_gettime(CLOCK_MONOTONIC, &now);
+ TAILQ_FOREACH(info, &active_thread_list, list) {
+ err = pthread_tryjoin_np(info->tid, &tret);
+ switch (err) {
+ case 0:
+ /*
+ * The upcall thread has either completed successfully, or
+ * has been canceled _and_ has acted on the cancellation request
+ * (i.e. has hit a cancellation point). We can now remove the
+ * upcall_thread_info from the list and free it.
+ */
+ if (tret == PTHREAD_CANCELED)
+ printerr(3, "watchdog: thread id 0x%lx cancelled successfully\n",
+ info->tid);
+ saveprev = info->list.tqe_prev;
+ TAILQ_REMOVE(&active_thread_list, info, list);
+ free(info);
+ info = saveprev;
+ break;
+ case EBUSY:
+ /*
+ * The upcall thread is still running. If the timeout has expired
+ * then we either cancel the thread, log an error, and do an error
+ * downcall to the kernel (cancel_timed_out_upcalls=true) or simply
+ * log an error (cancel_timed_out_upcalls=false). In either case,
+ * the error is logged only once.
+ */
+ if (now.tv_sec >= info->timeout.tv_sec) {
+ if (cancel_timed_out_upcalls && !(info->flags & UPCALL_THREAD_CANCELED)) {
+ printerr(0, "watchdog: thread id 0x%lx timed out\n",
+ info->tid);
+ pthread_cancel(info->tid);
+ info->flags |= (UPCALL_THREAD_CANCELED|UPCALL_THREAD_WARNED);
+ do_error_downcall(info->fd, info->uid, -ETIMEDOUT);
+ } else {
+ if (!(info->flags & UPCALL_THREAD_WARNED)) {
+ printerr(0, "watchdog: thread id 0x%lx running for %ld seconds\n",
+ info->tid,
+ now.tv_sec - info->timeout.tv_sec + upcall_timeout);
+ info->flags |= UPCALL_THREAD_WARNED;
+ }
+ }
+ } else if (!sleeptime_set) {
+ /*
+ * The upcall thread is still running, but the timeout has not yet
+ * expired. Calculate the time remaining until the timeout will
+ * expire. This is the amount of time the watchdog thread will
+ * wait before running again. We only need to do this for the busy
+ * thread closest to the head of the list - entries appearing later
+ * in the list will time out later.
+ */
+ sleeptime = info->timeout.tv_sec - now.tv_sec;
+ sleeptime_set = true;
+ }
+ break;
+ default:
+ /* EDEADLK, EINVAL, and ESRCH... none of which should happen! */
+ printerr(0, "watchdog: attempt to join thread id 0x%lx returned %d (%s)!\n",
+ info->tid, err, strerror(err));
+ break;
+ }
+ }
+ pthread_mutex_unlock(&active_thread_list_lock);
+
+ return sleeptime;
+}
+
+static void *
+watchdog_thread_fn(void *UNUSED(arg))
+{
+ unsigned int sleeptime;
+
+ for (;;) {
+ sleeptime = scan_active_thread_list();
+ printerr(4, "watchdog: sleeping %u secs\n", sleeptime);
+ sleep(sleeptime);
+ }
+ return (void *)0;
+}
+
+static int
+start_watchdog_thread(void)
+{
+ pthread_attr_t attr;
+ pthread_t th;
+ int ret;
+
+ ret = pthread_attr_init(&attr);
+ if (ret != 0) {
+ printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
+ ret, strerror(errno));
+ return ret;
+ }
+ ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+ if (ret != 0) {
+ printerr(0, "ERROR: failed to create pthread attr: ret %d: %s\n",
+ ret, strerror(errno));
+ return ret;
+ }
+ ret = pthread_create(&th, &attr, watchdog_thread_fn, NULL);
+ if (ret != 0) {
+ printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
+ ret, strerror(errno));
+ }
+ return ret;
+}
+
static struct clnt_info *
gssd_get_clnt(struct topdir *tdi, const char *name)
{
@@ -810,7 +963,7 @@ sig_die(int signal)
static void
usage(char *progname)
{
- fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H]\n",
+ fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-H] [-U upcall timeout] [-C]\n",
progname);
exit(1);
}
@@ -831,6 +984,9 @@ read_gss_conf(void)
#endif
context_timeout = conf_get_num("gssd", "context-timeout", context_timeout);
rpc_timeout = conf_get_num("gssd", "rpc-timeout", rpc_timeout);
+ upcall_timeout = conf_get_num("gssd", "upcall-timeout", upcall_timeout);
+ cancel_timed_out_upcalls = conf_get_bool("gssd", "cancel-timed-out-upcalls",
+ cancel_timed_out_upcalls);
s = conf_get_str("gssd", "pipefs-directory");
if (!s)
s = conf_get_str("general", "pipefs-directory");
@@ -872,7 +1028,7 @@ main(int argc, char *argv[])
verbosity = conf_get_num("gssd", "verbosity", verbosity);
rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
- while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:")) != -1) {
+ while ((opt = getopt(argc, argv, "HDfvrlmnMp:k:d:t:T:R:U:C")) != -1) {
switch (opt) {
case 'f':
fg = 1;
@@ -923,6 +1079,12 @@ main(int argc, char *argv[])
case 'H':
set_home = false;
break;
+ case 'U':
+ upcall_timeout = atoi(optarg);
+ break;
+ case 'C':
+ cancel_timed_out_upcalls = true;
+ break;
default:
usage(argv[0]);
break;
@@ -995,6 +1157,11 @@ main(int argc, char *argv[])
else
progname = argv[0];
+ if (upcall_timeout > MAX_UPCALL_TIMEOUT)
+ upcall_timeout = MAX_UPCALL_TIMEOUT;
+ else if (upcall_timeout < MIN_UPCALL_TIMEOUT)
+ upcall_timeout = MIN_UPCALL_TIMEOUT;
+
initerr(progname, verbosity, fg);
#ifdef HAVE_LIBTIRPC_SET_DEBUG
/*
@@ -1045,6 +1212,14 @@ main(int argc, char *argv[])
gssd_inotify_cb, NULL);
event_add(inotify_ev, NULL);
+ TAILQ_INIT(&active_thread_list);
+
+ rc = start_watchdog_thread();
+ if (rc != 0) {
+ printerr(0, "ERROR: failed to start watchdog thread: %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
TAILQ_INIT(&topdir_list);
gssd_scan();
daemon_ready();
diff -up nfs-utils-2.3.3/utils/gssd/gssd.h.orig nfs-utils-2.3.3/utils/gssd/gssd.h
--- nfs-utils-2.3.3/utils/gssd/gssd.h.orig 2021-07-19 09:45:40.449448272 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.h 2021-07-19 12:08:55.315182865 -0400
@@ -50,6 +50,12 @@
#define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab"
#define GSSD_SERVICE_NAME "nfs"
#define RPC_CHAN_BUF_SIZE 32768
+
+/* timeouts are in seconds */
+#define MIN_UPCALL_TIMEOUT 5
+#define DEF_UPCALL_TIMEOUT 30
+#define MAX_UPCALL_TIMEOUT 600
+
/*
* The gss mechanisms that we can handle
*/
@@ -91,10 +97,22 @@ struct clnt_upcall_info {
char *service;
};
+struct upcall_thread_info {
+ TAILQ_ENTRY(upcall_thread_info) list;
+ pthread_t tid;
+ struct timespec timeout;
+ uid_t uid;
+ int fd;
+ unsigned short flags;
+#define UPCALL_THREAD_CANCELED 0x0001
+#define UPCALL_THREAD_WARNED 0x0002
+};
+
void handle_krb5_upcall(struct clnt_info *clp);
void handle_gssd_upcall(struct clnt_info *clp);
void free_upcall_info(struct clnt_upcall_info *info);
void gssd_free_client(struct clnt_info *clp);
+int do_error_downcall(int k5_fd, uid_t uid, int err);
#endif /* _RPC_GSSD_H_ */
diff -up nfs-utils-2.3.3/utils/gssd/gssd.man.orig nfs-utils-2.3.3/utils/gssd/gssd.man
--- nfs-utils-2.3.3/utils/gssd/gssd.man.orig 2021-07-19 09:45:40.443448112 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.man 2021-07-19 12:08:55.315182865 -0400
@@ -8,7 +8,7 @@
rpc.gssd \- RPCSEC_GSS daemon
.SH SYNOPSIS
.B rpc.gssd
-.RB [ \-DfMnlvrH ]
+.RB [ \-DfMnlvrHC ]
.RB [ \-k
.IR keytab ]
.RB [ \-p
@@ -17,6 +17,10 @@ rpc.gssd \- RPCSEC_GSS daemon
.IR ccachedir ]
.RB [ \-t
.IR timeout ]
+.RB [ \-T
+.IR timeout ]
+.RB [ \-U
+.IR timeout ]
.RB [ \-R
.IR realm ]
.SH INTRODUCTION
@@ -290,7 +294,7 @@ seconds, which allows changing Kerberos
The default is no explicit timeout, which means the kernel context will live
the lifetime of the Kerberos service ticket used in its creation.
.TP
-.B -T timeout
+.BI "-T " timeout
Timeout, in seconds, to create an RPC connection with a server while
establishing an authenticated gss context for a user.
The default timeout is set to 5 seconds.
@@ -298,6 +302,18 @@ If you get messages like "WARNING: can't
%servername% for user with uid %uid%: RPC: Remote system error -
Connection timed out", you should consider an increase of this timeout.
.TP
+.BI "-U " timeout
+Timeout, in seconds, for upcall threads. Threads executing longer than
+.I timeout
+seconds will cause an error message to be logged. The default
+.I timeout
+is 30 seconds. The minimum is 5 seconds. The maximum is 600 seconds.
+.TP
+.B -C
+In addition to logging an error message for threads that have timed out,
+the thread will be canceled and an error of -ETIMEDOUT will be reported
+to the kernel.
+.TP
.B -H
Avoids setting $HOME to "/". This allows rpc.gssd to read per user k5identity
files versus trying to read /.k5identity for each user.
@@ -365,6 +381,17 @@ Equivalent to
Equivalent to
.BR -R .
.TP
+.B upcall-timeout
+Equivalent to
+.BR -U .
+.TP
+.B cancel-timed-out-upcalls
+Setting to
+.B true
+is equivalent to providing the
+.B -C
+flag.
+.TP
.B set-home
Setting to
.B false
diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c
--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2021-07-19 09:45:40.449448272 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2021-07-19 12:08:55.316182891 -0400
@@ -81,11 +81,24 @@
#include "gss_names.h"
extern pthread_mutex_t clp_lock;
+extern pthread_mutex_t active_thread_list_lock;
+extern int upcall_timeout;
+extern TAILQ_HEAD(active_thread_list_head, upcall_thread_info) active_thread_list;
/* Encryption types supported by the kernel rpcsec_gss code */
int num_krb5_enctypes = 0;
krb5_enctype *krb5_enctypes = NULL;
+/* Args for the cleanup_handler() */
+struct cleanup_args {
+ OM_uint32 *min_stat;
+ gss_buffer_t acceptor;
+ gss_buffer_t token;
+ struct authgss_private_data *pd;
+ AUTH **auth;
+ CLIENT **rpc_clnt;
+};
+
/*
* Parse the supported encryption type information
*/
@@ -184,7 +197,7 @@ out_err:
return;
}
-static int
+int
do_error_downcall(int k5_fd, uid_t uid, int err)
{
char buf[1024];
@@ -604,27 +617,66 @@ out:
}
/*
+ * cleanup_handler:
+ *
+ * Free any resources allocated by process_krb5_upcall().
+ *
+ * Runs upon normal termination of process_krb5_upcall as well as if the
+ * thread is canceled.
+ */
+static void
+cleanup_handler(void *arg)
+{
+ struct cleanup_args *args = (struct cleanup_args *)arg;
+
+ gss_release_buffer(args->min_stat, args->acceptor);
+ if (args->token->value)
+ free(args->token->value);
+#ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA
+ if (args->pd->pd_ctx_hndl.length != 0 || args->pd->pd_ctx != 0)
+ authgss_free_private_data(args->pd);
+#endif
+ if (*args->auth)
+ AUTH_DESTROY(*args->auth);
+ if (*args->rpc_clnt)
+ clnt_destroy(*args->rpc_clnt);
+}
+
+/*
+ * process_krb5_upcall:
+ *
* this code uses the userland rpcsec gss library to create a krb5
* context on behalf of the kernel
+ *
+ * This is the meat of the upcall thread. Note that cancelability is disabled
+ * and enabled at various points to ensure that any resources reserved by the
+ * lower level libraries are released safely.
*/
static void
-process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *srchost,
- char *tgtname, char *service)
+process_krb5_upcall(struct clnt_upcall_info *info)
{
+ struct clnt_info *clp = info->clp;
+ uid_t uid = info->uid;
+ int fd = info->fd;
+ char *srchost = info->srchost;
+ char *tgtname = info->target;
+ char *service = info->service;
CLIENT *rpc_clnt = NULL;
AUTH *auth = NULL;
struct authgss_private_data pd;
gss_buffer_desc token;
- int err, downcall_err = -EACCES;
+ int err, downcall_err;
OM_uint32 maj_stat, min_stat, lifetime_rec;
gss_name_t gacceptor = GSS_C_NO_NAME;
gss_OID mech;
gss_buffer_desc acceptor = {0};
+ struct cleanup_args cleanup_args = {&min_stat, &acceptor, &token, &pd, &auth, &rpc_clnt};
token.length = 0;
token.value = NULL;
memset(&pd, 0, sizeof(struct authgss_private_data));
+ pthread_cleanup_push(cleanup_handler, &cleanup_args);
/*
* If "service" is specified, then the kernel is indicating that
* we must use machine credentials for this request. (Regardless
@@ -646,6 +698,8 @@ process_krb5_upcall(struct clnt_info *cl
* used for this case is not important.
*
*/
+ downcall_err = -EACCES;
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0 &&
service == NULL)) {
@@ -666,15 +720,21 @@ process_krb5_upcall(struct clnt_info *cl
goto out_return_error;
}
}
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_testcancel();
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
if (!authgss_get_private_data(auth, &pd)) {
printerr(1, "WARNING: Failed to obtain authentication "
"data for user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
}
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_testcancel();
/* Grab the context lifetime and acceptor name out of the ctx. */
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
maj_stat = gss_inquire_context(&min_stat, pd.pd_ctx, NULL, &gacceptor,
&lifetime_rec, &mech, NULL, NULL, NULL);
@@ -686,37 +746,35 @@ process_krb5_upcall(struct clnt_info *cl
get_hostbased_client_buffer(gacceptor, mech, &acceptor);
gss_release_name(&min_stat, &gacceptor);
}
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_testcancel();
/*
* The serialization can mean turning pd.pd_ctx into a lucid context. If
* that happens then the pd.pd_ctx will be unusable, so we must never
* try to use it after this point.
*/
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
if (serialize_context_for_kernel(&pd.pd_ctx, &token, &krb5oid, NULL)) {
printerr(1, "WARNING: Failed to serialize krb5 context for "
"user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
}
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_testcancel();
do_downcall(fd, uid, &pd, &token, lifetime_rec, &acceptor);
out:
- gss_release_buffer(&min_stat, &acceptor);
- if (token.value)
- free(token.value);
-#ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA
- if (pd.pd_ctx_hndl.length != 0 || pd.pd_ctx != 0)
- authgss_free_private_data(&pd);
-#endif
- if (auth)
- AUTH_DESTROY(auth);
- if (rpc_clnt)
- clnt_destroy(rpc_clnt);
+ pthread_cleanup_pop(1);
return;
out_return_error:
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_testcancel();
+
do_error_downcall(fd, uid, downcall_err);
goto out;
}
@@ -782,36 +840,69 @@ void free_upcall_info(struct clnt_upcall
}
static void
-gssd_work_thread_fn(struct clnt_upcall_info *info)
+cleanup_clnt_upcall_info(void *arg)
{
- process_krb5_upcall(info->clp, info->uid, info->fd, info->srchost, info->target, info->service);
+ struct clnt_upcall_info *info = (struct clnt_upcall_info *)arg;
+
free_upcall_info(info);
}
+static void
+gssd_work_thread_fn(struct clnt_upcall_info *info)
+{
+ pthread_cleanup_push(cleanup_clnt_upcall_info, info);
+ process_krb5_upcall(info);
+ pthread_cleanup_pop(1);
+}
+
+static struct upcall_thread_info *
+alloc_upcall_thread_info(void)
+{
+ struct upcall_thread_info *info;
+
+ info = malloc(sizeof(struct upcall_thread_info));
+ if (info == NULL)
+ return NULL;
+ memset(info, 0, sizeof(*info));
+ return info;
+}
+
static int
-start_upcall_thread(void (*func)(struct clnt_upcall_info *), void *info)
+start_upcall_thread(void (*func)(struct clnt_upcall_info *), struct clnt_upcall_info *info)
{
pthread_attr_t attr;
pthread_t th;
+ struct upcall_thread_info *tinfo;
int ret;
+ tinfo = alloc_upcall_thread_info();
+ if (!tinfo)
+ return -ENOMEM;
+ tinfo->fd = info->fd;
+ tinfo->uid = info->uid;
+
ret = pthread_attr_init(&attr);
if (ret != 0) {
printerr(0, "ERROR: failed to init pthread attr: ret %d: %s\n",
ret, strerror(errno));
- return ret;
- }
- ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
- if (ret != 0) {
- printerr(0, "ERROR: failed to create pthread attr: ret %d: "
- "%s\n", ret, strerror(errno));
+ free(tinfo);
return ret;
}
ret = pthread_create(&th, &attr, (void *)func, (void *)info);
- if (ret != 0)
+ if (ret != 0) {
printerr(0, "ERROR: pthread_create failed: ret %d: %s\n",
ret, strerror(errno));
+ free(tinfo);
+ return ret;
+ }
+ tinfo->tid = th;
+ pthread_mutex_lock(&active_thread_list_lock);
+ clock_gettime(CLOCK_MONOTONIC, &tinfo->timeout);
+ tinfo->timeout.tv_sec += upcall_timeout;
+ TAILQ_INSERT_TAIL(&active_thread_list, tinfo, list);
+ pthread_mutex_unlock(&active_thread_list_lock);
+
return ret;
}

View File

@ -0,0 +1,70 @@
commit 104f90f4ce964ddcfe50d4d24cc5e7ff96952299
Author: Steve Dickson <steved@redhat.com>
Date: Sat Oct 20 12:01:37 2018 -0400
gssd: Introduce use-gss-proxy boolean to nfs.conf
Allow the used of the gssprox-mech(8) through a the
boolean variable in the [gssd] section of nfs.conf
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/nfs.conf b/nfs.conf
index 0d0ec9b..5546109 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -11,6 +11,7 @@
#[gssd]
# use-memcache=0
# use-machine-creds=1
+# use-gss-proxy=0
# avoid-dns=1
# limit-to-legacy-enctypes=0
# context-timeout=0
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
index 189b052..699db3f 100644
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -213,6 +213,7 @@ for details.
Recognized values:
.BR use-memcache ,
.BR use-machine-creds ,
+.BR use-gss-proxy ,
.BR avoid-dns ,
.BR limit-to-legacy-enctypes ,
.BR context-timeout ,
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 00df2fc..2e92f28 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -89,6 +89,7 @@ char *preferred_realm = NULL;
char *ccachedir = NULL;
/* Avoid DNS reverse lookups on server names */
static bool avoid_dns = true;
+static bool use_gssproxy = false;
int thread_started = false;
pthread_mutex_t pmutex = PTHREAD_MUTEX_INITIALIZER;
pthread_cond_t pcond = PTHREAD_COND_INITIALIZER;
@@ -872,6 +873,7 @@ read_gss_conf(void)
if (s)
preferred_realm = s;
+ use_gssproxy = conf_get_bool("gssd", "use-gss-proxy", use_gssproxy);
}
int
@@ -957,6 +959,14 @@ main(int argc, char *argv[])
exit(1);
}
+ if (use_gssproxy) {
+ if (setenv("GSS_USE_PROXY", "yes", 1) < 0) {
+ printerr(0, "gssd: Unable to set $GSS_USE_PROXY: %s\n",
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ }
+
if (ccachedir) {
char *ccachedir_copy;
char *ptr;

View File

@ -0,0 +1,52 @@
commit 64d83364b08ab32c6b8fee903529314349175772
Author: Pierguido Lambri <plambri@redhat.com>
Date: Mon Mar 11 13:50:57 2019 -0400
gssd: add verbosity options to the rpc.gssd man page
It also adds the commented out entries in the nfs.conf
default file.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1668026
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
--- nfs-utils-2.3.3/nfs.conf.orig 2019-03-19 11:04:16.903567972 -0400
+++ nfs-utils-2.3.3/nfs.conf 2019-03-19 11:10:54.452251970 -0400
@@ -9,6 +9,8 @@
# debug=0
#
[gssd]
+# verbosity=0
+# rpc-verbosity=0
# use-memcache=0
# use-machine-creds=1
use-gss-proxy=1
diff -up nfs-utils-2.3.3/systemd/nfs.conf.man.orig nfs-utils-2.3.3/systemd/nfs.conf.man
--- nfs-utils-2.3.3/systemd/nfs.conf.man.orig 2019-03-19 11:04:16.911567926 -0400
+++ nfs-utils-2.3.3/systemd/nfs.conf.man 2019-03-19 11:10:54.452251970 -0400
@@ -211,6 +211,8 @@ for details.
.TP
.B gssd
Recognized values:
+.BR verbosity ,
+.BR rpc-verbosity ,
.BR use-memcache ,
.BR use-machine-creds ,
.BR use-gss-proxy ,
diff -up nfs-utils-2.3.3/utils/gssd/gssd.c.orig nfs-utils-2.3.3/utils/gssd/gssd.c
--- nfs-utils-2.3.3/utils/gssd/gssd.c.orig 2019-03-19 11:04:16.893568031 -0400
+++ nfs-utils-2.3.3/utils/gssd/gssd.c 2019-03-19 11:10:54.453251964 -0400
@@ -890,8 +890,8 @@ main(int argc, char *argv[])
read_gss_conf();
- verbosity = conf_get_num("gssd", "Verbosity", verbosity);
- rpc_verbosity = conf_get_num("gssd", "RPC-Verbosity", rpc_verbosity);
+ verbosity = conf_get_num("gssd", "verbosity", verbosity);
+ rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity);
while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
switch (opt) {

View File

@ -0,0 +1,12 @@
diff -up nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c.orig nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c
--- nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c.orig 2020-05-05 14:07:24.642693179 -0400
+++ nfs-utils-2.3.3/utils/nfsidmap/nfsidmap.c 2020-05-05 14:08:39.054849153 -0400
@@ -432,7 +432,7 @@ int main(int argc, char **argv)
xlog_stderr(verbose);
if ((argc - optind) != 2) {
- xlog_warn("Bad arg count. Check /etc/request-key.conf");
+ xlog_warn("Bad arg count. Check /etc/request-key.d/request-key.conf");
xlog_warn(USAGE, progname);
return EXIT_FAILURE;
}

View File

@ -0,0 +1,57 @@
commit efefa7845601f551820fa17cb0808dbb3c3cc3dd
Author: Steve Dickson <steved@redhat.com>
Date: Wed Nov 13 09:32:00 2019 -0500
junction: Fixed debug statement to compile with -Werror=format=2 flag
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/junction/xml.c b/support/junction/xml.c
index 79b0770..7005e95 100644
--- a/support/junction/xml.c
+++ b/support/junction/xml.c
@@ -327,8 +327,8 @@ junction_parse_xml_read(const char *pathname, int fd, const char *name,
if (retval != FEDFS_OK)
return retval;
- xlog(D_CALL, "%s: XML document contained in junction:\n%.*s",
- __func__, len, buf);
+ xlog(D_CALL, "%s: XML document contained in junction:\n%ld.%s",
+ __func__, len, (char *)buf);
retval = junction_parse_xml_buf(pathname, name, buf, len, doc);
commit f7c0c0dc4a02d87965d3fbbab69786ca07fdecea
Author: Guillaume Rousse <guillomovitch@gmail.com>
Date: Fri Nov 22 10:20:03 2019 -0500
fix compilation with -Werror=format on i586
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/junction/xml.c b/support/junction/xml.c
index 7005e95..813110b 100644
--- a/support/junction/xml.c
+++ b/support/junction/xml.c
@@ -327,7 +327,7 @@ junction_parse_xml_read(const char *pathname, int fd, const char *name,
if (retval != FEDFS_OK)
return retval;
- xlog(D_CALL, "%s: XML document contained in junction:\n%ld.%s",
+ xlog(D_CALL, "%s: XML document contained in junction:\n%zu.%s",
__func__, len, (char *)buf);
retval = junction_parse_xml_buf(pathname, name, buf, len, doc);
diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c
index b392f71..ea51f78 100644
--- a/tools/locktest/testlk.c
+++ b/tools/locktest/testlk.c
@@ -81,7 +81,7 @@ main(int argc, char **argv)
if (fl.l_type == F_UNLCK) {
printf("%s: no conflicting lock\n", fname);
} else {
- printf("%s: conflicting lock by %d on (%ld;%ld)\n",
+ printf("%s: conflicting lock by %d on (%zd;%zd)\n",
fname, fl.l_pid, fl.l_start, fl.l_len);
}
return 0;

View File

@ -0,0 +1,162 @@
diff --git a/aclocal/libxml2.m4 b/aclocal/libxml2.m4
index 5c399b2..8231553 100644
--- a/aclocal/libxml2.m4
+++ b/aclocal/libxml2.m4
@@ -1,15 +1,17 @@
dnl Checks for libxml2.so
AC_DEFUN([AC_LIBXML2], [
- if test "$enable_junction" = yes; then
+ PKG_PROG_PKG_CONFIG([0.9.0])
+ AS_IF(
+ [test "$enable_junction" = "yes"],
+ [PKG_CHECK_MODULES([XML2], [libxml-2.0 >= 2.4],
+ [LIBXML2="${XML2_LIBS}"
+ AM_CPPFLAGS="${AM_CPPFLAGS} ${XML2_CFLAGS}"
+ AC_DEFINE([HAVE_LIBXML2], [1],
+ [Define to 1 if you have and wish to use libxml2.])],
+ [AC_MSG_ERROR([libxml2 not found.])])])
- dnl look for the library; do not add to LIBS if found
- AC_CHECK_LIB([xml2], [xmlParseFile], [LIBXML2=-lxml2],
- [AC_MSG_ERROR([libxml2 not found.])])
- AC_SUBST(LIBXML2)
-
- dnl XXX should also check for presence of xml headers
-
- fi
+ AC_SUBST([AM_CPPFLAGS])
+ AC_SUBST(LIBXML2)
])dnl
diff --git a/configure.ac b/configure.ac
index cf1c4b9..b458891 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,7 +165,7 @@ AC_ARG_ENABLE(uuid,
choose_blkid=default)
AC_ARG_ENABLE(mount,
[AC_HELP_STRING([--disable-mount],
- [Don't build mount.nfs and do use the util-linux mount(8) functionality. @<:@default=no@:>@])],
+ [Do not build mount.nfs and do use the util-linux mount(8) functionality. @<:@default=no@:>@])],
enable_mount=$enableval,
enable_mount=yes)
AM_CONDITIONAL(CONFIG_MOUNT, [test "$enable_mount" = "yes"])
@@ -185,7 +185,13 @@ AC_ARG_ENABLE(junction,
[enable support for NFS junctions @<:@default=no@:>@])],
enable_junction=$enableval,
enable_junction=no)
-AM_CONDITIONAL(CONFIG_JUNCTION, [test "$enable_junction" = "yes" ])
+ if test "$enable_junction" = yes; then
+ AC_DEFINE(HAVE_JUNCTION_SUPPORT, 1,
+ [Define this if you want junction support compiled in])
+ else
+ enable_junction=
+ fi
+ AM_CONDITIONAL(CONFIG_JUNCTION, [test "$enable_junction" = "yes" ])
AC_ARG_ENABLE(tirpc,
[AC_HELP_STRING([--disable-tirpc],
diff --git a/support/junction/Makefile.am b/support/junction/Makefile.am
index 97e7426..be6958b 100644
--- a/support/junction/Makefile.am
+++ b/support/junction/Makefile.am
@@ -30,5 +30,3 @@ libjunction_la_SOURCES = display.c export-cache.c junction.c \
locations.c nfs.c path.c xml.c
MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I. -I../include -I/usr/include/libxml2
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 6f42512..7e8d403 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -976,8 +976,9 @@ lookup_export(char *dom, char *path, struct addrinfo *ai)
return found;
}
-#ifdef CONFIG_JUNCTION
+#ifdef HAVE_JUNCTION_SUPPORT
+#include <libxml/parser.h>
#include "junction.h"
struct nfs_fsloc_set {
@@ -1084,8 +1085,7 @@ static bool locations_to_fslocdata(struct nfs_fsloc_set *locations,
*ttl = 0;
for (;;) {
- enum jp_status status;
- int len;
+ int len, status;
status = get_next_location(locations, &server,
&rootpath, ttl);
@@ -1219,7 +1219,7 @@ nfs_get_basic_junction(const char *junct_path, struct nfs_fsloc_set **locset)
return EINVAL;
}
- locset->ns_current = locset->ns_list;
+ new->ns_current = new->ns_list;
new->ns_ttl = 300;
*locset = new;
return 0;
@@ -1242,7 +1242,7 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
status = nfs_get_basic_junction(pathname, &locations);
switch (status) {
xlog(L_WARNING, "Dangling junction %s: %s",
- pathname, strerro(status));
+ pathname, strerror(status));
goto out;
}
@@ -1252,8 +1252,8 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
exp = locations_to_export(locations, pathname, parent);
- nfs_free_locations(locset->ns_list);
- free(locset);
+ nfs_free_locations(locations->ns_list);
+ free(locations);
out:
xmlCleanupParser();
@@ -1273,7 +1273,7 @@ static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path
free(eep);
}
-#else /* !CONFIG_JUNCTION */
+#else /* !HAVE_JUNCTION_SUPPORT */
static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path,
struct addrinfo *UNUSED(ai))
@@ -1281,7 +1281,7 @@ static void lookup_nonexport(int f, char *buf, int buflen, char *dom, char *path
dump_to_cache(f, buf, buflen, dom, path, NULL, 0);
}
-#endif /* !CONFIG_JUNCTION */
+#endif /* !HAVE_JUNCTION_SUPPORT */
static void nfsd_export(int f)
{
diff --git a/utils/nfsref/Makefile.am b/utils/nfsref/Makefile.am
index 2b2bb53..2409dd0 100644
--- a/utils/nfsref/Makefile.am
+++ b/utils/nfsref/Makefile.am
@@ -27,13 +27,11 @@ noinst_HEADERS = nfsref.h
sbin_PROGRAMS = nfsref
nfsref_SOURCES = add.c lookup.c nfsref.c remove.c
-LDADD = $(LIBXML2) $(LIBCAP) \
- ../../support/nfs/libnfs.la \
- ../../support/junction/libjunction.la
+LDADD = ../../support/nfs/libnfs.la \
+ ../../support/junction/libjunction.la \
+ $(LIBXML2) $(LIBCAP)
man8_MANS = nfsref.man
MAINTAINERCLEANFILES = Makefile.in
-AM_CPPFLAGS = -I. -I../../support/include
-##AM_LDFLAGS = -Wl,--as-needed

View File

@ -0,0 +1,49 @@
From fd2e952319c748e1c7babb1db97b371ebf6748a9 Mon Sep 17 00:00:00 2001
From: Alice J Mitchell <ajmitchell@redhat.com>
Date: Mon, 29 Jul 2019 15:47:40 +0100
Subject: [PATCH] Fix the error handling if the lseek fails
The error case when lseek returns a negative value was not correctly handled,
and the error cleanup routine was potentially leaking memory also.
Signed-off-by: Alice J Mitchell <ajmitchell@redhat.com>
---
support/nfs/conffile.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
index b6400be..6ba8a35 100644
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -500,7 +500,7 @@ conf_readfile(const char *path)
if ((stat (path, &sb) == 0) || (errno != ENOENT)) {
char *new_conf_addr = NULL;
- size_t sz = sb.st_size;
+ off_t sz;
int fd = open (path, O_RDONLY, 0);
if (fd == -1) {
@@ -517,6 +517,11 @@ conf_readfile(const char *path)
/* only after we have the lock, check the file size ready to read it */
sz = lseek(fd, 0, SEEK_END);
+ if (sz < 0) {
+ xlog_warn("conf_readfile: unable to determine file size: %s",
+ strerror(errno));
+ goto fail;
+ }
lseek(fd, 0, SEEK_SET);
new_conf_addr = malloc(sz+1);
@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg,
ret = 0;
cleanup:
+ flush_outqueue(&inqueue, NULL);
flush_outqueue(&outqueue, NULL);
if (buff)
--
1.8.3.1

View File

@ -1,8 +1,8 @@
diff -up nfs-utils-2.5.4/utils/mountd/mountd.man.orig nfs-utils-2.5.4/utils/mountd/mountd.man diff -up nfs-utils-2.3.3/utils/mountd/mountd.man.orig nfs-utils-2.3.3/utils/mountd/mountd.man
--- nfs-utils-2.5.4/utils/mountd/mountd.man.orig 2022-01-22 16:56:29.715967394 -0500 --- nfs-utils-2.3.3/utils/mountd/mountd.man.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.5.4/utils/mountd/mountd.man 2022-01-22 16:57:07.494103095 -0500 +++ nfs-utils-2.3.3/utils/mountd/mountd.man 2018-10-26 09:53:10.005127368 -0400
@@ -291,36 +291,7 @@ section include @@ -232,36 +232,7 @@ section include
which each have the same meaning as given by which each have same same meaning as given by
.BR rpc.nfsd (8). .BR rpc.nfsd (8).
-.SH TCP_WRAPPERS SUPPORT -.SH TCP_WRAPPERS SUPPORT
@ -39,7 +39,7 @@ diff -up nfs-utils-2.5.4/utils/mountd/mountd.man.orig nfs-utils-2.5.4/utils/moun
TI-RPC is a pre-requisite for supporting NFS on IPv6. TI-RPC is a pre-requisite for supporting NFS on IPv6.
If TI-RPC support is built into If TI-RPC support is built into
.BR rpc.mountd , .BR rpc.mountd ,
@@ -347,7 +318,6 @@ table of clients accessing server's expo @@ -288,7 +259,6 @@ table of clients accessing server's expo
.BR nfs (5), .BR nfs (5),
.BR nfs.conf (5), .BR nfs.conf (5),
.BR tcpd (8), .BR tcpd (8),
@ -47,10 +47,10 @@ diff -up nfs-utils-2.5.4/utils/mountd/mountd.man.orig nfs-utils-2.5.4/utils/moun
.BR iptables (8), .BR iptables (8),
.BR netconfig (5) .BR netconfig (5)
.sp .sp
diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/statd.man diff -up nfs-utils-2.3.3/utils/statd/statd.man.orig nfs-utils-2.3.3/utils/statd/statd.man
--- nfs-utils-2.5.4/utils/statd/statd.man.orig 2022-01-22 16:56:29.718967405 -0500 --- nfs-utils-2.3.3/utils/statd/statd.man.orig 2018-10-26 09:52:27.609358805 -0400
+++ nfs-utils-2.5.4/utils/statd/statd.man 2022-01-22 16:57:07.495103099 -0500 +++ nfs-utils-2.3.3/utils/statd/statd.man 2018-10-26 09:53:37.345978117 -0400
@@ -325,28 +325,6 @@ chooses, simply use @@ -319,28 +319,6 @@ chooses, simply use
.BR chown (1) .BR chown (1)
to set the owner of to set the owner of
the state directory. the state directory.
@ -79,7 +79,7 @@ diff -up nfs-utils-2.5.4/utils/statd/statd.man.orig nfs-utils-2.5.4/utils/statd/
.SH ADDITIONAL NOTES .SH ADDITIONAL NOTES
Lock recovery after a reboot is critical to maintaining data integrity Lock recovery after a reboot is critical to maintaining data integrity
and preventing unnecessary application hangs. and preventing unnecessary application hangs.
@@ -451,7 +429,6 @@ network transport capability database @@ -445,7 +423,6 @@ network transport capability database
.BR rpc.nfsd (8), .BR rpc.nfsd (8),
.BR rpcbind (8), .BR rpcbind (8),
.BR tcpd (8), .BR tcpd (8),

View File

@ -0,0 +1,37 @@
From ccdd8c803182f5c172580379a56e84a23789cf0d Mon Sep 17 00:00:00 2001
From: Alice J Mitchell <ajmitchell@redhat.com>
Date: Mon, 29 Jul 2019 15:49:34 +0100
Subject: [PATCH] Fix memory leak on error in nfs-server-generator
Fix the trivial memory leak in the error handling of nfs-server-generator
Resolves: bz1440524
Signed-off-by: Alice J Mitchell <ajmitchell@redhat.com>
---
systemd/nfs-server-generator.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/systemd/nfs-server-generator.c b/systemd/nfs-server-generator.c
index 737f109..eec98fd 100644
--- a/systemd/nfs-server-generator.c
+++ b/systemd/nfs-server-generator.c
@@ -25,6 +25,7 @@
#include <ctype.h>
#include <stdio.h>
#include <mntent.h>
+#include <alloca.h>
#include "misc.h"
#include "nfslib.h"
@@ -98,7 +99,7 @@ int main(int argc, char *argv[])
exit(1);
}
- path = malloc(strlen(argv[1]) + sizeof(dirbase) + sizeof(filebase));
+ path = alloca(strlen(argv[1]) + sizeof(dirbase) + sizeof(filebase));
if (!path)
exit(2);
if (export_read(_PATH_EXPORTS, 1) +
--
1.8.3.1

View File

@ -0,0 +1,14 @@
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2022-02-14 11:28:51.570084952 -0500
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2022-02-14 11:29:16.174450628 -0500
@@ -966,7 +966,9 @@ fall_back:
if ((result = nfs_try_mount_v3v2(mi, FALSE)))
return result;
- errno = olderrno;
+ if (errno != EBUSY && errno != EACCES)
+ errno = olderrno;
+
return result;
}

View File

@ -0,0 +1,48 @@
commit a709f25c1da4a2fb44a1f3fd060298fbbd88aa3c
Author: Steve Dickson <steved@redhat.com>
Date: Tue May 14 15:52:50 2019 -0400
mount: Report correct error in the fall_back cases.
In mount auto negotiation, a v3 mount is tried
when the v4 fails with error that could mean
v4 is not supported.
When the v3 mount fails, the original v4 failure
should be used to set the errno, not the v3 failure.
Fixes:https://bugzilla.redhat.com/show_bug.cgi?id=1709961
Signed-off-by: Steve Dickson <steved@redhat.com>
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2019-08-12 10:58:32.610650773 -0400
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2019-08-12 11:10:39.661142985 -0400
@@ -888,7 +888,7 @@ out:
*/
static int nfs_autonegotiate(struct nfsmount_info *mi)
{
- int result;
+ int result, olderrno;
result = nfs_try_mount_v4(mi);
check_result:
@@ -948,7 +948,18 @@ fall_back:
if (mi->version.v_mode == V_GENERAL)
/* v2,3 fallback not allowed */
return result;
- return nfs_try_mount_v3v2(mi, FALSE);
+
+ /*
+ * Save the original errno in case the v3
+ * mount fails from one of the fall_back cases.
+ * Report the first failure not the v3 mount failure
+ */
+ olderrno = errno;
+ if ((result = nfs_try_mount_v3v2(mi, FALSE)))
+ return result;
+
+ errno = olderrno;
+ return result;
}
/*

View File

@ -0,0 +1,47 @@
diff -up nfs-utils-2.3.3/utils/mount/Makefile.am.orig nfs-utils-2.3.3/utils/mount/Makefile.am
--- nfs-utils-2.3.3/utils/mount/Makefile.am.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/mount/Makefile.am 2018-10-25 10:27:33.881804941 -0400
@@ -27,6 +27,7 @@ endif
mount_nfs_LDADD = ../../support/nfs/libnfs.la \
../../support/export/libexport.a \
+ ../../support/misc/libmisc.a \
$(LIBTIRPC)
mount_nfs_SOURCES = $(mount_common)
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.orig nfs-utils-2.3.3/utils/mount/stropts.c
--- nfs-utils-2.3.3/utils/mount/stropts.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2018-10-25 10:27:59.733825016 -0400
@@ -48,6 +48,7 @@
#include "version.h"
#include "parse_dev.h"
#include "conffile.h"
+#include "misc.h"
#ifndef NFS_PROGRAM
#define NFS_PROGRAM (100003)
@@ -1078,14 +1079,18 @@ static int nfsmount_fg(struct nfsmount_i
if (nfs_try_mount(mi))
return EX_SUCCESS;
- if (errno == EBUSY)
- /* The only cause of EBUSY is if exactly the desired
- * filesystem is already mounted. That can arguably
- * be seen as success. "mount -a" tries to optimise
- * out this case but sometimes fails. Help it out
- * by pretending everything is rosy
+#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+ if (errno == EBUSY && is_mountpoint(mi->node)) {
+#pragma GCC diagnostic warning "-Wdiscarded-qualifiers"
+ /*
+ * EBUSY can happen when mounting a filesystem that
+ * is already mounted or when the context= are
+ * different when using the -o sharecache
+ *
+ * Only error out in the latter case.
*/
return EX_SUCCESS;
+ }
if (nfs_is_permanent_error(errno))
break;

View File

@ -0,0 +1,116 @@
diff -up nfs-utils-2.3.3/utils/mount/nfs.man.save nfs-utils-2.3.3/utils/mount/nfs.man
--- nfs-utils-2.3.3/utils/mount/nfs.man.save 2021-07-28 14:42:20.977740892 -0400
+++ nfs-utils-2.3.3/utils/mount/nfs.man 2021-07-28 14:42:01.133212815 -0400
@@ -525,6 +525,13 @@ using the FS-Cache facility. See cachefi
and <kernel_soruce>/Documentation/filesystems/caching
for detail on how to configure the FS-Cache facility.
Default value is nofsc.
+.TP 1.5i
+.B sloppy
+The
+.B sloppy
+option is an alternative to specifying
+.BR mount.nfs " -s " option.
+
.SS "Options for NFS versions 2 and 3 only"
Use these options, along with the options in the above subsection,
for NFS versions 2 and 3 only.
diff -up nfs-utils-2.3.3/utils/mount/parse_opt.c.save nfs-utils-2.3.3/utils/mount/parse_opt.c
--- nfs-utils-2.3.3/utils/mount/parse_opt.c.save 2021-07-28 14:40:15.467400995 -0400
+++ nfs-utils-2.3.3/utils/mount/parse_opt.c 2021-07-28 14:39:57.666927309 -0400
@@ -178,6 +178,22 @@ static void options_tail_insert(struct m
options->count++;
}
+static void options_head_insert(struct mount_options *options,
+ struct mount_option *option)
+{
+ struct mount_option *ohead = options->head;
+
+ option->prev = NULL;
+ option->next = ohead;
+ if (ohead)
+ ohead->prev = option;
+ else
+ options->tail = option;
+ options->head = option;
+
+ options->count++;
+}
+
static void options_delete(struct mount_options *options,
struct mount_option *option)
{
@@ -374,6 +390,23 @@ po_return_t po_join(struct mount_options
}
/**
+ * po_insert - insert an option into a group of options
+ * @options: pointer to mount options
+ * @option: pointer to a C string containing the option to add
+ *
+ */
+po_return_t po_insert(struct mount_options *options, char *str)
+{
+ struct mount_option *option = option_create(str);
+
+ if (option) {
+ options_head_insert(options, option);
+ return PO_SUCCEEDED;
+ }
+ return PO_FAILED;
+}
+
+/**
* po_append - concatenate an option onto a group of options
* @options: pointer to mount options
* @option: pointer to a C string containing the option to add
diff -up nfs-utils-2.3.3/utils/mount/parse_opt.h.save nfs-utils-2.3.3/utils/mount/parse_opt.h
--- nfs-utils-2.3.3/utils/mount/parse_opt.h.save 2021-07-28 14:40:54.292434148 -0400
+++ nfs-utils-2.3.3/utils/mount/parse_opt.h 2021-07-28 14:39:57.666927309 -0400
@@ -43,6 +43,7 @@ void po_replace(struct mount_options *
struct mount_options *);
po_return_t po_join(struct mount_options *, char **);
+po_return_t po_insert(struct mount_options *, char *);
po_return_t po_append(struct mount_options *, char *);
po_found_t po_contains(struct mount_options *, char *);
po_found_t po_contains_prefix(struct mount_options *options,
diff -up nfs-utils-2.3.3/utils/mount/stropts.c.save nfs-utils-2.3.3/utils/mount/stropts.c
--- nfs-utils-2.3.3/utils/mount/stropts.c.save 2021-07-28 14:41:14.842981010 -0400
+++ nfs-utils-2.3.3/utils/mount/stropts.c 2021-07-28 14:42:01.134212842 -0400
@@ -336,13 +336,21 @@ static int nfs_verify_lock_option(struct
return 1;
}
-static int nfs_append_sloppy_option(struct mount_options *options)
+static int nfs_insert_sloppy_option(struct mount_options *options)
{
- if (!sloppy || linux_version_code() < MAKE_VERSION(2, 6, 27))
+ if (linux_version_code() < MAKE_VERSION(2, 6, 27))
return 1;
- if (po_append(options, "sloppy") == PO_FAILED)
- return 0;
+ if (po_contains(options, "sloppy")) {
+ po_remove_all(options, "sloppy");
+ sloppy++;
+ }
+
+ if (sloppy) {
+ if (po_insert(options, "sloppy") == PO_FAILED)
+ return 0;
+ }
+
return 1;
}
@@ -424,7 +432,7 @@ static int nfs_validate_options(struct n
if (!nfs_set_version(mi))
return 0;
- if (!nfs_append_sloppy_option(mi->options))
+ if (!nfs_insert_sloppy_option(mi->options))
return 0;
return 1;

View File

@ -0,0 +1,77 @@
commit 50ef80739d9e1e0df6616289ef2ff626a94666ee
Author: Steve Dickson <steved@redhat.com>
Date: Thu May 23 09:24:49 2019 -0400
rpc.mountd: Fix e_hostname and e_uuid leaks
strdup of exportent uuid and hostname in getexportent() ends up leaking
memory. Free the memory before getexportent() is called again from xtab_read()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1713360
Signed-off-by: Nikhil Kshirsagar <nkshirsa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/export/xtab.c b/support/export/xtab.c
index d42eeef..1e1d679 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -50,6 +50,14 @@ xtab_read(char *xtab, char *lockfn, int is_export)
while ((xp = getexportent(is_export==0, 0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
continue;
}
switch (is_export) {
@@ -62,7 +70,16 @@ xtab_read(char *xtab, char *lockfn, int is_export)
if ((xp->e_flags & NFSEXP_FSID) && xp->e_fsid == 0)
v4root_needed = 0;
break;
- }
+ }
+ if(xp->e_hostname) {
+ free(xp->e_hostname);
+ xp->e_hostname=NULL;
+ }
+ if(xp->e_uuid) {
+ free(xp->e_uuid);
+ xp->e_uuid=NULL;
+ }
+
}
endexportent();
xfunlock(lockid);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 5f4cb95..a7582ca 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexports)
}
ee.e_hostname = xstrdup(hostname);
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0)
- return NULL;
+ if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
+ if(ee.e_hostname)
+ {
+ xfree(ee.e_hostname);
+ ee.e_hostname=NULL;
+ }
+ if(ee.e_uuid)
+ {
+ xfree(ee.e_uuid);
+ ee.e_uuid=NULL;
+ }
+ return NULL;
+ }
/* resolve symlinks */
if (realpath(ee.e_path, rpath) != NULL) {
rpath[sizeof (rpath) - 1] = '\0';

View File

@ -0,0 +1,61 @@
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index d735dbfe..8ec33fb0 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -36,9 +36,9 @@ static nfs_export pseudo_root = {
.m_export = {
.e_hostname = "*",
.e_path = "/",
- .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+ .e_flags = NFSEXP_READONLY
| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
- | NFSEXP_V4ROOT,
+ | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
.e_anonuid = 65534,
.e_anongid = 65534,
.e_squids = NULL,
@@ -57,15 +57,11 @@ static nfs_export pseudo_root = {
};
static void
-set_pseudofs_security(struct exportent *pseudo, int flags)
+set_pseudofs_security(struct exportent *pseudo)
{
struct flav_info *flav;
int i;
- if (flags & NFSEXP_INSECURE_PORT)
- pseudo->e_flags |= NFSEXP_INSECURE_PORT;
- if ((flags & NFSEXP_ROOTSQUASH) == 0)
- pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
struct sec_entry *new;
@@ -75,8 +71,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
i = secinfo_addflavor(flav, pseudo);
new = &pseudo->e_secinfo[i];
- if (flags & NFSEXP_INSECURE_PORT)
- new->flags |= NFSEXP_INSECURE_PORT;
+ new->flags |= NFSEXP_INSECURE_PORT;
}
}
@@ -95,7 +90,7 @@ v4root_create(char *path, nfs_export *export)
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
if (strcmp(path, "/") != 0)
eep.e_flags &= ~NFSEXP_FSID;
- set_pseudofs_security(&eep, curexp->e_flags);
+ set_pseudofs_security(&eep);
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
@@ -143,7 +138,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
return 0;
}
/* Update an existing V4ROOT export: */
- set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
+ set_pseudofs_security(&exp->m_export);
return 0;
}

View File

@ -0,0 +1,976 @@
diff --git a/nfs.conf b/nfs.conf
index 05247ff9..86ed7d53 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -38,6 +38,8 @@ use-gss-proxy=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
+# cache-use-ipaddr=n
+# ttl=1800
#
[nfsdcld]
# debug=0
diff --git a/support/export/Makefile.am b/support/export/Makefile.am
index 13f7a49c..d6ee502f 100644
--- a/support/export/Makefile.am
+++ b/support/export/Makefile.am
@@ -11,7 +11,8 @@ EXTRA_DIST = mount.x
noinst_LIBRARIES = libexport.a
libexport_a_SOURCES = client.c export.c hostname.c \
- xtab.c mount_clnt.c mount_xdr.c
+ xtab.c mount_clnt.c mount_xdr.c \
+ cache.c auth.c v4root.c v4clients.c
BUILT_SOURCES = $(GENFILES)
noinst_HEADERS = mount.h
diff --git a/utils/mountd/auth.c b/support/export/auth.c
similarity index 98%
rename from utils/mountd/auth.c
rename to support/export/auth.c
index 8299256e..73ad6f73 100644
--- a/utils/mountd/auth.c
+++ b/support/export/auth.c
@@ -22,7 +22,7 @@
#include "misc.h"
#include "nfslib.h"
#include "exportfs.h"
-#include "mountd.h"
+#include "export.h"
#include "v4root.h"
enum auth_error
@@ -43,11 +43,13 @@ extern int use_ipaddr;
extern struct state_paths etab;
+/*
void
auth_init(void)
{
auth_reload();
}
+*/
/*
* A client can match many different netgroups and it's tough to know
@@ -64,6 +66,10 @@ check_useipaddr(void)
int old_use_ipaddr = use_ipaddr;
unsigned int len = 0;
+ if (use_ipaddr > 1)
+ /* fixed - don't check */
+ return;
+
/* add length of m_hostname + 1 for the comma */
for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next)
len += (strlen(clp->m_hostname) + 1);
diff --git a/utils/mountd/cache.c b/support/export/cache.c
similarity index 95%
rename from utils/mountd/cache.c
rename to support/export/cache.c
index c73e29be..98d50828 100644
--- a/utils/mountd/cache.c
+++ b/support/export/cache.c
@@ -29,21 +29,18 @@
#include "misc.h"
#include "nfslib.h"
#include "exportfs.h"
-#include "mountd.h"
-#include "fsloc.h"
+#include "export.h"
#include "pseudoflavors.h"
#include "xcommon.h"
+#ifdef HAVE_JUNCTION_SUPPORT
+#include "../../utils/mountd/fsloc.h"
+#endif
+
#ifdef USE_BLKID
#include "blkid/blkid.h"
#endif
-/*
- * Invoked by RPC service loop
- */
-void cache_set_fds(fd_set *fdset);
-int cache_process_req(fd_set *readfds);
-
enum nfsd_fsid {
FSID_DEV = 0,
FSID_NUM,
@@ -63,7 +60,6 @@ enum nfsd_fsid {
* Record is terminated with newline.
*
*/
-static int cache_export_ent(char *buf, int buflen, char *domain, struct exportent *exp, char *path);
#define INITIAL_MANAGED_GROUPS 100
@@ -81,6 +77,7 @@ static void auth_unix_ip(int f)
char class[20];
char ipaddr[INET6_ADDRSTRLEN + 1];
char *client = NULL;
+ struct addrinfo *ai = NULL;
struct addrinfo *tmp = NULL;
char buf[RPC_CHAN_BUF_SIZE], *bp;
int blen;
@@ -106,21 +103,26 @@ static void auth_unix_ip(int f)
auth_reload();
- /* addr is a valid, interesting address, find the domain name... */
- if (!use_ipaddr) {
- struct addrinfo *ai = NULL;
-
- ai = client_resolve(tmp->ai_addr);
- if (ai) {
- client = client_compose(ai);
- freeaddrinfo(ai);
- }
+ /* addr is a valid address, find the domain name... */
+ ai = client_resolve(tmp->ai_addr);
+ if (ai) {
+ client = client_compose(ai);
+ freeaddrinfo(ai);
}
+ if (!client)
+ xlog(D_AUTH, "failed authentication for IP %s", ipaddr);
+ else if (!use_ipaddr)
+ xlog(D_AUTH, "successful authentication for IP %s as %s",
+ ipaddr, *client ? client : "DEFAULT");
+ else
+ xlog(D_AUTH, "successful authentication for IP %s",
+ ipaddr);
+
bp = buf; blen = sizeof(buf);
qword_add(&bp, &blen, "nfsd");
qword_add(&bp, &blen, ipaddr);
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
- if (use_ipaddr) {
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
+ if (use_ipaddr && client) {
memmove(ipaddr + 1, ipaddr, strlen(ipaddr) + 1);
ipaddr[0] = '$';
qword_add(&bp, &blen, ipaddr);
@@ -192,7 +194,7 @@ static void auth_unix_gid(int f)
bp = buf; blen = sizeof(buf);
qword_adduint(&bp, &blen, uid);
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
if (rv >= 0) {
qword_adduint(&bp, &blen, ngroups);
for (i=0; i<ngroups; i++)
@@ -688,7 +690,6 @@ static void nfsd_fh(int f)
char *found_path = NULL;
nfs_export *exp;
int i;
- int dev_missing = 0;
char buf[RPC_CHAN_BUF_SIZE], *bp;
int blen;
@@ -755,11 +756,6 @@ static void nfsd_fh(int f)
if (!is_ipaddr_client(dom)
&& !namelist_client_matches(exp, dom))
continue;
- if (exp->m_export.e_mountpoint &&
- !is_mountpoint(exp->m_export.e_mountpoint[0]?
- exp->m_export.e_mountpoint:
- exp->m_export.e_path))
- dev_missing ++;
if (!match_fsid(&parsed, exp, path))
continue;
@@ -794,7 +790,7 @@ static void nfsd_fh(int f)
!is_mountpoint(found->e_mountpoint[0]?
found->e_mountpoint:
found->e_path)) {
- /* Cannot export this yet
+ /* Cannot export this yet
* should log a warning, but need to rate limit
xlog(L_WARNING, "%s not exported as %d not a mountpoint",
found->e_path, found->e_mountpoint);
@@ -802,16 +798,6 @@ static void nfsd_fh(int f)
/* FIXME we need to make sure we re-visit this later */
goto out;
}
- if (!found && dev_missing) {
- /* The missing dev could be what we want, so just be
- * quite rather than returning stale yet
- */
- goto out;
- }
-
- if (found)
- if (cache_export_ent(buf, sizeof(buf), dom, found, found_path) < 0)
- found = 0;
bp = buf; blen = sizeof(buf);
qword_add(&bp, &blen, dom);
@@ -831,6 +817,8 @@ static void nfsd_fh(int f)
qword_addeol(&bp, &blen);
if (blen <= 0 || write(f, buf, bp - buf) != bp - buf)
xlog(L_ERROR, "nfsd_fh: error writing reply");
+ if (!found)
+ xlog(D_AUTH, "denied access to %s", *dom == '$' ? dom+1 : dom);
out:
if (found_path)
free(found_path);
@@ -839,6 +827,7 @@ out:
xlog(D_CALL, "nfsd_fh: found %p path %s", found, found ? found->e_path : NULL);
}
+#ifdef HAVE_JUNCTION_SUPPORT
static void write_fsloc(char **bp, int *blen, struct exportent *ep)
{
struct servers *servers;
@@ -861,7 +850,7 @@ static void write_fsloc(char **bp, int *blen, struct exportent *ep)
qword_addint(bp, blen, servers->h_referral);
release_replicas(servers);
}
-
+#endif
static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_mask)
{
struct sec_entry *p;
@@ -890,7 +879,7 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
time_t now = time(0);
if (ttl <= 1)
- ttl = DEFAULT_TTL;
+ ttl = default_ttl;
qword_add(&bp, &blen, domain);
qword_add(&bp, &blen, path);
@@ -903,7 +892,10 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
qword_addint(&bp, &blen, exp->e_anonuid);
qword_addint(&bp, &blen, exp->e_anongid);
qword_addint(&bp, &blen, exp->e_fsid);
+
+#ifdef HAVE_JUNCTION_SUPPORT
write_fsloc(&bp, &blen, exp);
+#endif
write_secinfo(&bp, &blen, exp, flag_mask);
if (exp->e_uuid == NULL || different_fs) {
char u[16];
@@ -917,8 +909,13 @@ static int dump_to_cache(int f, char *buf, int buflen, char *domain,
qword_add(&bp, &blen, "uuid");
qword_addhex(&bp, &blen, u, 16);
}
- } else
+ xlog(D_AUTH, "granted access to %s for %s",
+ path, *domain == '$' ? domain+1 : domain);
+ } else {
qword_adduint(&bp, &blen, now + ttl);
+ xlog(D_AUTH, "denied access to %s for %s",
+ path, *domain == '$' ? domain+1 : domain);
+ }
qword_addeol(&bp, &blen);
if (blen <= 0) return -1;
if (write(f, buf, bp - buf) != bp - buf) return -1;
@@ -1421,6 +1418,40 @@ int cache_process_req(fd_set *readfds)
return cnt;
}
+/**
+ * cache_process_loop - process incoming upcalls
+ */
+void cache_process_loop(void)
+{
+ fd_set readfds;
+ int selret;
+
+ FD_ZERO(&readfds);
+
+ for (;;) {
+
+ cache_set_fds(&readfds);
+ v4clients_set_fds(&readfds);
+
+ selret = select(FD_SETSIZE, &readfds,
+ (void *) 0, (void *) 0, (struct timeval *) 0);
+
+
+ switch (selret) {
+ case -1:
+ if (errno == EINTR || errno == ECONNREFUSED
+ || errno == ENETUNREACH || errno == EHOSTUNREACH)
+ continue;
+ xlog(L_ERROR, "my_svc_run() - select: %m");
+ return;
+
+ default:
+ cache_process_req(&readfds);
+ v4clients_process(&readfds);
+ }
+ }
+}
+
/*
* Give IP->domain and domain+path->options to kernel
diff --git a/support/export/export.h b/support/export/export.h
new file mode 100644
index 00000000..8d5a0d30
--- /dev/null
+++ b/support/export/export.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2021 Red Hat <nfs@redhat.com>
+ *
+ * support/export/export.h
+ *
+ * Declarations for export support
+ */
+
+#ifndef EXPORT_H
+#define EXPORT_H
+
+#include "nfslib.h"
+#include "exportfs.h"
+
+unsigned int auth_reload(void);
+nfs_export * auth_authenticate(const char *what,
+ const struct sockaddr *caller,
+ const char *path);
+
+void cache_open(void);
+void cache_set_fds(fd_set *fdset);
+int cache_process_req(fd_set *readfds);
+void cache_process_loop(void);
+
+void v4clients_init(void);
+void v4clients_set_fds(fd_set *fdset);
+int v4clients_process(fd_set *fdset);
+
+struct nfs_fh_len *
+ cache_get_filehandle(nfs_export *exp, int len, char *p);
+int cache_export(nfs_export *exp, char *path);
+
+bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai);
+bool namelist_client_matches(nfs_export *exp, char *dom);
+bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
+
+static inline bool is_ipaddr_client(char *dom)
+{
+ return dom[0] == '$';
+}
+#endif /* EXPORT__H */
diff --git a/support/export/v4clients.c b/support/export/v4clients.c
new file mode 100644
index 00000000..dd985463
--- /dev/null
+++ b/support/export/v4clients.c
@@ -0,0 +1,227 @@
+/*
+ * support/export/v4clients.c
+ *
+ * Montior clients appearing in, and disappearing from, /proc/fs/nfsd/clients
+ * and log relevant information.
+ */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/inotify.h>
+#include <errno.h>
+#include "export.h"
+
+/* search.h declares 'struct entry' and nfs_prot.h
+ * does too. Easiest fix is to trick search.h into
+ * calling its struct "struct Entry".
+ */
+#define entry Entry
+#include <search.h>
+#undef entry
+
+static int clients_fd = -1;
+
+void v4clients_init(void)
+{
+ if (clients_fd >= 0)
+ return;
+ clients_fd = inotify_init1(IN_NONBLOCK);
+ if (clients_fd < 0) {
+ xlog_err("Unable to initialise v4clients watcher: %s\n",
+ strerror(errno));
+ return;
+ }
+ if (inotify_add_watch(clients_fd, "/proc/fs/nfsd/clients",
+ IN_CREATE | IN_DELETE) < 0) {
+ xlog_err("Unable to watch /proc/fs/nfsd/clients: %s\n",
+ strerror(errno));
+ close(clients_fd);
+ clients_fd = -1;
+ return;
+ }
+}
+
+void v4clients_set_fds(fd_set *fdset)
+{
+ if (clients_fd >= 0)
+ FD_SET(clients_fd, fdset);
+}
+
+static void *tree_root;
+static int have_unconfirmed;
+
+struct ent {
+ unsigned long num;
+ char *clientid;
+ char *addr;
+ int vers;
+ int unconfirmed;
+ int wid;
+};
+
+static int ent_cmp(const void *av, const void *bv)
+{
+ const struct ent *a = av;
+ const struct ent *b = bv;
+
+ if (a->num < b->num)
+ return -1;
+ if (a->num > b->num)
+ return 1;
+ return 0;
+}
+
+static void free_ent(struct ent *ent)
+{
+ free(ent->clientid);
+ free(ent->addr);
+ free(ent);
+}
+
+static char *dup_line(char *line)
+{
+ char *ret;
+ char *e = strchr(line, '\n');
+ if (!e)
+ e = line + strlen(line);
+ ret = malloc(e - line + 1);
+ if (ret) {
+ memcpy(ret, line, e - line);
+ ret[e-line] = 0;
+ }
+ return ret;
+}
+
+static void read_info(struct ent *key)
+{
+ char buf[2048];
+ char *path;
+ int was_unconfirmed = key->unconfirmed;
+ FILE *f;
+
+ if (asprintf(&path, "/proc/fs/nfsd/clients/%lu/info", key->num) < 0)
+ return;
+
+ f = fopen(path, "r");
+ if (!f) {
+ free(path);
+ return;
+ }
+ if (key->wid < 0)
+ key->wid = inotify_add_watch(clients_fd, path, IN_MODIFY);
+
+ while (fgets(buf, sizeof(buf), f)) {
+ if (strncmp(buf, "clientid: ", 10) == 0) {
+ free(key->clientid);
+ key->clientid = dup_line(buf+10);
+ }
+ if (strncmp(buf, "address: ", 9) == 0) {
+ free(key->addr);
+ key->addr = dup_line(buf+9);
+ }
+ if (strncmp(buf, "minor version: ", 15) == 0)
+ key->vers = atoi(buf+15);
+ if (strncmp(buf, "status: ", 8) == 0 &&
+ strstr(buf, " unconfirmed") != NULL) {
+ key->unconfirmed = 1;
+ have_unconfirmed = 1;
+ }
+ if (strncmp(buf, "status: ", 8) == 0 &&
+ strstr(buf, " confirmed") != NULL)
+ key->unconfirmed = 0;
+ }
+ fclose(f);
+ free(path);
+
+ if (was_unconfirmed && !key->unconfirmed)
+ xlog(L_NOTICE, "v4.%d client attached: %s from %s",
+ key->vers, key->clientid ?: "-none-",
+ key->addr ?: "-none-");
+ if (!key->unconfirmed && key->wid >= 0) {
+ inotify_rm_watch(clients_fd, key->wid);
+ key->wid = -1;
+ }
+}
+
+static void add_id(int id)
+{
+ struct ent **ent;
+ struct ent *key;
+
+ key = calloc(1, sizeof(*key));
+ if (!key) {
+ return;
+ }
+ key->num = id;
+ key->wid = -1;
+
+ ent = tsearch(key, &tree_root, ent_cmp);
+
+ if (!ent || *ent != key)
+ /* Already existed, or insertion failed */
+ free_ent(key);
+ else
+ read_info(key);
+}
+
+static void del_id(unsigned long id)
+{
+ struct ent key = {.num = id};
+ struct ent **e, *ent;
+
+ e = tfind(&key, &tree_root, ent_cmp);
+ if (!e || !*e)
+ return;
+ ent = *e;
+ tdelete(ent, &tree_root, ent_cmp);
+ if (!ent->unconfirmed)
+ xlog(L_NOTICE, "v4.%d client detached: %s from %s",
+ ent->vers, ent->clientid, ent->addr);
+ if (ent->wid >= 0)
+ inotify_rm_watch(clients_fd, ent->wid);
+ free_ent(ent);
+}
+
+static void check_id(unsigned long id)
+{
+ struct ent key = {.num = id};
+ struct ent **e, *ent;
+
+ e = tfind(&key, &tree_root, ent_cmp);
+ if (!e || !*e)
+ return;
+ ent = *e;
+ if (ent->unconfirmed)
+ read_info(ent);
+}
+
+int v4clients_process(fd_set *fdset)
+{
+ char buf[4096] __attribute__((aligned(__alignof__(struct inotify_event))));
+ const struct inotify_event *ev;
+ ssize_t len;
+ char *ptr;
+
+ if (clients_fd < 0 ||
+ !FD_ISSET(clients_fd, fdset))
+ return 0;
+
+ while ((len = read(clients_fd, buf, sizeof(buf))) > 0) {
+ for (ptr = buf; ptr < buf + len;
+ ptr += sizeof(struct inotify_event) + ev->len) {
+ int id;
+ ev = (const struct inotify_event *)ptr;
+
+ id = atoi(ev->name);
+ if (id <= 0)
+ continue;
+ if (ev->mask & IN_CREATE)
+ add_id(id);
+ if (ev->mask & IN_DELETE)
+ del_id(id);
+ if (ev->mask & IN_MODIFY)
+ check_id(id);
+ }
+ }
+ return 1;
+}
diff --git a/utils/mountd/v4root.c b/support/export/v4root.c
similarity index 99%
rename from utils/mountd/v4root.c
rename to support/export/v4root.c
index 8ec33fb0..4d33117f 100644
--- a/utils/mountd/v4root.c
+++ b/support/export/v4root.c
@@ -47,7 +47,7 @@ static nfs_export pseudo_root = {
.e_nsqgids = 0,
.e_fsid = 0,
.e_mountpoint = NULL,
- .e_ttl = DEFAULT_TTL,
+ .e_ttl = 0,
},
.m_exported = 0,
.m_xtabent = 1,
@@ -86,6 +86,7 @@ v4root_create(char *path, nfs_export *export)
struct exportent *curexp = &export->m_export;
dupexportent(&eep, &pseudo_root.m_export);
+ eep.e_ttl = default_ttl;
eep.e_hostname = curexp->e_hostname;
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
if (strcmp(path, "/") != 0)
diff --git a/support/include/exportfs.h b/support/include/exportfs.h
index 4e0d9d13..bfae1957 100644
--- a/support/include/exportfs.h
+++ b/support/include/exportfs.h
@@ -105,7 +105,8 @@ typedef struct mexport {
} nfs_export;
#define HASH_TABLE_SIZE 1021
-#define DEFAULT_TTL (30 * 60)
+
+extern int default_ttl;
typedef struct _exp_hash_entry {
nfs_export * p_first;
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index a7582cae..4dd2e5d3 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -47,6 +47,8 @@ struct flav_info flav_map[] = {
const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
+int default_ttl = 30 * 60;
+
static char *efname = NULL;
static XFILE *efp = NULL;
static int first;
@@ -100,7 +102,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
ee->e_nsquids = 0;
ee->e_nsqgids = 0;
ee->e_uuid = NULL;
- ee->e_ttl = DEFAULT_TTL;
+ ee->e_ttl = default_ttl;
}
struct exportent *
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
index 498d93a9..aa4630bb 100644
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -157,6 +157,8 @@ Recognized values:
.BR port ,
.BR threads ,
.BR reverse-lookup ,
+.BR cache-use-upaddr ,
+.BR ttl ,
.BR state-directory-path ,
.BR ha-callout .
@@ -166,6 +168,14 @@ section, are used to configure mountd. See
.BR rpc.mountd (8)
for details.
+Note that setting
+.B "\[dq]debug = auth\[dq]"
+for
+.B mountd
+is equivalent to providing the
+.B \-\-log\-auth
+option.
+
The
.B state-directory-path
value in the
diff --git a/utils/mountd/Makefile.am b/utils/mountd/Makefile.am
index 73eeb3f3..c41f06de 100644
--- a/utils/mountd/Makefile.am
+++ b/utils/mountd/Makefile.am
@@ -13,8 +13,8 @@ KPREFIX = @kprefix@
sbin_PROGRAMS = mountd
noinst_HEADERS = fsloc.h
-mountd_SOURCES = mountd.c mount_dispatch.c auth.c rmtab.c cache.c \
- svc_run.c fsloc.c v4root.c mountd.h
+mountd_SOURCES = mountd.c mount_dispatch.c rmtab.c \
+ svc_run.c fsloc.c mountd.h
mountd_LDADD = ../../support/export/libexport.a \
../../support/nfs/libnfs.la \
../../support/misc/libmisc.a \
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 0b891121..2b342377 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -30,6 +30,7 @@
#include "rpcmisc.h"
#include "pseudoflavors.h"
#include "nfslib.h"
+#include "export.h"
extern void my_svc_run(void);
@@ -73,8 +74,12 @@ static struct option longopts[] =
{ "reverse-lookup", 0, 0, 'r' },
{ "manage-gids", 0, 0, 'g' },
{ "no-udp", 0, 0, 'u' },
+ { "log-auth", 0, 0, 'l'},
+ { "cache-use-ipaddr", 0, 0, 'i'},
+ { "ttl", 1, 0, 'T'},
{ NULL, 0, 0, 0 }
};
+static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gliT:";
#define NFSVERSBIT(vers) (0x1 << (vers - 1))
#define NFSVERSBIT_ALL (NFSVERSBIT(2) | NFSVERSBIT(3) | NFSVERSBIT(4))
@@ -669,6 +674,7 @@ main(int argc, char **argv)
int port = 0;
int descriptors = 0;
int c;
+ int ttl;
int vers;
struct sigaction sa;
struct rlimit rlim;
@@ -687,6 +693,8 @@ main(int argc, char **argv)
num_threads = conf_get_num("mountd", "threads", num_threads);
reverse_resolve = conf_get_bool("mountd", "reverse-lookup", reverse_resolve);
ha_callout_prog = conf_get_str("mountd", "ha-callout");
+ if (conf_get_bool("mountd", "cache-use-ipaddr", 0))
+ use_ipaddr = 2;
s = conf_get_str("mountd", "state-directory-path");
if (s && !state_setup_basedir(argv[0], s))
@@ -710,10 +718,13 @@ main(int argc, char **argv)
NFSCTL_VERUNSET(nfs_version, vers);
}
+ ttl = conf_get_num("mountd", "ttl", default_ttl);
+ if (ttl > 0)
+ default_ttl = ttl;
/* Parse the command line options and arguments. */
opterr = 0;
- while ((c = getopt_long(argc, argv, "o:nFd:p:P:hH:N:V:vurs:t:g", longopts, NULL)) != EOF)
+ while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != EOF)
switch (c) {
case 'g':
manage_gids = 1;
@@ -784,6 +795,21 @@ main(int argc, char **argv)
case 'u':
NFSCTL_UDPUNSET(_rpcprotobits);
break;
+ case 'l':
+ xlog_sconfig("auth", 1);
+ break;
+ case 'i':
+ use_ipaddr = 2;
+ break;
+ case 'T':
+ ttl = atoi(optarg);
+ if (ttl <= 0) {
+ fprintf(stderr, "%s: bad ttl number of seconds: %s\n",
+ argv[0], optarg);
+ usage(argv[0], 1);
+ }
+ default_ttl = ttl;
+ break;
case 0:
break;
case '?':
@@ -888,6 +914,8 @@ main(int argc, char **argv)
if (num_threads > 1)
fork_workers();
+ v4clients_init();
+
xlog(L_NOTICE, "Version " VERSION " starting");
my_svc_run();
@@ -903,6 +931,7 @@ usage(const char *prog, int n)
{
fprintf(stderr,
"Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n"
+" [-l|--log-auth] [-i|--cache-use-ipaddr] [-T|--ttl ttl]\n"
" [-o num|--descriptors num]\n"
" [-p|--port port] [-V version|--nfs-version version]\n"
" [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
diff --git a/utils/mountd/mountd.h b/utils/mountd/mountd.h
index f058f01d..d3077531 100644
--- a/utils/mountd/mountd.h
+++ b/utils/mountd/mountd.h
@@ -60,9 +60,4 @@ bool ipaddr_client_matches(nfs_export *exp, struct addrinfo *ai);
bool namelist_client_matches(nfs_export *exp, char *dom);
bool client_matches(nfs_export *exp, char *dom, struct addrinfo *ai);
-static inline bool is_ipaddr_client(char *dom)
-{
- return dom[0] == '$';
-}
-
#endif /* MOUNTD_H */
diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
index 8a7943f8..2a91e193 100644
--- a/utils/mountd/mountd.man
+++ b/utils/mountd/mountd.man
@@ -13,24 +13,24 @@ The
.B rpc.mountd
daemon implements the server side of the NFS MOUNT protocol,
an NFS side protocol used by NFS version 2 [RFC1094] and NFS version 3 [RFC1813].
+It also responds to requests from the Linux kernel to authenticate
+clients and provides details of access permissions.
.PP
-An NFS server maintains a table of local physical file systems
-that are accessible to NFS clients.
-Each file system in this table is referred to as an
-.IR "exported file system" ,
-or
-.IR export ,
-for short.
-.PP
-Each file system in the export table has an access control list.
-.B rpc.mountd
-uses these access control lists to determine
-whether an NFS client is permitted to access a given file system.
-For details on how to manage your NFS server's export table, see the
-.BR exports (5)
-and
-.BR exportfs (8)
-man pages.
+The NFS server
+.RI ( nfsd )
+maintains a cache of authentication and authorization information which
+is used to identify the source of each request, and then what access
+permissions that source has to any local filesystem. When required
+information is not found in the cache, the server sends a request to
+.B mountd
+to fill in the missing information. Mountd uses a table of information
+stored in
+.B /var/lib/nfs/etab
+and maintained by
+.BR exportfs (8),
+possibly based on the contents of
+.BR exports (5),
+to respond to each request.
.SS Mounting exported NFS File Systems
The NFS MOUNT protocol has several procedures.
The most important of these are
@@ -78,11 +78,69 @@ A client may continue accessing an export even after invoking UMNT.
If the client reboots without sending a UMNT request, stale entries
remain for that client in
.IR /var/lib/nfs/rmtab .
+.SS Mounting File Systems with NFSv4
+Version 4 (and later) of NFS does not use a separate NFS MOUNT
+protocol. Instead mounting is performed using regular NFS requests
+handled by the NFS server in the Linux kernel
+.RI ( nfsd ).
+Consequently
+.I /var/lib/nfs/rmtab
+is not updated to reflect any NFSv4 activity.
.SH OPTIONS
.TP
.B \-d kind " or " \-\-debug kind
Turn on debugging. Valid kinds are: all, auth, call, general and parse.
.TP
+.BR \-l " or " \-\-log\-auth
+Enable logging of responses to authentication and access requests from
+nfsd. Each response is then cached by the kernel for 30 minutes (or as set by
+.B \-\-ttl
+below), and will be refreshed after 15 minutes (half the ttl time) if
+the relevant client remains active.
+Note that
+.B -l
+is equivalent to
+.B "-d auth"
+and so can be enabled in
+.B /etc/nfs.conf
+with
+.B "\[dq]debug = auth\[dq]"
+in the
+.B "[mountd]"
+section.
+.IP
+.B rpc.mountd
+will always log authentication responses to MOUNT requests when NFSv3 is
+used, but to get similar logs for NFSv4, this option is required.
+.TP
+.BR \-i " or " \-\-cache\-use\-ipaddr
+Normally each client IP address is matched against each host identifier
+(name, wildcard, netgroup etc) found in
+.B /etc/exports
+and a combined identity is formed from all matching identifiers.
+Often many clients will map to the same combined identity so performing
+this mapping reduces the number of distinct access details that the
+kernel needs to store.
+Specifying the
+.B \-i
+option suppresses this mapping so that access to each filesystem is
+requested and cached separately for each client IP address. Doing this
+can increase the burden of updating the cache slightly, but can make the
+log messages produced by the
+.B -l
+option easier to read.
+.TP
+.B \-T " or " \-\-ttl
+Provide a time-to-live (TTL) for cached information given to the kernel.
+The kernel will normally request an update if the information is needed
+after half of this time has expired. Increasing the provided number,
+which is in seconds, reduces the rate of cache update requests, and this
+is particularly noticeable when these requests are logged with
+.BR \-l .
+However increasing also means that changes to hostname to address
+mappings can take longer to be noticed.
+The default TTL is 1800 (30 minutes).
+.TP
.B \-F " or " \-\-foreground
Run in foreground (do not daemonize)
.TP
@@ -213,9 +271,11 @@ Values recognized in the
.B [mountd]
section include
.BR manage-gids ,
+.BR cache\-use\-ipaddr ,
.BR descriptors ,
.BR port ,
.BR threads ,
+.BR ttl ,
.BR reverse-lookup ", and"
.BR state-directory-path ,
.B ha-callout
@@ -265,5 +325,9 @@ table of clients accessing server's exports
RFC 1094 - "NFS: Network File System Protocol Specification"
.br
RFC 1813 - "NFS Version 3 Protocol Specification"
+.br
+RFC 7530 - "Network File System (NFS) Version 4 Protocol"
+.br
+RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1 Protocol"
.SH AUTHOR
Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
diff --git a/utils/mountd/svc_run.c b/utils/mountd/svc_run.c
index 41b96d7f..167b9757 100644
--- a/utils/mountd/svc_run.c
+++ b/utils/mountd/svc_run.c
@@ -56,10 +56,9 @@
#ifdef HAVE_LIBTIRPC
#include <rpc/rpc_com.h>
#endif
+#include "export.h"
void my_svc_run(void);
-void cache_set_fds(fd_set *fdset);
-int cache_process_req(fd_set *readfds);
#if defined(__GLIBC__) && LONG_MAX != INT_MAX
/* bug in glibc 2.3.6 and earlier, we need
@@ -101,6 +100,7 @@ my_svc_run(void)
readfds = svc_fdset;
cache_set_fds(&readfds);
+ v4clients_set_fds(&readfds);
selret = select(FD_SETSIZE, &readfds,
(void *) 0, (void *) 0, (struct timeval *) 0);
@@ -116,6 +116,7 @@ my_svc_run(void)
default:
selret -= cache_process_req(&readfds);
+ selret -= v4clients_process(&readfds);
if (selret)
svc_getreqset(&readfds);
}

View File

@ -0,0 +1,24 @@
diff -up nfs-utils-2.3.3/support/export/v4clients.c.orig nfs-utils-2.3.3/support/export/v4clients.c
--- nfs-utils-2.3.3/support/export/v4clients.c.orig 2022-09-26 11:36:22.803929066 -0400
+++ nfs-utils-2.3.3/support/export/v4clients.c 2022-09-26 11:38:38.221187835 -0400
@@ -8,6 +8,7 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/inotify.h>
+#include <sys/stat.h>
#include <errno.h>
#include "export.h"
@@ -23,6 +24,12 @@ static int clients_fd = -1;
void v4clients_init(void)
{
+ struct stat sb;
+
+ if (!stat("/proc/fs/nfsd/clients", &sb) == 0 ||
+ !S_ISDIR(sb.st_mode))
+ return;
+
if (clients_fd >= 0)
return;
clients_fd = inotify_init1(IN_NONBLOCK);

View File

@ -0,0 +1,40 @@
commit 3ff6fad27d2cd0772a40ddb65694ce04f3da83bc
Author: Trond Myklebust <trond.myklebust@hammerspace.com>
Date: Wed Jan 29 10:42:03 2020 -0500
manpage: Add a description of the 'nconnect' mount option
Add a description of the 'nconnect' mount option on the 'nfs' generic
manpage.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index 6ba9cef..84462cd 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -369,6 +369,23 @@ using an automounter (refer to
.BR automount (8)
for details).
.TP 1.5i
+.BR nconnect= n
+When using a connection oriented protocol such as TCP, it may
+sometimes be advantageous to set up multiple connections between
+the client and server. For instance, if your clients and/or servers
+are equipped with multiple network interface cards (NICs), using multiple
+connections to spread the load may improve overall performance.
+In such cases, the
+.BR nconnect
+option allows the user to specify the number of connections
+that should be established between the client and server up to
+a limit of 16.
+.IP
+Note that the
+.BR nconnect
+option may also be used by some pNFS drivers to decide how many
+connections to set up to the data servers.
+.TP 1.5i
.BR rdirplus " / " nordirplus
Selects whether to use NFS v3 or v4 READDIRPLUS requests.
If this option is not specified, the NFS client uses READDIRPLUS requests

View File

@ -0,0 +1,481 @@
diff -up nfs-utils-2.3.3/configure.ac.orig nfs-utils-2.3.3/configure.ac
--- nfs-utils-2.3.3/configure.ac.orig 2020-06-09 10:58:50.178258035 -0400
+++ nfs-utils-2.3.3/configure.ac 2020-06-09 11:02:04.203102954 -0400
@@ -639,6 +639,7 @@ AC_CONFIG_FILES([
tools/rpcgen/Makefile
tools/mountstats/Makefile
tools/nfs-iostat/Makefile
+ tools/nfsdclnts/Makefile
tools/nfsconf/Makefile
tools/nfsdclddb/Makefile
utils/Makefile
diff -up nfs-utils-2.3.3/tools/Makefile.am.orig nfs-utils-2.3.3/tools/Makefile.am
--- nfs-utils-2.3.3/tools/Makefile.am.orig 2020-06-09 10:58:50.178258035 -0400
+++ nfs-utils-2.3.3/tools/Makefile.am 2020-06-09 11:02:04.203102954 -0400
@@ -12,6 +12,6 @@ if CONFIG_NFSDCLD
OPTDIRS += nfsdclddb
endif
-SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat $(OPTDIRS)
+SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat nfsdclnts $(OPTDIRS)
MAINTAINERCLEANFILES = Makefile.in
diff -up nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am.orig nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am
--- nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am.orig 2020-06-09 11:02:04.203102954 -0400
+++ nfs-utils-2.3.3/tools/nfsdclnts/Makefile.am 2020-06-09 11:02:04.203102954 -0400
@@ -0,0 +1,13 @@
+## Process this file with automake to produce Makefile.in
+PYTHON_FILES = nfsdclnts.py
+
+man8_MANS = nfsdclnts.man
+
+EXTRA_DIST = $(man8_MANS) $(PYTHON_FILES)
+
+all-local: $(PYTHON_FILES)
+
+install-data-hook:
+ $(INSTALL) -m 755 nfsdclnts.py $(DESTDIR)$(sbindir)/nfsdclnts
+
+MAINTAINERCLEANFILES=Makefile.in
diff -up nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man.orig nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man
--- nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man.orig 2020-06-09 11:02:04.203102954 -0400
+++ nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.man 2020-06-09 11:02:04.203102954 -0400
@@ -0,0 +1,180 @@
+.\"
+.\" nfsdclnts(8)
+.\"
+.TH "NFSDCLTS" "8" "2020-05-09" "nfsdclnts" "nfsdclnts"
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.ss \n[.ss] 0
+.nh
+.ad l
+.de URL
+\fI\\$2\fP <\\$1>\\$3
+..
+.als MTO URL
+.if \n[.g] \{\
+. mso www.tmac
+. am URL
+. ad l
+. .
+. am MTO
+. ad l
+. .
+. LINKSTYLE blue R < >
+.\}
+.SH "NAME"
+nfsdclnts \- print various nfs client information for knfsd server.
+.SH "SYNOPSIS"
+.sp
+\fBnfsdclnts\fP [\fI\-h\fP] [\fI\-t type\fP] [\fI\-\-clientinfo\fP] [\fI\-\-hostname\fP] [\fI\-q\fP]
+.SH "DESCRIPTION"
+.sp
+The nfsdclnts(8) command parses the content present in /proc/fs/nfsd/clients/ directories. nfsdclnts(8) displays files which are open, locked, delegated by the nfs\-client. It also prints useful client information such as hostname, clientID, NFS version mounted by the nfs\-client.
+.SH "OPTIONS"
+.sp
+\fB\-t, \-\-type\fP=TYPE
+.RS 4
+Specify the type of file to be displayed. Takes only one TYPE at a time.
+.sp
+\fIopen\fP, \fIlock\fP, \fIdeleg\fP, \fIlayout\fP, or \fIall\fP
+.sp
+open: displays the open files by nfs\-client(s).
+.sp
+lock: displays the files locked by nfs\-client(s).
+.sp
+layout: displays the files for which layout is given.
+.sp
+deleg: displays delegated files information and delegation type.
+.sp
+all: prints all the above type.
+.RE
+.sp
+\fB\-\-clientinfo\fP
+.RS 4
+displays various nfs\-client info fields such as version of nfs mounted at nfs\-client and clientID.
+.RE
+.sp
+\fB\-\-hostname\fP
+.RS 4
+Print hostname of nfs\-client instead of ip-address.
+.RE
+.sp
+\fB\-q, \-\-quiet\fP
+.RS 4
+Hide the header information.
+.RE
+.sp
+\fB\-v, \-\-verbose\fP
+.RS 4
+Verbose operation, show debug messages.
+.RE
+.sp
+\fB\-f, \-\-file\fP
+.RS 4
+Instead of processing all client directories under /proc/fs/nfsd/clients, one can provide a specific
+states file to process. One should make sure that info file resides in the same directory as states file.
+If the info file is not valid or present the fields would be marked as "N/A".
+.RE
+.sp
+\fB\-h, \-\-help\fP
+.RS 4
+Print help explaining the command line options.
+.SH "EXAMPLES"
+.sp
+\fBnfsdclnts \-\-type open\fP
+.RS 4
+List all files with open type only.
+.RE
+.sp
+.if n .RS 4
+.nf
+Inode number | Type | Access | Deny | ip address | Filename
+33823232 | open | r\- | \-\- | [::1]:757 | testfile
+.fi
+.if n .RE
+.sp
+\fBnfsdclnts \-\-type deleg\fP
+.RS 4
+List all files with deleg type only.
+.RE
+.sp
+.if n .RS 4
+.nf
+Inode number | Type | Access | ip address | Filename
+33823232 | deleg | r | [::1]:757 | testfile
+.fi
+.if n .RE
+.sp
+\fBnfsdclnts \-\-hostname\fP
+.RS 4
+Print hostname instead of ip\-address.
+.RE
+.sp
+.if n .RS 4
+.nf
+Inode number | Type | Access | Deny | Hostname | Filename
+33823232 | open | r\- | \-\- | nfs\-server | testfile
+33823232 | deleg | r | | nfs\-server | testfile
+.fi
+.if n .RE
+.sp
+\fBnfsdclnts \-\-clientinfo\fP
+.RS 4
+Print client information.
+.RE
+.sp
+.if n .RS 4
+.nf
+Inode number | Type | Access | Deny | ip address | Client ID | vers | Filename
+33823232 | open | r\- | \-\- | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
+33823232 | deleg | r | | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
+.fi
+.if n .RE
+.sp
+\fBnfsdclnts \-\-file /proc/fs/nfsd/clients/3/states -t open\fP
+.RS 4
+Process specific states file.
+.RE
+.sp
+.if n .RS 4
+.nf
+Inode number | Type | Access | Deny | ip address | Client ID | vers | Filename
+33823232 | open | r\- | \-\- | [::1]:757 | 0xc79a009f5eb65e84 | 4.2 | testfile
+.fi
+.if n .RE
+.sp
+\fBnfsdclnts \-\-quiet \-\-hostname\fP
+.RS 4
+Hide the header information.
+.RE
+.sp
+.if n .RS 4
+.nf
+33823232 | open | r\- | \-\- | nfs\-server | testfile
+33823232 | deleg | r | | nfs\-server | testfile
+.fi
+.if n .RE
+.SH "FILES"
+.sp
+\fB/proc/fs/nfsd/clients/\fP
+.sp
+Displays basic information about each NFSv4 client.
+.sp
+\fB/proc/fs/nfsd/clients/#/info\fP
+.sp
+Displays information about all the opens held by the given client, including open modes, device numbers, inode numbers, and open owners.
+.sp
+\fB/proc/fs/nfsd/clients/#/states\fP
+.SH "NOTES"
+.sp
+/proc/fs/nfsd/clients/ support was initially introduced in 5.3 kernel and is only implemented for mount points using NFSv4.
+.SH "BUGS"
+Please report any BUGs to \c
+.MTO "linux\-nfs\(atvger.kernel.org" "" ""
+.SH SEE ALSO
+.BR nfsd (8),
+.BR exportfs (8),
+.BR idmapd (8),
+.BR statd (8)
+.SH "AUTHORS"
+Achilles Gaikwad <agaikwad@redhat.com> and
+Kenneth D'souza <kdsouza@redhat.com>
diff -up nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py.orig nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py
--- nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py.orig 2020-06-09 11:02:04.203102954 -0400
+++ nfs-utils-2.3.3/tools/nfsdclnts/nfsdclnts.py 2020-06-09 11:02:04.203102954 -0400
@@ -0,0 +1,254 @@
+#!/usr/bin/python3
+# -*- python-mode -*-
+'''
+ Copyright (C) 2020
+ Authors: Achilles Gaikwad <agaikwad@redhat.com>
+ Kenneth D'souza <kdsouza@redhat.com>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+'''
+
+import multiprocessing as mp
+import os
+import signal
+import sys
+
+try:
+ import argparse
+except ImportError:
+ print('%s: Failed to import argparse - make sure argparse is installed!'
+ % sys.argv[0])
+ sys.exit(1)
+try:
+ import yaml
+except ImportError:
+ print('%s: Failed to import yaml - make sure python3-pyyaml is installed!'
+ % sys.argv[0])
+ sys.exit(1)
+
+BBOLD = '\033[1;30;47m' #Bold black text with white background.
+ENDC = '\033[m' #Rest to defaults
+
+def init_worker():
+ signal.signal(signal.SIGINT, signal.SIG_IGN)
+
+# this function converts the info file to a dictionary format, sorta.
+def file_to_dict(path):
+ client_info = {}
+ try:
+ with open(path) as f:
+ for line in f:
+ try:
+ (key, val) = line.split(':', 1)
+ client_info[key] = val.strip()
+ # FIXME: There has to be a better way of converting the info file to a dictionary.
+ except ValueError as reason:
+ if verbose:
+ print('Exception occured, %s' % reason)
+
+ if len(client_info) == 0 and verbose:
+ print("Provided %s file is not valid" %path)
+ return client_info
+
+ except OSError as reason:
+ if verbose:
+ print('%s' % reason)
+
+# this function gets the paths from /proc/fs/nfsd/clients/
+# returns a list of paths for each client which has nfs-share mounted.
+def getpaths():
+ path = []
+ try:
+ dirs = os.listdir('/proc/fs/nfsd/clients/')
+ except OSError as reason:
+ exit('%s' % reason)
+ if len(dirs) !=0:
+ for i in dirs:
+ path.append('/proc/fs/nfsd/clients/' + i + '/states')
+ return (path)
+ else:
+ exit('Nothing to process')
+
+# A single function to rule them all, in this function we gather all the data
+# from already populated data_list and client_info.
+def printer(data_list, argument):
+ client_info_path = data_list.pop()
+ client_info = file_to_dict(client_info_path)
+ for i in data_list:
+ for key in i:
+ inode = i[key]['superblock'].split(':')[-1]
+ # The ip address is quoted, so we dequote it.
+ try:
+ client_ip = client_info['address'][1:-1]
+ except:
+ client_ip = "N/A"
+ try:
+ # if the nfs-server reboots while the nfs-client holds the files open,
+ # the nfs-server would print the filename as '/'. For such instaces we
+ # print the output as disconnected dentry instead of '/'.
+ if(i[key]['filename']=='/'):
+ fname = 'disconnected dentry'
+ else:
+ fname = i[key]['filename'].split('/')[-1]
+ except KeyError:
+ # for older kernels which do not have the fname patch in kernel, they
+ # won't be able to see the fname field. Therefore post it as N/A.
+ fname = "N/A"
+ otype = i[key]['type']
+ try:
+ access = i[key]['access']
+ except:
+ access = ''
+ try:
+ deny = i[key]['deny']
+ except:
+ deny = ''
+ try:
+ hostname = client_info['name'].split()[-1].split('"')[0]
+ hostname = hostname.split('.')[0]
+ # if the hostname is too long, it messes up with the output being in columns,
+ # therefore we truncate the hostname followed by two '..' as suffix.
+ if len(hostname) > 20:
+ hostname = hostname[0:20] + '..'
+ except:
+ hostname = "N/A"
+ try:
+ clientid = client_info['clientid']
+ except:
+ clientid = "N/A"
+ try:
+ minorversion = "4." + client_info['minor version']
+ except:
+ minorversion = "N/A"
+
+ otype = i[key]['type']
+ # since some fields do not have deny column, we drop those if -t is either
+ # layout or lock.
+ drop = ['layout', 'lock']
+
+ # Printing the output this way instead of a single string which is concatenated
+ # this makes it better to quickly add more columns in future.
+ if(otype == argument.type or argument.type == 'all'):
+ print('%-13s' %inode, end='| ')
+ print('%-7s' %otype, end='| ')
+ if (argument.type not in drop):
+ print('%-7s' %access, end='| ')
+ if (argument.type not in drop and argument.type !='deleg'):
+ print('%-5s' %deny, end='| ')
+ if (argument.hostname == True):
+ print('%-22s' %hostname, end='| ')
+ else:
+ print('%-22s' %client_ip, end='| ')
+ if (argument.clientinfo == True) :
+ print('%-20s' %clientid, end='| ')
+ print('%-5s' %minorversion, end='| ')
+ print(fname)
+
+def opener(path):
+ try:
+ with open(path, 'r') as nfsdata:
+ try:
+ data = yaml.load(nfsdata, Loader = yaml.BaseLoader)
+ if data is not None:
+ clientinfo = path.rsplit('/', 1)[0] + '/info'
+ data.append(clientinfo)
+ return data
+ except:
+ if verbose:
+ print("Exception occurred, Please make sure %s is a YAML file" %path)
+
+ except OSError as reason:
+ if verbose:
+ print('%s' % reason)
+
+def print_cols(argument):
+ title_inode = 'Inode number'
+ title_otype = 'Type'
+ title_access = 'Access'
+ title_deny = 'Deny'
+ title_fname = 'Filename'
+ title_clientID = 'Client ID'
+ title_hostname = 'Hostname'
+ title_ip = 'ip address'
+ title_nfsvers = 'vers'
+
+ drop = ['lock', 'layout']
+ print(BBOLD, end='')
+ print('%-13s' %title_inode, end='| ')
+ print('%-7s' %title_otype, end='| ')
+ if (argument.type not in drop):
+ print('%-7s' %title_access, end='| ')
+ if (argument.type not in drop and argument.type !='deleg'):
+ print('%-5s' %title_deny, end='| ')
+ if (argument.hostname == True):
+ print('%-22s' %title_hostname, end='| ')
+ else:
+ print('%-22s' %title_ip, end='| ')
+ if (argument.clientinfo == True):
+ print('%-20s' %title_clientID, end='| ')
+ print('%-5s' %title_nfsvers, end='| ')
+ print(title_fname, end='')
+ print(ENDC)
+
+def nfsd4_show():
+
+ parser = argparse.ArgumentParser(description = 'Parse the nfsd states and clientinfo files.')
+ parser.add_argument('-t', '--type', metavar = 'type', type = str, choices = ['open',
+ 'deleg', 'lock', 'layout', 'all'],
+ default = 'all',
+ help = 'Input the type that you want to be printed: open, lock, deleg, layout, all')
+ parser.add_argument('--clientinfo', action = 'store_true',
+ help = 'output clients information, --hostname is implied.')
+ parser.add_argument('--hostname', action = 'store_true',
+ help = 'print hostname of client instead of its ip address. Longer hostnames are truncated.')
+ parser.add_argument('-v', '--verbose', action = 'store_true',
+ help = 'Verbose operation, show debug messages.')
+ parser.add_argument('-f', '--file', nargs='+', type = str, metavar='',
+ help = 'pass client states file, provided that info file resides in the same directory.')
+ parser.add_argument('-q', '--quiet', action = 'store_true',
+ help = 'don\'t print the header information')
+
+ args = parser.parse_args()
+
+ global verbose
+ verbose = False
+ if args.verbose:
+ verbose = True
+
+ if args.file:
+ paths = args.file
+ else:
+ paths = getpaths()
+
+ p = mp.Pool(mp.cpu_count(), init_worker)
+ try:
+ result = p.map(opener, paths)
+ ### Drop None entries from list
+ final_result = list(filter(None, result))
+ p.close()
+ p.join()
+
+ if len(final_result) !=0 and not args.quiet:
+ print_cols(args)
+
+ for item in final_result:
+ printer(item, args)
+
+ except KeyboardInterrupt:
+ print('Caught KeyboardInterrupt, terminating workers')
+ p.terminate()
+ p.join()
+
+if __name__ == "__main__":
+ nfsd4_show()

View File

@ -0,0 +1,276 @@
diff -up nfs-utils-2.3.3/support/nfs/conffile.c.orig nfs-utils-2.3.3/support/nfs/conffile.c
--- nfs-utils-2.3.3/support/nfs/conffile.c.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/support/nfs/conffile.c 2019-04-25 10:58:27.199907596 -0400
@@ -50,6 +50,7 @@
#include <err.h>
#include <syslog.h>
#include <libgen.h>
+#include <sys/file.h>
#include "conffile.h"
#include "xlog.h"
@@ -509,6 +510,17 @@ conf_readfile(const char *path)
return NULL;
}
+ /* Grab a shared lock to ensure its not mid-rewrite */
+ if (flock(fd, LOCK_SH)) {
+ xlog_warn("conf_readfile: attempt to grab read lock failed: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ /* only after we have the lock, check the file size ready to read it */
+ sz = lseek(fd, 0, SEEK_END);
+ lseek(fd, 0, SEEK_SET);
+
new_conf_addr = malloc(sz+1);
if (!new_conf_addr) {
xlog_warn("conf_readfile: malloc (%lu) failed", (unsigned long)sz);
@@ -1588,6 +1600,17 @@ flush_outqueue(struct tailhead *queue, F
return 0;
}
+/* append one queue to another */
+static void
+append_queue(struct tailhead *inq, struct tailhead *outq)
+{
+ while (inq->tqh_first != NULL) {
+ struct outbuffer *ob = inq->tqh_first;
+ TAILQ_REMOVE(inq, ob, link);
+ TAILQ_INSERT_TAIL(outq, ob, link);
+ }
+}
+
/* read one line of text from a file, growing the buffer as necessary */
static int
read_line(char **buff, int *buffsize, FILE *in)
@@ -1728,6 +1751,16 @@ is_folded(const char *line)
return false;
}
+static int
+lock_file(FILE *f)
+{
+ int ret;
+ ret = flock(fileno(f), LOCK_EX);
+ if (ret)
+ xlog(L_ERROR, "Error could not lock the file");
+ return ret;
+}
+
/***
* Write a value to an nfs.conf style filename
*
@@ -1738,15 +1771,14 @@ int
conf_write(const char *filename, const char *section, const char *arg,
const char *tag, const char *value)
{
- int fdout = -1;
- char *outpath = NULL;
- FILE *outfile = NULL;
FILE *infile = NULL;
int ret = 1;
struct tailhead outqueue;
+ struct tailhead inqueue;
char * buff = NULL;
int buffsize = 0;
+ TAILQ_INIT(&inqueue);
TAILQ_INIT(&outqueue);
if (!filename) {
@@ -1759,26 +1791,7 @@ conf_write(const char *filename, const c
return ret;
}
- if (asprintf(&outpath, "%s.XXXXXX", filename) == -1) {
- xlog(L_ERROR, "conf_write: error composing temp filename");
- return ret;
- }
-
- fdout = mkstemp(outpath);
- if (fdout < 0) {
- xlog(L_ERROR, "conf_write: open temp file %s failed: %s",
- outpath, strerror(errno));
- goto cleanup;
- }
-
- outfile = fdopen(fdout, "w");
- if (!outfile) {
- xlog(L_ERROR, "conf_write: fdopen temp file failed: %s",
- strerror(errno));
- goto cleanup;
- }
-
- infile = fopen(filename, "r");
+ infile = fopen(filename, "r+");
if (!infile) {
if (!value) {
xlog_warn("conf_write: config file \"%s\" not found, nothing to do", filename);
@@ -1787,18 +1800,29 @@ conf_write(const char *filename, const c
}
xlog_warn("conf_write: config file \"%s\" not found, creating.", filename);
- if (append_line(&outqueue, NULL, make_section(section, arg)))
+ infile = fopen(filename, "wx");
+ if (!infile) {
+ xlog(L_ERROR, "conf_write: Error creating config file \"%s\".", filename);
+ goto cleanup;
+ }
+
+ if (lock_file(infile))
goto cleanup;
- if (append_line(&outqueue, NULL, make_tagline(tag, value)))
+ if (append_line(&inqueue, NULL, make_section(section, arg)))
goto cleanup;
- if (flush_outqueue(&outqueue, outfile))
+ if (append_line(&inqueue, NULL, make_tagline(tag, value)))
goto cleanup;
+
+ append_queue(&inqueue, &outqueue);
} else {
bool found = false;
int err = 0;
+ if (lock_file(infile))
+ goto cleanup;
+
buffsize = 4096;
buff = calloc(1, buffsize);
if (buff == NULL) {
@@ -1813,7 +1837,7 @@ conf_write(const char *filename, const c
/* read in one section worth of lines */
do {
if (*buff != '\0') {
- if (append_line(&outqueue, NULL, strdup(buff)))
+ if (append_line(&inqueue, NULL, strdup(buff)))
goto cleanup;
}
@@ -1821,7 +1845,7 @@ conf_write(const char *filename, const c
} while (err == 0 && buff[0] != '[');
/* find the section header */
- where = TAILQ_FIRST(&outqueue);
+ where = TAILQ_FIRST(&inqueue);
while (where != NULL) {
if (where->text != NULL && where->text[0] == '[')
break;
@@ -1845,7 +1869,7 @@ conf_write(const char *filename, const c
/* remove current tag */
do {
struct outbuffer *next = TAILQ_NEXT(where, link);
- TAILQ_REMOVE(&outqueue, where, link);
+ TAILQ_REMOVE(&inqueue, where, link);
if (is_folded(where->text))
again = true;
else
@@ -1857,14 +1881,14 @@ conf_write(const char *filename, const c
/* insert new tag */
if (value) {
- if (append_line(&outqueue, prev, make_tagline(tag, value)))
+ if (append_line(&inqueue, prev, make_tagline(tag, value)))
goto cleanup;
}
} else
/* no existing assignment found and we need to add one */
if (value) {
/* rewind past blank lines and comments */
- struct outbuffer *tail = TAILQ_LAST(&outqueue, tailhead);
+ struct outbuffer *tail = TAILQ_LAST(&inqueue, tailhead);
/* comments immediately before a section usually relate
* to the section below them */
@@ -1876,7 +1900,7 @@ conf_write(const char *filename, const c
tail = TAILQ_PREV(tail, tailhead, link);
/* now add the tag here */
- if (append_line(&outqueue, tail, make_tagline(tag, value)))
+ if (append_line(&inqueue, tail, make_tagline(tag, value)))
goto cleanup;
found = true;
@@ -1886,49 +1910,45 @@ conf_write(const char *filename, const c
/* EOF and correct section not found, so add one */
if (err && !found && value) {
/* did the last section end in a blank line */
- struct outbuffer *tail = TAILQ_LAST(&outqueue, tailhead);
+ struct outbuffer *tail = TAILQ_LAST(&inqueue, tailhead);
if (tail && !is_empty(tail->text)) {
/* no, so add one for clarity */
- if (append_line(&outqueue, NULL, strdup("\n")))
+ if (append_line(&inqueue, NULL, strdup("\n")))
goto cleanup;
}
/* add the new section header */
- if (append_line(&outqueue, NULL, make_section(section, arg)))
+ if (append_line(&inqueue, NULL, make_section(section, arg)))
goto cleanup;
/* now add the tag */
- if (append_line(&outqueue, NULL, make_tagline(tag, value)))
+ if (append_line(&inqueue, NULL, make_tagline(tag, value)))
goto cleanup;
}
- /* we are done with this section, write it out */
- if (flush_outqueue(&outqueue, outfile))
- goto cleanup;
+ /* we are done with this section, move it to the out queue */
+ append_queue(&inqueue, &outqueue);
} while(err == 0);
}
- if (infile) {
- fclose(infile);
- infile = NULL;
- }
+ /* now rewind and overwrite the file with the updated data */
+ rewind(infile);
- fdout = -1;
- if (fclose(outfile)) {
- xlog(L_ERROR, "Error writing config file: %s", strerror(errno));
+ if (ftruncate(fileno(infile), 0)) {
+ xlog(L_ERROR, "Error truncating config file");
goto cleanup;
}
- /* now swap the old file for the new one */
- if (rename(outpath, filename)) {
- xlog(L_ERROR, "Error updating config file: %s: %s\n", filename, strerror(errno));
- ret = 1;
- } else {
- ret = 0;
- free(outpath);
- outpath = NULL;
+ if (flush_outqueue(&outqueue, infile))
+ goto cleanup;
+
+ if (infile) {
+ fclose(infile);
+ infile = NULL;
}
+ ret = 0;
+
cleanup:
flush_outqueue(&outqueue, NULL);
@@ -1936,11 +1956,5 @@ cleanup:
free(buff);
if (infile)
fclose(infile);
- if (fdout != -1)
- close(fdout);
- if (outpath) {
- unlink(outpath);
- free(outpath);
- }
return ret;
}

View File

@ -0,0 +1,23 @@
commit 268e3c0cff6d6aee3b8f5458545f8dab76d7d444
Author: Steve Dickson <steved@redhat.com>
Date: Mon Feb 4 15:17:42 2019 -0500
nfs.conf: Fixed manage-gids option typo
Reported-by: Adam DiFrischia <adifrischia@curtisswright.com>
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=333
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/nfs.conf b/nfs.conf
index 796bee4..722b024 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -26,7 +26,7 @@
#
[mountd]
# debug=0
-# manage_gids=n
+# manage-gids=n
# descriptors=0
# port=0
# threads=1

View File

@ -0,0 +1,73 @@
commit 0240df0e8ccf7be2706a6a10a2a620f8eda55275
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
Date: Thu Sep 5 07:36:26 2019 -0400
nfsd: Adjust nfs.conf setting/parsing of rdma port
The rpc.nfsd program can use option "--rdma" to enable
RDMA on the standard port (nfsrdma/20049) or "--rdma=port"
for an alternate port.
But now in /etc/nfs.conf, we need to specify the port
number (e.g. rdma=nfsrdma) to enable it, which is not
convenient.
The default setting "rdma=n" may cause more confusion.
Update to enable RDMA on standard port when setting
boolean YES to "rdma=". And using "rdma-port=" for an
alternate port if necessary.
Also let previous config (e.g. rdma=nfsrdma) work as well.
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/nfs.conf b/nfs.conf
index 85097fd..186a5b1 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -63,6 +63,7 @@
# vers4.1=y
# vers4.2=y
# rdma=n
+# rdma-port=20049
#
[statd]
# debug=0
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index b256bd9..a412a02 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -92,7 +92,14 @@ main(int argc, char **argv)
port = conf_get_str("nfsd", "port");
if (!port)
port = "nfs";
- rdma_port = conf_get_str("nfsd", "rdma");
+ if (conf_get_bool("nfsd", "rdma", false)) {
+ rdma_port = conf_get_str("nfsd", "rdma-port");
+ if (!rdma_port)
+ rdma_port = "nfsrdma";
+ }
+ /* backward compatibility - nfs.conf used to set rdma port directly */
+ if (!rdma_port)
+ rdma_port = conf_get_str("nfsd", "rdma");
if (conf_get_bool("nfsd", "udp", NFSCTL_UDPISSET(protobits)))
NFSCTL_UDPSET(protobits);
else
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
index d83ef86..2701ba7 100644
--- a/utils/nfsd/nfsd.man
+++ b/utils/nfsd/nfsd.man
@@ -144,7 +144,11 @@ The lease time for NFSv4, in seconds.
Set the port for TCP/UDP to bind to.
.TP
.B rdma
-Set RDMA port. Use "rdma=nfsrdma" to enable standard port.
+Enable RDMA port (with "on" or "yes" etc) on the standard port
+("nfsrdma", port 20049).
+.TP
+.B rdma-port
+Set an alternate RDMA port.
.TP
.B UDP
Enable (with "on" or "yes" etc) or disable ("off", "no") UDP support.

View File

@ -1,21 +1,82 @@
diff -up nfs-utils-2.5.4/nfs.conf.orig nfs-utils-2.5.4/nfs.conf diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
--- nfs-utils-2.5.4/nfs.conf.orig 2024-04-30 14:42:44.551812808 -0400 --- nfs-utils-2.3.3/nfs.conf.orig 2018-10-22 13:34:58.927700353 -0400
+++ nfs-utils-2.5.4/nfs.conf 2024-04-30 14:43:29.985032677 -0400 +++ nfs-utils-2.3.3/nfs.conf 2018-10-22 14:14:36.864110090 -0400
@@ -20,7 +20,7 @@ @@ -2,16 +2,16 @@
# rpc-verbosity=0 # This is a general configuration for the
# NFS daemons and tools
#
-#[general]
+[general]
# pipefs-directory=/var/lib/nfs/rpc_pipefs
#
-#[exportfs]
+[exportfs]
# debug=0
#
-#[gssd]
+[gssd]
# use-memcache=0 # use-memcache=0
# use-machine-creds=1 # use-machine-creds=1
-# use-gss-proxy=0 -# use-gss-proxy=0
+use-gss-proxy=1 +use-gss-proxy=1
# avoid-dns=1 # avoid-dns=1
# limit-to-legacy-enctypes=0 # limit-to-legacy-enctypes=0
# allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 # context-timeout=0
@@ -97,6 +97,5 @@ rdma-port=20049 @@ -20,11 +20,11 @@
# cred-cache-directory=
# preferred-realm=
#
-#[lockd]
+[lockd]
# port=0
# udp-port=0
#
-#[mountd]
+[mountd]
# debug=0
# manage_gids=n
# descriptors=0
@@ -34,18 +34,17 @@
# state-directory-path=/var/lib/nfs
# ha-callout=
#
-#[nfsdcltrack]
+[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
-#[nfsd]
+[nfsd]
# debug=0
# threads=8
# host=
# port=0
# grace-time=90
# lease-time=90
-# udp=n
# tcp=y
# vers2=n
# vers3=y
@@ -55,7 +54,7 @@
# vers4.2=y
# rdma=n
#
-#[statd]
+[statd]
# debug=0
# port=0
# outgoing-port=0
@@ -63,12 +62,10 @@
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
#
-#[sm-notify]
+[sm-notify]
# debug=0
# retry-time=900
# outgoing-port= # outgoing-port=
# outgoing-addr= # outgoing-addr=
# lift-grace=y # lift-grace=y
-# #
-[svcgssd] -#[svcgssd]
-# principal= -# principal=
+
+#tag1234 - Used for install purposes only

View File

@ -0,0 +1,104 @@
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 2c14e5f..00df2fc 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -888,6 +888,9 @@ main(int argc, char *argv[])
read_gss_conf();
+ verbosity = conf_get_num("gssd", "Verbosity", verbosity);
+ rpc_verbosity = conf_get_num("gssd", "RPC-Verbosity", rpc_verbosity);
+
while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) {
switch (opt) {
case 'f':
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index 8e918cc..ec49b61 100644
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -113,6 +113,10 @@ main(int argc, char *argv[])
else
principal = s;
+ verbosity = conf_get_num("svcgssd", "Verbosity", verbosity);
+ rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
+ idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
+
while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
switch (opt) {
case 'f':
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index 4811e0f..d14eef7 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -261,6 +261,10 @@ main(int argc, char **argv)
strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
+ if (conf_get_bool("General", "server-only", false))
+ clientstart = 0;
+ if (conf_get_bool("General", "client-only", false))
+ serverstart = 0;
}
} else {
conf_path = NFS_CONFFILE;
@@ -276,6 +280,10 @@ main(int argc, char **argv)
"cache-expiration", DEFAULT_IDMAP_CACHE_EXPIRY);
CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
+ if (conf_get_bool("General", "server-only", false))
+ clientstart = 0;
+ if (conf_get_bool("General", "client-only", false))
+ serverstart = 0;
}
while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index 6b57e2b..b256bd9 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -83,6 +83,9 @@ main(int argc, char **argv)
conf_init_file(NFS_CONFFILE);
xlog_from_conffile("nfsd");
+
+ nfssvc_get_minormask(&minormask);
+
count = conf_get_num("nfsd", "threads", count);
grace = conf_get_num("nfsd", "grace-time", grace);
lease = conf_get_num("nfsd", "lease-time", lease);
@@ -101,13 +104,19 @@ main(int argc, char **argv)
for (i = 2; i <= 4; i++) {
char tag[20];
sprintf(tag, "vers%d", i);
- if (conf_get_bool("nfsd", tag, NFSCTL_VERISSET(versbits, i)))
+ if (conf_get_bool("nfsd", tag, NFSCTL_VERISSET(versbits, i))) {
NFSCTL_VERSET(versbits, i);
- else
+ if (i == 4)
+ minorvers = minorversset = minormask;
+ } else {
NFSCTL_VERUNSET(versbits, i);
+ if (i == 4) {
+ minorvers = 0;
+ minorversset = minormask;
+ }
+ }
}
- nfssvc_get_minormask(&minormask);
/* We assume the kernel will default all minor versions to 'on',
* and allow the config file to disable some.
*/
diff --git a/utils/statd/sm-notify.c b/utils/statd/sm-notify.c
index 7a48473..29dad38 100644
--- a/utils/statd/sm-notify.c
+++ b/utils/statd/sm-notify.c
@@ -503,6 +503,7 @@ main(int argc, char **argv)
s = conf_get_str("statd", "state-directory-path");
if (s && !nsm_setup_pathnames(argv[0], s))
exit(1);
+ opt_update_state = conf_get_bool("sm-notify", "update-state", opt_update_state);
while ((c = getopt(argc, argv, "dm:np:v:P:f")) != -1) {
switch (c) {

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,29 @@
commit 3e81185037cf97990e4598218f56d92dd70d6269
Author: NeilBrown <neilb@suse.de>
Date: Tue Oct 20 13:19:10 2020 -0400
clddb-tool was recently renamed to nfsdclddb.
Unfortunately the nfsdcld man page wasn't told.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
index 4c2b1e80..861f1c49 100644
--- a/utils/nfsdcld/nfsdcld.man
+++ b/utils/nfsdcld/nfsdcld.man
@@ -209,12 +209,12 @@ not necessary after upgrading \fBnfsdcld\fR, however \fBnfsd\fR will not use a l
version until restart. A restart of \fBnfsd is necessary\fR after downgrading \fBnfsdcld\fR,
to ensure that \fBnfsd\fR does not use an upcall version that \fBnfsdcld\fR does not support.
Additionally, a downgrade of \fBnfsdcld\fR requires the schema of the on-disk database to
-be downgraded as well. That can be accomplished using the \fBclddb-tool\fR(8) utility.
+be downgraded as well. That can be accomplished using the \fBnfsdclddb\fR(8) utility.
.SH FILES
.TP
.B /var/lib/nfs/nfsdcld/main.sqlite
.SH SEE ALSO
-.BR nfsdcltrack "(8), " clddb-tool (8)
+.BR nfsdcltrack "(8), " nfsdclddb (8)
.SH "AUTHORS"
.IX Header "AUTHORS"
The nfsdcld daemon was developed by Jeff Layton <jlayton@redhat.com>

View File

@ -0,0 +1,130 @@
commit 77d053e4881664e7dbbc3bbb9a242af005598e95
Author: Steve Dickson <steved@redhat.com>
Date: Wed May 13 12:22:41 2020 -0400
nfsdclddb: Redname clddb-tool to nfsdclddb
To try to maintain some type of name convention
rename clddb-tool to nfsdclddb
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/configure.ac b/configure.ac
index df88e58..0b1c8cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -695,7 +695,7 @@ AC_CONFIG_FILES([
tools/mountstats/Makefile
tools/nfs-iostat/Makefile
tools/nfsconf/Makefile
- tools/clddb-tool/Makefile
+ tools/nfsdclddb/Makefile
utils/Makefile
utils/blkmapd/Makefile
utils/nfsdcld/Makefile
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 53e6117..432d35d 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -9,7 +9,7 @@ endif
OPTDIRS += nfsconf
if CONFIG_NFSDCLD
-OPTDIRS += clddb-tool
+OPTDIRS += nfsdclddb
endif
SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat $(OPTDIRS)
diff --git a/tools/clddb-tool/Makefile.am b/tools/nfsdclddb/Makefile.am
similarity index 60%
rename from tools/clddb-tool/Makefile.am
rename to tools/nfsdclddb/Makefile.am
index 15a8fd4..18263fb 100644
--- a/tools/clddb-tool/Makefile.am
+++ b/tools/nfsdclddb/Makefile.am
@@ -1,13 +1,13 @@
## Process this file with automake to produce Makefile.in
-PYTHON_FILES = clddb-tool.py
+PYTHON_FILES = nfsdclddb.py
-man8_MANS = clddb-tool.man
+man8_MANS = nfsdclddb.man
EXTRA_DIST = $(man8_MANS) $(PYTHON_FILES)
all-local: $(PYTHON_FILES)
install-data-hook:
- $(INSTALL) -m 755 clddb-tool.py $(DESTDIR)$(sbindir)/clddb-tool
+ $(INSTALL) -m 755 nfsdclddb.py $(DESTDIR)$(sbindir)/nfsdclddb
MAINTAINERCLEANFILES=Makefile.in
diff --git a/tools/clddb-tool/clddb-tool.man b/tools/nfsdclddb/nfsdclddb.man
similarity index 84%
rename from tools/clddb-tool/clddb-tool.man
rename to tools/nfsdclddb/nfsdclddb.man
index e80b2c0..8ec7b18 100644
--- a/tools/clddb-tool/clddb-tool.man
+++ b/tools/nfsdclddb/nfsdclddb.man
@@ -1,20 +1,20 @@
.\"
-.\" clddb-tool(8)
+.\" nfsdclddb(8)
.\"
-.TH clddb-tool 8 "07 Aug 2019"
+.TH nfsdclddb 8 "07 Aug 2019"
.SH NAME
-clddb-tool \- Tool for manipulating the nfsdcld sqlite database
+nfsdclddb \- Tool for manipulating the nfsdcld sqlite database
.SH SYNOPSIS
-.B clddb-tool
+.B nfsdclddb
.RB [ \-h | \-\-help ]
.P
-.B clddb-tool
+.B nfsdclddb
.RB [ \-p | \-\-path
.IR dbpath ]
.B fix-table-names
.RB [ \-h | \-\-help ]
.P
-.B clddb-tool
+.B nfsdclddb
.RB [ \-p | \-\-path
.IR dbpath ]
.B downgrade-schema
@@ -22,7 +22,7 @@ clddb-tool \- Tool for manipulating the nfsdcld sqlite database
.RB [ \-v | \-\-version
.IR to-version ]
.P
-.B clddb-tool
+.B nfsdclddb
.RB [ \-p | \-\-path
.IR dbpath ]
.B print
@@ -31,10 +31,10 @@ clddb-tool \- Tool for manipulating the nfsdcld sqlite database
.P
.SH DESCRIPTION
-.RB "The " clddb-tool " command is provided to perform some manipulation of the nfsdcld sqlite database schema and to print the contents of the database."
+.RB "The " nfsdclddb " command is provided to perform some manipulation of the nfsdcld sqlite database schema and to print the contents of the database."
.SS Sub-commands
Valid
-.B clddb-tool
+.B nfsdclddb
subcommands are:
.IP "\fBfix-table-names\fP"
.RB "A previous version of " nfsdcld "(8) contained a bug that corrupted the reboot epoch table names. This sub-command will fix those table names."
@@ -66,7 +66,7 @@ The schema version to downgrade to. Currently the schema can only be downgraded
Do not list the clients in the reboot epoch tables in the output.
.SH NOTES
The
-.B clddb-tool
+.B nfsdclddb
command will not allow the
.B fix-table-names
or
diff --git a/tools/clddb-tool/clddb-tool.py b/tools/nfsdclddb/nfsdclddb.py
similarity index 100%
rename from tools/clddb-tool/clddb-tool.py
rename to tools/nfsdclddb/nfsdclddb.py

View File

@ -0,0 +1,27 @@
commit 0095435db8228d5a88ec35a63cb64271e2e648a8
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 19 12:48:31 2019 -0500
libnfsidmap: Turn off default verbosity
Commit f080188e changed the library's verbosity
to be on by default. The patch turns it off by
default
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1774787
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
index 9299e652..d11710f1 100644
--- a/support/nfsidmap/libnfsidmap.c
+++ b/support/nfsidmap/libnfsidmap.c
@@ -101,7 +101,7 @@ static void default_logger(const char *fmt, ...)
#pragma GCC visibility pop
nfs4_idmap_log_function_t idmap_log_func = default_logger;
-int idmap_verbosity = 2;
+int idmap_verbosity = 0;
#pragma GCC visibility push(hidden)
static int id_as_chars(char *name, uid_t *id)

View File

@ -0,0 +1,12 @@
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:38:26.462195326 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:45:47.210671473 -0500
@@ -380,6 +380,8 @@ class DeviceData:
sends = float(self.__rpc_data['rpcsends'])
if sample_time == 0:
sample_time = float(self.__nfs_data['age'])
+ if sample_time == 0:
+ sample_time = 1;
return (sends / sample_time)
def display_iostats(self, sample_time, which):

View File

@ -0,0 +1,159 @@
diff --git a/tools/mountstats/mountstats.py b/tools/mountstats/mountstats.py
index 48ef0964..bda9af67 100755
--- a/tools/mountstats/mountstats.py
+++ b/tools/mountstats/mountstats.py
@@ -308,6 +308,8 @@ class DeviceData:
op = words[0][:-1]
self.__rpc_data['ops'] += [op]
self.__rpc_data[op] = [int(word) for word in words[1:]]
+ if len(self.__rpc_data[op]) < 9:
+ self.__rpc_data[op] += [0]
def parse_stats(self, lines):
"""Turn a list of lines from a mount stat file into a
@@ -475,7 +477,9 @@ class DeviceData:
retrans = stats[2] - count
if retrans != 0:
print('\t%d retrans (%d%%)' % (retrans, ((retrans * 100) / count)), end=' ')
- print('\t%d major timeouts' % stats[3])
+ print('\t%d major timeouts' % stats[3], end='')
+ if len(stats) >= 10 and stats[9] != 0:
+ print('\t%d errors (%d%%)' % (stats[9], ((stats[9] * 100) / count)))
else:
print('')
print('\tavg bytes sent per op: %d\tavg bytes received per op: %d' % \
@@ -580,7 +584,7 @@ class DeviceData:
self.__nfs_data['fstype'] = 'nfs4'
self.__rpc_data['ops'] = ops
for op in ops:
- self.__rpc_data[op] = [0 for i in range(8)]
+ self.__rpc_data[op] = [0 for i in range(9)]
def accumulate_iostats(self, new_stats):
"""Accumulate counters from all RPC op buckets in new_stats. This is
@@ -605,6 +609,8 @@ class DeviceData:
queued_for = float(rpc_stats[5])
rtt = float(rpc_stats[6])
exe = float(rpc_stats[7])
+ if len(rpc_stats) >= 9:
+ errs = int(rpc_stats[8])
# prevent floating point exceptions
if ops != 0:
@@ -613,12 +619,15 @@ class DeviceData:
rtt_per_op = rtt / ops
exe_per_op = exe / ops
queued_for_per_op = queued_for / ops
+ if len(rpc_stats) >= 9:
+ errs_percent = (errs * 100) / ops
else:
kb_per_op = 0.0
retrans_percent = 0.0
rtt_per_op = 0.0
exe_per_op = 0.0
queued_for_per_op = 0.0
+ errs_percent = 0.0
op += ':'
print(format(op.lower(), '<16s'), end='')
@@ -628,7 +637,10 @@ class DeviceData:
print(format('retrans', '>16s'), end='')
print(format('avg RTT (ms)', '>16s'), end='')
print(format('avg exe (ms)', '>16s'), end='')
- print(format('avg queue (ms)', '>16s'))
+ print(format('avg queue (ms)', '>16s'), end='')
+ if len(rpc_stats) >= 9:
+ print(format('errors', '>16s'), end='')
+ print()
print(format((ops / sample_time), '>24.3f'), end='')
print(format((kilobytes / sample_time), '>16.3f'), end='')
@@ -637,7 +649,11 @@ class DeviceData:
print(format(retransmits, '>16'), end='')
print(format(rtt_per_op, '>16.3f'), end='')
print(format(exe_per_op, '>16.3f'), end='')
- print(format(queued_for_per_op, '>16.3f'))
+ print(format(queued_for_per_op, '>16.3f'), end='')
+ if len(rpc_stats) >= 9:
+ errors = '{0:>10.0f} ({1:>3.1f}%)'.format(errs, errs_percent).strip()
+ print(format(errors, '>16'), end='')
+ print()
def display_iostats(self, sample_time):
"""Display NFS and RPC stats in an iostat-like way
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
old mode 100644
new mode 100755
index f1556fb7..5b2260ad
--- a/tools/nfs-iostat/nfs-iostat.py
+++ b/tools/nfs-iostat/nfs-iostat.py
@@ -329,6 +329,8 @@ class DeviceData:
queued_for = float(rpc_stats[5])
rtt = float(rpc_stats[6])
exe = float(rpc_stats[7])
+ if len(rpc_stats) >= 9:
+ errs = float(rpc_stats[8])
# prevent floating point exceptions
if ops != 0:
@@ -337,12 +339,16 @@ class DeviceData:
rtt_per_op = rtt / ops
exe_per_op = exe / ops
queued_for_per_op = queued_for / ops
+ if len(rpc_stats) >= 9:
+ errs_percent = (errs * 100) / ops
else:
kb_per_op = 0.0
retrans_percent = 0.0
rtt_per_op = 0.0
exe_per_op = 0.0
queued_for_per_op = 0.0
+ if len(rpc_stats) >= 9:
+ errs_percent = 0.0
op += ':'
print(format(op.lower(), '<16s'), end='')
@@ -352,7 +358,10 @@ class DeviceData:
print(format('retrans', '>16s'), end='')
print(format('avg RTT (ms)', '>16s'), end='')
print(format('avg exe (ms)', '>16s'), end='')
- print(format('avg queue (ms)', '>16s'))
+ print(format('avg queue (ms)', '>16s'), end='')
+ if len(rpc_stats) >= 9:
+ print(format('errors', '>16s'), end='')
+ print()
print(format((ops / sample_time), '>24.3f'), end='')
print(format((kilobytes / sample_time), '>16.3f'), end='')
@@ -361,7 +370,11 @@ class DeviceData:
print(format(retransmits, '>16'), end='')
print(format(rtt_per_op, '>16.3f'), end='')
print(format(exe_per_op, '>16.3f'), end='')
- print(format(queued_for_per_op, '>16.3f'))
+ print(format(queued_for_per_op, '>16.3f'), end='')
+ if len(rpc_stats) >= 9:
+ errors = '{0:>10.0f} ({1:>3.1f}%)'.format(errs, errs_percent).strip()
+ print(format(errors, '>16'), end='')
+ print()
def ops(self, sample_time):
sends = float(self.__rpc_data['rpcsends'])
diff --git a/tools/nfs-iostat/nfsiostat.man b/tools/nfs-iostat/nfsiostat.man
index 9ae94c5f..940c0431 100644
--- a/tools/nfs-iostat/nfsiostat.man
+++ b/tools/nfs-iostat/nfsiostat.man
@@ -97,6 +97,14 @@ This is the duration from the time the NFS client created the RPC request task t
.RE
.RE
.RE
+.RS 8
+- \fBerrors\fR
+.RS
+This is the number of operations that completed with an error status (status < 0). This count is only available on kernels with RPC iostats version 1.1 or above.
+.RS
+.RE
+.RE
+.RE
.TP
Note that if an interval is used as argument to \fBnfsiostat\fR, then the diffrence from previous interval will be displayed, otherwise the results will be from the time that the share was mounted.

View File

@ -0,0 +1,37 @@
diff -up nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig nfs-utils-2.3.3/tools/mountstats/mountstats.py
--- nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig 2020-12-10 10:48:17.319579958 -0500
+++ nfs-utils-2.3.3/tools/mountstats/mountstats.py 2020-12-10 10:52:42.481484160 -0500
@@ -943,10 +943,11 @@ def print_iostat_summary(old, new, devic
if not old or device not in old:
stats.display_iostats(time)
else:
- old_stats = DeviceData()
- old_stats.parse_stats(old[device])
- diff_stats = stats.compare_iostats(old_stats)
- diff_stats.display_iostats(time)
+ if ("fstype autofs" not in str(old[device])) and ("fstype autofs" not in str(new[device])):
+ old_stats = DeviceData()
+ old_stats.parse_stats(old[device])
+ diff_stats = stats.compare_iostats(old_stats)
+ diff_stats.display_iostats(time)
def iostat_command(args):
"""iostat-like command for NFS mount points
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:48:17.316579880 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:52:42.481484160 -0500
@@ -467,10 +467,13 @@ def parse_stats_file(filename):
def print_iostat_summary(old, new, devices, time, options):
stats = {}
diff_stats = {}
+ devicelist = []
if old:
# Trim device list to only include intersection of old and new data,
# this addresses umounts due to autofs mountpoints
- devicelist = [x for x in old if x in devices]
+ for device in devices:
+ if "fstype autofs" not in str(old[device]):
+ devicelist.append(device)
else:
devicelist = devices

View File

@ -0,0 +1,53 @@
commit b5381c96298d75ba66625a007e2390e2b501850d
Author: Trond Myklebust <trond.myklebust@hammerspace.com>
Date: Wed Jan 29 10:45:39 2020 -0500
manpage: Add a description of the 'softreval' / 'nosoftreval' mount option
Add a description of the 'softreval' / 'nosoftreval' mount options on
the 'nfs' generic manpage.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index 84462cd7..6f79c63a 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -121,6 +121,36 @@ option may mitigate some of the risks of using the
.B soft
option.
.TP 1.5i
+.BR softreval " / " nosoftreval
+In cases where the NFS server is down, it may be useful to
+allow the NFS client to continue to serve up paths and
+attributes from cache after
+.B retrans
+attempts to revalidate that cache have timed out.
+This may, for instance, be helpful when trying to unmount a
+filesystem tree from a server that is permanently down.
+.IP
+It is possible to combine
+.BR softreval
+with the
+.B soft
+mount option, in which case operations that cannot be served up
+from cache will time out and return an error after
+.B retrans
+attempts. The combination with the default
+.B hard
+mount option implies those uncached operations will continue to
+retry until a response is received from the server.
+.IP
+Note: the default mount option is
+.BR nosoftreval
+which disallows fallback to cache when revalidation fails, and
+instead follows the behavior dictated by the
+.B hard
+or
+.B soft
+mount option.
+.TP 1.5i
.BR intr " / " nointr
This option is provided for backward compatibility.
It is ignored after kernel 2.6.25.

View File

@ -0,0 +1,22 @@
commit 2b78802c4eda6f74b77330832c54fd6b59991adf
Author: Josef Radinger <cheese@nosuchhost.net>
Date: Wed Jul 24 10:59:51 2019 -0400
nfs.man: Fixed small typo in man page
Fixes: https://bugzilla.linux-nfs.org/show_bug.cgi?id=337
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index 9ee9bd9..6ba9cef 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -1252,7 +1252,7 @@ If absolute cache coherence among clients is required,
applications should use file locking. Alternatively, applications
can also open their files with the O_DIRECT flag
to disable data caching entirely.
-.SS "File timestamp maintainence"
+.SS "File timestamp maintenance"
NFS servers are responsible for managing file and directory timestamps
.RB ( atime ,
.BR ctime ", and"

View File

@ -1,8 +1,8 @@
diff --git a/.gitignore b/.gitignore diff --git a/.gitignore b/.gitignore
index c89d1cd2..df791a83 100644 index e97b31f5..e504d492 100644
--- a/.gitignore --- a/.gitignore
+++ b/.gitignore +++ b/.gitignore
@@ -61,6 +61,8 @@ utils/statd/statd @@ -60,6 +60,8 @@ utils/statd/statd
tools/locktest/testlk tools/locktest/testlk
tools/getiversion/getiversion tools/getiversion/getiversion
tools/nfsconf/nfsconf tools/nfsconf/nfsconf
@ -12,27 +12,10 @@ index c89d1cd2..df791a83 100644
support/export/mount_clnt.c support/export/mount_clnt.c
support/export/mount_xdr.c support/export/mount_xdr.c
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index d01ce6e4..3f48bd54 100644 index 6d464ac5..f462a645 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -251,6 +251,16 @@ AC_ARG_ENABLE(nfsdcld, @@ -639,6 +639,7 @@ AC_CONFIG_FILES([
enable_nfsdcld=$enableval,
enable_nfsdcld="yes")
+AC_ARG_ENABLE(nfsrahead,
+ [AS_HELP_STRING([--disable-nfsrahead],[disable nfsrahead command @<:@default=no@:>@])],
+ enable_nfsrahead=$enableval,
+ enable_nfsrahead="yes")
+ AM_CONDITIONAL(CONFIG_NFSRAHEAD, [test "$enable_nfsrahead" = "yes" ])
+ if test "$enable_nfsrahead" = yes; then
+ dnl Check for -lmount
+ PKG_CHECK_MODULES([LIBMOUNT], [mount])
+ fi
+
AC_ARG_ENABLE(nfsdcltrack,
[AC_HELP_STRING([--disable-nfsdcltrack],
[disable NFSv4 clientid tracking programs @<:@default=no@:>@])],
@@ -712,6 +722,7 @@ AC_CONFIG_FILES([
tools/rpcgen/Makefile tools/rpcgen/Makefile
tools/mountstats/Makefile tools/mountstats/Makefile
tools/nfs-iostat/Makefile tools/nfs-iostat/Makefile
@ -41,7 +24,7 @@ index d01ce6e4..3f48bd54 100644
tools/nfsdclnts/Makefile tools/nfsdclnts/Makefile
tools/nfsconf/Makefile tools/nfsconf/Makefile
diff --git a/nfs.conf b/nfs.conf diff --git a/nfs.conf b/nfs.conf
index bc1de8d1..6aec1dd9 100644 index 86ed7d53..30f9e109 100644
--- a/nfs.conf --- a/nfs.conf
+++ b/nfs.conf +++ b/nfs.conf
@@ -5,6 +5,10 @@ @@ -5,6 +5,10 @@
@ -52,14 +35,14 @@ index bc1de8d1..6aec1dd9 100644
+# nfs=15000 +# nfs=15000
+# nfs4=16000 +# nfs4=16000
+# +#
[exports] [exportfs]
# rootdir=/export # debug=0
# #
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
index be487a11..e74083e9 100644 index f32c690b..ebbf28d0 100644
--- a/systemd/nfs.conf.man --- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man +++ b/systemd/nfs.conf.man
@@ -294,6 +294,17 @@ Only @@ -245,6 +245,17 @@ Only
.B debug= .B debug=
is recognized. is recognized.
@ -75,21 +58,18 @@ index be487a11..e74083e9 100644
+for deatils. +for deatils.
+ +
.SH FILES .SH FILES
.TP 10n
.I /etc/nfs.conf .I /etc/nfs.conf
.SH SEE ALSO
diff --git a/tools/Makefile.am b/tools/Makefile.am diff --git a/tools/Makefile.am b/tools/Makefile.am
index c3feabbe..48fd0cdf 100644 index c3feabbe..40c17c37 100644
--- a/tools/Makefile.am --- a/tools/Makefile.am
+++ b/tools/Makefile.am +++ b/tools/Makefile.am
@@ -12,6 +12,10 @@ if CONFIG_NFSDCLD @@ -12,6 +12,6 @@ if CONFIG_NFSDCLD
OPTDIRS += nfsdclddb OPTDIRS += nfsdclddb
endif endif
+if CONFIG_NFSRAHEAD -SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts $(OPTDIRS)
+OPTDIRS += nfsrahead +SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts nfsrahead $(OPTDIRS)
+endif
+
SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat rpcctl nfsdclnts $(OPTDIRS)
MAINTAINERCLEANFILES = Makefile.in MAINTAINERCLEANFILES = Makefile.in
diff --git a/tools/nfsrahead/99-nfs.rules b/tools/nfsrahead/99-nfs.rules diff --git a/tools/nfsrahead/99-nfs.rules b/tools/nfsrahead/99-nfs.rules
@ -108,13 +88,13 @@ index 00000000..648813c5
+SUBSYSTEM=="bdi", ACTION=="add", PROGRAM="_libexecdir_/nfsrahead %k", ATTR{read_ahead_kb}="%c" +SUBSYSTEM=="bdi", ACTION=="add", PROGRAM="_libexecdir_/nfsrahead %k", ATTR{read_ahead_kb}="%c"
diff --git a/tools/nfsrahead/Makefile.am b/tools/nfsrahead/Makefile.am diff --git a/tools/nfsrahead/Makefile.am b/tools/nfsrahead/Makefile.am
new file mode 100644 new file mode 100644
index 00000000..7e08233a index 00000000..845ea0d5
--- /dev/null --- /dev/null
+++ b/tools/nfsrahead/Makefile.am +++ b/tools/nfsrahead/Makefile.am
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
+libexec_PROGRAMS = nfsrahead +libexec_PROGRAMS = nfsrahead
+nfsrahead_SOURCES = main.c +nfsrahead_SOURCES = main.c
+nfsrahead_LDFLAGS= $(LIBMOUNT_LIBS) +nfsrahead_LDFLAGS= -lmount
+nfsrahead_LDADD = ../../support/nfs/libnfsconf.la +nfsrahead_LDADD = ../../support/nfs/libnfsconf.la
+ +
+man5_MANS = nfsrahead.man +man5_MANS = nfsrahead.man
@ -404,3 +384,16 @@ index 00000000..5488f633
+.SH AUTHOR +.SH AUTHOR
+ +
+Thiago Rafael Becker <trbecker@gmail.com> +Thiago Rafael Becker <trbecker@gmail.com>
diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
index 2af16f31..1911c41b 100644
--- a/utils/nfsidmap/nfsidmap.man
+++ b/utils/nfsidmap/nfsidmap.man
@@ -2,7 +2,7 @@
.\"@(#)nfsidmap(8) - The NFS idmapper upcall program
.\"
.\" Copyright (C) 2010 Bryan Schumaker <bjschuma@netapp.com>
-.TH nfsidmap 5 "1 October 2010"
+.TH nfsidmap 8 "1 October 2010"
.SH NAME
nfsidmap \- The NFS idmapper upcall program
.SH SYNOPSIS

View File

@ -0,0 +1,188 @@
commit 80b17639d78e152306d8d1753d719654ebb40e01
Author: Steve Dickson <steved@redhat.com>
Date: Fri Oct 19 10:26:10 2018 -0400
Remove osd_login
This ancient script has not been used
in years, if used at all.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/configure.ac b/configure.ac
index e82ff14..cf1c4b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -238,13 +238,6 @@ AC_ARG_ENABLE(nfsdcltrack,
enable_nfsdcltrack=$enableval,
enable_nfsdcltrack="yes")
-AC_ARG_ENABLE(osdlogin,
- [AC_HELP_STRING([--enable-osdlogin],
- [enable osd_login scripts @<:@default=no@:>@])],
- enable_osdlogin=$enableval,
- enable_osdlogin="no")
- AM_CONDITIONAL(CONFIG_OSD_LOGIN, [test "$enable_osdlogin" = "yes" ])
-
dnl Check for TI-RPC library and headers
AC_LIBTIRPC
@@ -631,7 +624,6 @@ AC_CONFIG_FILES([
utils/nfsidmap/Makefile
utils/showmount/Makefile
utils/statd/Makefile
- utils/osd_login/Makefile
systemd/Makefile
tests/Makefile
tests/nsm_client/Makefile])
diff --git a/utils/Makefile.am b/utils/Makefile.am
index d361aea..0a5b062 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -34,7 +34,6 @@ SUBDIRS = \
nfsstat \
showmount \
statd \
- osd_login \
$(OPTDIRS)
MAINTAINERCLEANFILES = Makefile.in
diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am
deleted file mode 100644
index ded1fd3..0000000
--- a/utils/osd_login/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-# These binaries go in /sbin (not /usr/sbin), and that cannot be
-# overridden at config time.
-sbindir = /sbin
-
-dist_sbin_SCRIPTS = osd_login
-
-MAINTAINERCLEANFILES = Makefile.in
diff --git a/utils/osd_login/osd_login b/utils/osd_login/osd_login
deleted file mode 100644
index 08cd2d2..0000000
--- a/utils/osd_login/osd_login
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/bash
-#
-# osd_login : This script is part of the autologin feature
-# mandated by the pnfs-objects standard.
-# It is called from objlayoutdriver.ko in the kernel.
-
-# Copyright (C) 2012, Sachin Bhamare <sbhamare@panasas.com>
-# Copyright (C) 2012, Boaz Harrosh <bharrosh@panasas.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-# MA 02110-1301 USA
-
-umask 022
-
-PATH="/sbin:/usr/sbin:/bin:/usr/bin"
-
-iscsiadm=/sbin/iscsiadm
-
-PARENT_PID=$BASHPID
-WATCHDOG_TIMEOUT=15
-
-protocol=""
-portal=""
-uri=""
-osdname=""
-systemid=""
-
-usage()
-{
- echo "Usage: $0 -u <URI> -o <OSDNAME> -s <SYSTEMID>"
- echo "Options:"
- echo "-u target uri e.g. iscsi://<ip>:<port>"
- echo "-o osdname of the target OSD"
- echo "-s systemid of the target OSD"
-}
-
-parse_cmdline()
-{
- argc=$#
- if [ $# -lt 3 ]; then
- usage
- exit 1
- fi
-
- # parse the input arguments
- while getopts "u:o:s:" options; do
- case $options in
- u ) uri=$OPTARG;;
- o ) osdname=$OPTARG;;
- s ) systemid=$OPTARG;;
- \? ) usage
- exit 1;;
- * ) usage
- exit 1;;
- esac
- done
-
- echo "-u : $uri"
- echo "-o : $osdname"
- echo "-s : $systemid"
-
- protocol=`echo $uri | awk -F ':' '{print $1}'`
- portal=`echo $uri | awk -F '//' '{print $2}'`
-}
-
-watchdog()
-{
- timeout=$1
- portal=$2
-
- sleep $timeout
- if kill -9 $PARENT_PID; then
- echo "watchdog : Timed out (>$timeout seconds) while login into $portal" | logger -t "osd_login"
- fi
- echo "watchdog: exiting .."
- exit 2
-}
-
-login_iscsi_osd()
-{
- echo "login into: $1"
- if ! $iscsiadm -m discovery -o nonpersistent -t sendtargets -p $1 --login; then
- echo "$iscsiadm -m discovery -t sendtargets -p $1 --login returned error $? !"
- sleep 1;
- fi
-}
-
-echo "============= osd_login ========="
-echo "progname : $0"
-parse_cmdline "$@"
-echo "protocol: $protocol"
-echo "portal: $portal"
-
-watchdog $WATCHDOG_TIMEOUT $portal &
-watchdog_pid=$!
-
-case $protocol in
-iscsi)
- login_iscsi_osd $portal |& logger -t "osd_login"
- ;;
-*)
- echo "Error: protocol $protocol not supported !" | logger -t "osd_login"
- ;;
-esac
-
-kill -9 $watchdog_pid
-exit 0

View File

@ -0,0 +1,12 @@
diff -up nfs-utils-2.3.3/tools/rpcctl/rpcctl.py.orig nfs-utils-2.3.3/tools/rpcctl/rpcctl.py
--- nfs-utils-2.3.3/tools/rpcctl/rpcctl.py.orig 2022-06-27 13:22:19.844747880 -0400
+++ nfs-utils-2.3.3/tools/rpcctl/rpcctl.py 2022-06-27 13:23:02.168004219 -0400
@@ -213,7 +213,7 @@ class RpcClient:
def __init__(self, path):
self.path = path
self.name = path.stem
- self.switch = XprtSwitch(path / (path / "switch").readlink(), sep=",")
+ self.switch = XprtSwitch(path / os.readlink(path / "switch"), sep=",")
def __lt__(self, rhs):
return self.name < rhs.name

View File

@ -0,0 +1,34 @@
From 2fdd10bebf395b51e931a10adbdc85f3a3f8a285 Mon Sep 17 00:00:00 2001
From: Alice Mitchell <ajmitchell@redhat.com>
Date: Thu, 23 Jun 2022 16:04:45 +0100
Subject: [PATCH] Remove subparser required option as that was added in py3.7
---
tools/rpcctl/rpcctl.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
index d2110ad6..2ac6ede9 100755
--- a/tools/rpcctl/rpcctl.py
+++ b/tools/rpcctl/rpcctl.py
@@ -120,7 +120,7 @@ class Xprt:
set = subparser.add_parser("set", help="Change an xprt property")
set.add_argument("xprt", metavar="XPRT", nargs=1,
help="Name of a specific xprt to modify")
- subparser = set.add_subparsers(required=True)
+ subparser = set.add_subparsers()
online = subparser.add_parser("online", help="Set an xprt online")
online.set_defaults(func=Xprt.set_property, property="online")
offline = subparser.add_parser("offline", help="Set an xprt offline")
@@ -185,7 +185,7 @@ class XprtSwitch:
set = subparser.add_parser("set", help="Change an xprt switch property")
set.add_argument("switch", metavar="SWITCH", nargs=1,
help="Name of a specific xprt switch to modify")
- subparser = set.add_subparsers(required=True)
+ subparser = set.add_subparsers()
dstaddr = subparser.add_parser("dstaddr", help="Change an xprt switch's dstaddr")
dstaddr.add_argument("newaddr", metavar="NEWADDR", nargs=1,
help="The new address for the xprt switch")
--
2.36.1

View File

@ -1,8 +1,8 @@
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 93520a80..d01ce6e4 100644 index f2f2303b..6d464ac5 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -712,6 +712,7 @@ AC_CONFIG_FILES([ @@ -639,6 +639,7 @@ AC_CONFIG_FILES([
tools/rpcgen/Makefile tools/rpcgen/Makefile
tools/mountstats/Makefile tools/mountstats/Makefile
tools/nfs-iostat/Makefile tools/nfs-iostat/Makefile
@ -116,10 +116,10 @@ index 00000000..b87ba0df
+Anna Schumaker <Anna.Schumaker@Netapp.com> +Anna Schumaker <Anna.Schumaker@Netapp.com>
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
new file mode 100755 new file mode 100755
index 00000000..b8df556b index 00000000..d2110ad6
--- /dev/null --- /dev/null
+++ b/tools/rpcctl/rpcctl.py +++ b/tools/rpcctl/rpcctl.py
@@ -0,0 +1,255 @@ @@ -0,0 +1,262 @@
+#!/usr/bin/python3 +#!/usr/bin/python3
+import argparse +import argparse
+import collections +import collections
@ -212,10 +212,18 @@ index 00000000..b8df556b
+ self.dstaddr = write_addr_file(self.path / "dstaddr", newaddr) + self.dstaddr = write_addr_file(self.path / "dstaddr", newaddr)
+ +
+ def set_state(self, state): + def set_state(self, state):
+ if self.info.get("main_xprt"):
+ raise Exception(f"Main xprts cannot be set {state}")
+ with open(self.path / "xprt_state", 'w') as f: + with open(self.path / "xprt_state", 'w') as f:
+ f.write(state) + f.write(state)
+ self.read_state() + self.read_state()
+ +
+ def remove(self):
+ if self.info.get("main_xprt"):
+ raise Exception("Main xprts cannot be removed")
+ self.set_state("offline")
+ self.set_state("remove")
+
+ def add_command(subparser): + def add_command(subparser):
+ parser = subparser.add_parser("xprt", help="Commands for individual xprts") + parser = subparser.add_parser("xprt", help="Commands for individual xprts")
+ parser.set_defaults(func=Xprt.show, xprt=None) + parser.set_defaults(func=Xprt.show, xprt=None)
@ -261,10 +269,9 @@ index 00000000..b8df556b
+ if args.property == "dstaddr": + if args.property == "dstaddr":
+ xprt.set_dstaddr(socket.gethostbyname(args.newaddr[0])) + xprt.set_dstaddr(socket.gethostbyname(args.newaddr[0]))
+ elif args.property == "remove": + elif args.property == "remove":
+ xprt.set_state("offline") + xprt.remove()
+ xprt.set_state("remove")
+ else: + else:
+ args.set_state(args.property) + xprt.set_state(args.property)
+ print(xprt) + print(xprt)
+ +
+ +

View File

@ -0,0 +1,73 @@
diff -up nfs-utils-2.3.3/nfs.conf.orig nfs-utils-2.3.3/nfs.conf
--- nfs-utils-2.3.3/nfs.conf.orig 2019-03-05 10:30:28.100560625 -0500
+++ nfs-utils-2.3.3/nfs.conf 2019-03-05 10:35:28.702004199 -0500
@@ -64,6 +64,7 @@ use-gss-proxy=1
#
[sm-notify]
# debug=0
+# force=0
# retry-time=900
# outgoing-port=
# outgoing-addr=
diff -up nfs-utils-2.3.3/utils/statd/sm-notify.c.orig nfs-utils-2.3.3/utils/statd/sm-notify.c
--- nfs-utils-2.3.3/utils/statd/sm-notify.c.orig 2019-03-05 10:30:28.070560401 -0500
+++ nfs-utils-2.3.3/utils/statd/sm-notify.c 2019-03-05 10:35:28.703004207 -0500
@@ -49,6 +49,7 @@
#define NLM_END_GRACE_FILE "/proc/fs/lockd/nlm_end_grace"
int lift_grace = 1;
+int force = 0;
struct nsm_host {
struct nsm_host * next;
@@ -480,19 +481,10 @@ nsm_lift_grace_period(void)
close(fd);
return;
}
-
-int
-main(int argc, char **argv)
+inline static void
+read_nfsconf(char **argv)
{
- int c, sock, force = 0;
- char * progname;
- char * s;
-
- progname = strrchr(argv[0], '/');
- if (progname != NULL)
- progname++;
- else
- progname = argv[0];
+ char *s;
conf_init_file(NFS_CONFFILE);
xlog_from_conffile("sm-notify");
@@ -500,10 +492,27 @@ main(int argc, char **argv)
opt_srcport = conf_get_str("sm-notify", "outgoing-port");
opt_srcaddr = conf_get_str("sm-notify", "outgoing-addr");
lift_grace = conf_get_bool("sm-notify", "lift-grace", lift_grace);
+
s = conf_get_str("statd", "state-directory-path");
if (s && !nsm_setup_pathnames(argv[0], s))
exit(1);
opt_update_state = conf_get_bool("sm-notify", "update-state", opt_update_state);
+ force = conf_get_bool("sm-notify", "force", force);
+}
+
+int
+main(int argc, char **argv)
+{
+ int c, sock;
+ char * progname;
+
+ progname = strrchr(argv[0], '/');
+ if (progname != NULL)
+ progname++;
+ else
+ progname = argv[0];
+
+ read_nfsconf(argv);
while ((c = getopt(argc, argv, "dm:np:v:P:f")) != -1) {
switch (c) {

View File

@ -0,0 +1,105 @@
commit 5394f939b591e65fec37a6bee826c13620d3f39b
Author: Justin Mitchell <jumitche@redhat.com>
Date: Mon Mar 4 11:53:09 2019 -0500
Add nfs.conf equivalent for the statd --no-notify cmdline option
Also cleaned up how nfs.conf is read.
Signed-off-by: Justin Mitchell <jumitche@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/nfs.conf b/nfs.conf
index f1ebfdb..d332375 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -62,6 +62,7 @@
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
+# no-notify=0
#
[sm-notify]
# debug=0
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 2cc6cf3..1467380 100644
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -238,6 +238,39 @@ static void set_nlm_port(char *type, int port)
fprintf(stderr, "%s: failed to open %s: %s\n",
name_p, pathbuf, strerror(errno));
}
+int port = 0, out_port = 0;
+int nlm_udp = 0, nlm_tcp = 0;
+
+inline static void
+read_nfsconf(char **argv)
+{
+ char *s;
+
+ conf_init_file(NFS_CONFFILE);
+ xlog_from_conffile("statd");
+
+ out_port = conf_get_num("statd", "outgoing-port", out_port);
+ port = conf_get_num("statd", "port", port);
+
+ MY_NAME = conf_get_str("statd", "name");
+ if (MY_NAME)
+ run_mode |= STATIC_HOSTNAME;
+
+ s = conf_get_str("statd", "state-directory-path");
+ if (s && !nsm_setup_pathnames(argv[0], s))
+ exit(1);
+
+ s = conf_get_str("statd", "ha-callout");
+ if (s)
+ ha_callout_prog = s;
+
+ nlm_tcp = conf_get_num("lockd", "port", nlm_tcp);
+ /* udp defaults to the same as tcp ! */
+ nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp);
+
+ if (conf_get_bool("statd", "no-notify", false))
+ run_mode |= MODE_NO_NOTIFY;
+}
/*
* Entry routine/main loop.
@@ -245,11 +278,8 @@ static void set_nlm_port(char *type, int port)
int main (int argc, char **argv)
{
extern char *optarg;
- char *s;
int pid;
int arg;
- int port = 0, out_port = 0;
- int nlm_udp = 0, nlm_tcp = 0;
struct rlimit rlim;
int notify_sockfd;
char *env;
@@ -275,23 +305,8 @@ int main (int argc, char **argv)
/* Set hostname */
MY_NAME = NULL;
- conf_init_file(NFS_CONFFILE);
- xlog_from_conffile("statd");
- out_port = conf_get_num("statd", "outgoing-port", out_port);
- port = conf_get_num("statd", "port", port);
- MY_NAME = conf_get_str("statd", "name");
- if (MY_NAME)
- run_mode |= STATIC_HOSTNAME;
- s = conf_get_str("statd", "state-directory-path");
- if (s && !nsm_setup_pathnames(argv[0], s))
- exit(1);
- s = conf_get_str("statd", "ha-callout");
- if (s)
- ha_callout_prog = s;
-
- nlm_tcp = conf_get_num("lockd", "port", nlm_tcp);
- /* udp defaults to the same as tcp ! */
- nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp);
+ /* Read nfs.conf */
+ read_nfsconf(argv);
/* Process command line switches */
while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:LT:U:", longopts, NULL)) != EOF) {

View File

@ -0,0 +1,37 @@
commit 003000d451833309c963054e58a48fa1df7e767b
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 13:13:03 2020 -0500
exportfs: Ingnore export failures in nfs-server.serivce unit
With some recent commits, exportfs will continue on trying to
export filesystems even when an entry is invalid or does
not exist, but will still have a non-zero exit to report
the error.
This situation should not stop the nfs-server service
from comingup so nfs-server.service file should
ignore these types of failures
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 06c1adb7..b432f910 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -21,13 +21,13 @@ After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStartPre=/usr/sbin/exportfs -r
+ExecStartPre=-/usr/sbin/exportfs -r
ExecStart=/usr/sbin/rpc.nfsd
ExecStop=/usr/sbin/rpc.nfsd 0
ExecStopPost=/usr/sbin/exportfs -au
ExecStopPost=/usr/sbin/exportfs -f
-ExecReload=/usr/sbin/exportfs -r
+ExecReload=-/usr/sbin/exportfs -r
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,13 @@
diff -up nfs-utils-2.3.3/systemd/rpc-statd.service.orig nfs-utils-2.3.3/systemd/rpc-statd.service
--- nfs-utils-2.3.3/systemd/rpc-statd.service.orig 2018-09-06 14:09:08.000000000 -0400
+++ nfs-utils-2.3.3/systemd/rpc-statd.service 2022-08-02 11:02:44.327397404 -0400
@@ -4,7 +4,8 @@ DefaultDependencies=no
Conflicts=umount.target
Requires=nss-lookup.target rpcbind.socket
Wants=network-online.target
-After=network-online.target nss-lookup.target rpcbind.socket
+Wants=rpc-statd-notify.service
+After=network-online.target nss-lookup.target rpcbind.service
PartOf=nfs-utils.service

View File

@ -1,14 +0,0 @@
diff -up nfs-utils-2.4.2/systemd/auth-rpcgss-module.service.orig nfs-utils-2.4.2/systemd/auth-rpcgss-module.service
--- nfs-utils-2.4.2/systemd/auth-rpcgss-module.service.orig 2019-11-13 12:09:41.000000000 -0500
+++ nfs-utils-2.4.2/systemd/auth-rpcgss-module.service 2019-12-18 11:32:04.656735515 -0500
@@ -7,8 +7,8 @@
[Unit]
Description=Kernel Module supporting RPCSEC_GSS
DefaultDependencies=no
-Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
-Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
+Before=gssproxy.service rpc-gssd.service
+Wants=gssproxy.service rpc-gssd.service
ConditionPathExists=/etc/krb5.keytab
[Service]

View File

@ -1,89 +0,0 @@
commit c1c35487aba2cec828d9b8a1be9043000beadea5
Author: Lixiaokeng <lixiaokeng@huawei.com>
Date: Mon Oct 24 13:00:50 2022 -0400
blkmapd: fix coredump in bl_add_disk
The serial->data is not malloced separately (just part of
the serial), so it can't be freed. The bl_serial has its
own free function. Use it.
Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c
index 49935c2e..bd890598 100644
--- a/utils/blkmapd/device-discovery.c
+++ b/utils/blkmapd/device-discovery.c
@@ -187,10 +187,7 @@ static void bl_add_disk(char *filepath)
}
if (disk && diskpath) {
- if (serial) {
- free(serial->data);
- free(serial);
- }
+ bl_free_scsi_string(serial);
return;
}
@@ -228,10 +225,7 @@ static void bl_add_disk(char *filepath)
disk->size = size;
disk->valid_path = path;
}
- if (serial) {
- free(serial->data);
- free(serial);
- }
+ bl_free_scsi_string(serial);
}
return;
@@ -241,10 +235,7 @@ static void bl_add_disk(char *filepath)
free(path->full_path);
free(path);
}
- if (serial) {
- free(serial->data);
- free(serial);
- }
+ bl_free_scsi_string(serial);
return;
}
diff --git a/utils/blkmapd/device-discovery.h b/utils/blkmapd/device-discovery.h
index a86eed99..462aa943 100644
--- a/utils/blkmapd/device-discovery.h
+++ b/utils/blkmapd/device-discovery.h
@@ -151,6 +151,8 @@ uint64_t process_deviceinfo(const char *dev_addr_buf,
extern ssize_t atomicio(ssize_t(*f) (int, void *, size_t),
int fd, void *_s, size_t n);
+extern struct bl_serial *bl_create_scsi_string(int len, const char *bytes);
+extern void bl_free_scsi_string(struct bl_serial *str);
extern struct bl_serial *bldev_read_serial(int fd, const char *filename);
extern enum bl_path_state_e bldev_read_ap_state(int fd);
extern int bl_discover_devices(void);
diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
index c7952c3e..9e5749ef 100644
--- a/utils/blkmapd/device-inq.c
+++ b/utils/blkmapd/device-inq.c
@@ -53,7 +53,7 @@
#define DEF_ALLOC_LEN 255
#define MX_ALLOC_LEN (0xc000 + 0x80)
-static struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
+struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
{
struct bl_serial *s;
@@ -66,7 +66,7 @@ static struct bl_serial *bl_create_scsi_string(int len, const char *bytes)
return s;
}
-static void bl_free_scsi_string(struct bl_serial *str)
+void bl_free_scsi_string(struct bl_serial *str)
{
if (str)
free(str);

View File

@ -1,25 +0,0 @@
diff -up nfs-utils-2.5.4/support/export/client.c.orig nfs-utils-2.5.4/support/export/client.c
--- nfs-utils-2.5.4/support/export/client.c.orig 2021-06-10 14:07:47.000000000 -0400
+++ nfs-utils-2.5.4/support/export/client.c 2023-01-26 11:26:00.279342412 -0500
@@ -699,6 +699,9 @@ check_netgroup(const nfs_client *clp, co
/* check whether the IP itself is in the netgroup */
ip = calloc(INET6_ADDRSTRLEN, 1);
+ if (ip == NULL)
+ goto out;
+
if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
if (innetgr(netgroup, ip, NULL, NULL)) {
free(hname);
diff -up nfs-utils-2.5.4/tools/nfsrahead/main.c.orig nfs-utils-2.5.4/tools/nfsrahead/main.c
--- nfs-utils-2.5.4/tools/nfsrahead/main.c.orig 2023-01-26 11:23:48.941618287 -0500
+++ nfs-utils-2.5.4/tools/nfsrahead/main.c 2023-01-26 11:26:00.279342412 -0500
@@ -167,7 +167,7 @@ int main(int argc, char **argv)
if ((ret = get_device_info(argv[optind], &device)) == 0)
break;
- if (ret != 0) {
+ if (ret != 0 || device.fstype == NULL) {
xlog(D_GENERAL, "unable to find device %s\n", argv[optind]);
goto out;
}

View File

@ -1,199 +0,0 @@
diff --git a/support/export/v4root.c b/support/export/v4root.c
index c12a7d85..826cc219 100644
--- a/support/export/v4root.c
+++ b/support/export/v4root.c
@@ -135,7 +135,7 @@ v4root_support(void)
if (!warned) {
xlog(L_WARNING, "Kernel does not have pseudo root support.");
xlog(L_WARNING, "NFS v4 mounts will be disabled unless fsid=0");
- xlog(L_WARNING, "is specfied in /etc/exports file.");
+ xlog(L_WARNING, "is specified in /etc/exports file.");
warned++;
}
return 0;
diff --git a/systemd/nfs-blkmap.service b/systemd/nfs-blkmap.service
index 6aa45ba1..57181632 100644
--- a/systemd/nfs-blkmap.service
+++ b/systemd/nfs-blkmap.service
@@ -1,5 +1,6 @@
[Unit]
Description=pNFS block layout mapping daemon
+Documentation=man:blkmapd(8)
DefaultDependencies=no
Conflicts=umount.target
After=rpc_pipefs.target
diff --git a/systemd/nfs-idmapd.service b/systemd/nfs-idmapd.service
index f38fe527..bf6f4ded 100644
--- a/systemd/nfs-idmapd.service
+++ b/systemd/nfs-idmapd.service
@@ -1,5 +1,6 @@
[Unit]
Description=NFSv4 ID-name mapping service
+Documentation=man:idmapd(8)
DefaultDependencies=no
Requires=rpc_pipefs.target
After=rpc_pipefs.target local-fs.target
diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service
index e8ece533..4618fab1 100644
--- a/systemd/nfs-mountd.service
+++ b/systemd/nfs-mountd.service
@@ -1,5 +1,6 @@
[Unit]
Description=NFS Mount Daemon
+Documentation=man:rpc.mountd(8)
DefaultDependencies=no
Requires=proc-fs-nfsd.mount
Wants=network-online.target
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 41479169..58bc0917 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -1,5 +1,6 @@
[Unit]
Description=NFS server and services
+Documentation=man:rpc.nfsd(8) man:exportfs(8)
DefaultDependencies=no
Requires=network.target proc-fs-nfsd.mount
Requires=nfs-mountd.service
diff --git a/systemd/nfsdcld.service b/systemd/nfsdcld.service
index a32d2430..3ced5658 100644
--- a/systemd/nfsdcld.service
+++ b/systemd/nfsdcld.service
@@ -1,5 +1,6 @@
[Unit]
Description=NFSv4 Client Tracking Daemon
+Documentation=man:nfsdcld(8)
DefaultDependencies=no
Conflicts=umount.target
Requires=rpc_pipefs.target proc-fs-nfsd.mount
diff --git a/systemd/rpc-gssd.service.in b/systemd/rpc-gssd.service.in
index 6807db35..38382ed3 100644
--- a/systemd/rpc-gssd.service.in
+++ b/systemd/rpc-gssd.service.in
@@ -1,5 +1,6 @@
[Unit]
Description=RPC security service for NFS client and server
+Documentation=man:rpc.gssd(8)
DefaultDependencies=no
Conflicts=umount.target
Requires=rpc_pipefs.target
diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notify.service
index aad4c0d2..962f18b2 100644
--- a/systemd/rpc-statd-notify.service
+++ b/systemd/rpc-statd-notify.service
@@ -1,5 +1,6 @@
[Unit]
Description=Notify NFS peers of a restart
+Documentation=man:sm-notify(8) man:rpc.statd(8)
DefaultDependencies=no
Wants=network-online.target
After=local-fs.target network-online.target nss-lookup.target
diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
index 392750da..660ed861 100644
--- a/systemd/rpc-statd.service
+++ b/systemd/rpc-statd.service
@@ -1,5 +1,6 @@
[Unit]
Description=NFS status monitor for NFSv2/3 locking.
+Documentation=man:rpc.statd(8)
DefaultDependencies=no
Conflicts=umount.target
Requires=nss-lookup.target rpcbind.socket
diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service
index cb2bcd4f..401fba11 100644
--- a/systemd/rpc-svcgssd.service
+++ b/systemd/rpc-svcgssd.service
@@ -1,5 +1,6 @@
[Unit]
Description=RPC security service for NFS server
+Documentation=man:rpc.svcgssd(8)
DefaultDependencies=no
After=local-fs.target
PartOf=nfs-server.service
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 83dd6807..e5fb10f5 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -298,7 +298,7 @@ set.
The
.I nocrossmnt
-option can explictly disable
+option can explicitly disable
.I crossmnt
if it was previously set. This is rarely useful.
.TP
diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
index aa4ac5c3..fd6cb2cb 100644
--- a/utils/mount/mount_libmount.c
+++ b/utils/mount/mount_libmount.c
@@ -442,7 +442,7 @@ int main(int argc, char *argv[])
mnt_init_debug(0);
cxt = mnt_new_context();
if (!cxt) {
- nfs_error(_("Can't initilize libmount: %s"),
+ nfs_error(_("Can't initialize libmount: %s"),
strerror(errno));
rc = EX_FAIL;
goto done;
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index dfc31a5d..fe1ad354 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -967,7 +967,7 @@ Some server features misbehave in the face of a migration-compatible
identification string.
The
.B nomigration
-option retains the use of a traditional client indentification string
+option retains the use of a traditional client identification string
which is compatible with legacy NFS servers.
This is also the behavior if neither option is specified.
A client's open and lock state cannot be migrated transparently
@@ -1810,7 +1810,7 @@ auxiliary services such as the NLM service can choose
any unused port number at random.
.P
Common firewall configurations block the well-known rpcbind port.
-In the absense of an rpcbind service,
+In the absence of an rpcbind service,
the server administrator fixes the port number
of NFS-related services so that the firewall
can allow access to specific NFS service ports.
diff --git a/utils/mount/nfsmount.conf.man b/utils/mount/nfsmount.conf.man
index 73c3e118..7d4a33c9 100644
--- a/utils/mount/nfsmount.conf.man
+++ b/utils/mount/nfsmount.conf.man
@@ -43,7 +43,7 @@ and will be shifted to lower case before being passed to the filesystem.
.PP
Boolean mount options which do not need an equals sign must be given as
.RI \[dq] option =True".
-Instead of preceeding such an option with
+Instead of preceding such an option with
.RB \[dq] no \[dq]
its negation must be given as
.RI \[dq] option =False".
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
index 861f1c49..ee6e9dcf 100644
--- a/utils/nfsdcld/nfsdcld.man
+++ b/utils/nfsdcld/nfsdcld.man
@@ -198,7 +198,7 @@ initialize client tracking in the following order: First, the \fBnfsdcld\fR upc
the \fBnfsdcltrack\fR usermodehelper upcall. Finally, the legacy client tracking.
.PP
This daemon should be run as root, as the pipe that it uses to communicate
-with the kernel is only accessable by root. The daemon however does drop all
+with the kernel is only accessible by root. The daemon however does drop all
superuser capabilities after starting. Because of this, the \fIstoragedir\fR
should be owned by root, and be readable and writable by owner.
.PP
diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man
index cc24b7a2..3905ba46 100644
--- a/utils/nfsdcltrack/nfsdcltrack.man
+++ b/utils/nfsdcltrack/nfsdcltrack.man
@@ -80,7 +80,7 @@ section. For example:
.br
storagedir = /shared/nfs/nfsdcltrack
.in -5
-Debuging to syslog can also be enabled by setting "debug = 1" in this file.
+Debugging to syslog can also be enabled by setting "debug = 1" in this file.
.SH "LEGACY TRANSITION MECHANISM"
.IX Header "LEGACY TRANSITION MECHANISM"
The Linux kernel NFSv4 server has historically tracked this information

View File

@ -1,131 +0,0 @@
diff --git a/support/nfsidmap/nss.c b/support/nfsidmap/nss.c
index 669760b7..0f43076e 100644
--- a/support/nfsidmap/nss.c
+++ b/support/nfsidmap/nss.c
@@ -365,10 +365,8 @@ static int _nss_name_to_gid(char *name, gid_t *gid, int dostrip)
out_buf:
free(buf);
out_name:
- if (dostrip)
- free(localname);
- if (get_reformat_group())
- free(ref_name);
+ free(localname);
+ free(ref_name);
out:
return err;
}
diff --git a/support/nfsidmap/regex.c b/support/nfsidmap/regex.c
index fdbb2e2f..958b4ac8 100644
--- a/support/nfsidmap/regex.c
+++ b/support/nfsidmap/regex.c
@@ -157,6 +157,7 @@ again:
IDMAP_LOG(4, ("regexp_getpwnam: name '%s' mapped to '%s'",
name, localname));
+ free(localname);
*err_p = 0;
return pw;
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 4113cbab..833d8e01 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -1016,7 +1016,7 @@ read_gss_conf(void)
keytabfile = s;
s = conf_get_str("gssd", "cred-cache-directory");
if (s)
- ccachedir = s;
+ ccachedir = strdup(s);
s = conf_get_str("gssd", "preferred-realm");
if (s)
preferred_realm = s;
@@ -1070,7 +1070,8 @@ main(int argc, char *argv[])
keytabfile = optarg;
break;
case 'd':
- ccachedir = optarg;
+ free(ccachedir);
+ ccachedir = strdup(optarg);
break;
case 't':
context_timeout = atoi(optarg);
@@ -1133,7 +1134,6 @@ main(int argc, char *argv[])
}
if (ccachedir) {
- char *ccachedir_copy;
char *ptr;
for (ptr = ccachedir, i = 2; *ptr; ptr++)
@@ -1141,8 +1141,7 @@ main(int argc, char *argv[])
i++;
ccachesearch = malloc(i * sizeof(char *));
- ccachedir_copy = strdup(ccachedir);
- if (!ccachedir_copy || !ccachesearch) {
+ if (!ccachesearch) {
printerr(0, "malloc failure\n");
exit(EXIT_FAILURE);
}
@@ -1274,6 +1273,7 @@ main(int argc, char *argv[])
free(preferred_realm);
free(ccachesearch);
+ free(ccachedir);
return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index c5f1152e..6d059f33 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1129,6 +1129,12 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
*str = '\0';
*ret_princname = strdup(princstring);
*ret_realm = strdup(str+1);
+ if (!*ret_princname || !*ret_realm) {
+ free(*ret_princname);
+ free(*ret_realm);
+ *ret_princname = NULL;
+ *ret_realm = NULL;
+ }
}
k5_free_unparsed_name(context, princstring);
}
@@ -1350,15 +1356,19 @@ gssd_get_krb5_machine_cred_list(char ***list)
if (retval)
continue;
if (i + 1 > listsize) {
+ char **tmplist;
listsize += listinc;
- l = (char **)
+ tmplist = (char **)
realloc(l, listsize * sizeof(char *));
- if (l == NULL) {
+ if (tmplist == NULL) {
+ gssd_free_krb5_machine_cred_list(l);
retval = ENOMEM;
goto out_lock;
}
+ l = tmplist;
}
if ((l[i++] = strdup(ple->ccname)) == NULL) {
+ gssd_free_krb5_machine_cred_list(l);
retval = ENOMEM;
goto out_lock;
}
diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
index 2da97615..752fdb66 100644
--- a/utils/mountd/rmtab.c
+++ b/utils/mountd/rmtab.c
@@ -233,6 +233,9 @@ mountlist_list(void)
m->ml_directory = strdup(rep->r_path);
if (m->ml_hostname == NULL || m->ml_directory == NULL) {
+ free(m->ml_hostname);
+ free(m->ml_directory);
+ free(m);
mountlist_freeall(mlist);
mlist = NULL;
xlog(L_ERROR, "%s: memory allocation failed",

View File

@ -1,251 +0,0 @@
commit 9b1f860a3457328a08395651d029a454e0303454
Author: Scott Mayhew <smayhew@redhat.com>
Date: Fri Mar 15 06:34:52 2024 -0400
gssd: add support for an "allowed-enctypes" option in nfs.conf
Newer kernels have support for newer krb5 encryption types, AES with
SHA2 and Camellia. An NFS client with an "old" kernel can talk to
and NFS server with a "new" kernel and it just works. An NFS client
with a "new" kernel can talk to an NFS server with an "old" kernel, but
that requires some additional configuration (particularly if the NFS
server does have support for the newer encryption types in its userspace
krb5 libraries) that may be unclear and/or burdensome to the admin.
1) If the NFS server has support for the newer encryption types in the
userspace krb5 libraries, but not in the kernel's RPCSEC_GSS code,
then its possible that it also already has "nfs" keys using those
newer encryption types in its keytab. In that case, it's necessary
to regenerate the "nfs" keys without the newer encryption types.
The reason this is necessary is because if the NFS client requests
an "nfs" service ticket from the KDC, and the list of enctypes in
in that TGS-REQ contains a newer encryption type, and the KDC had
previously generated a key for the NFS server using the newer
encryption type, then the resulting service ticket in the TGS-REP
will be using the newer encryption type and the NFS server will not
be able to decrypt it.
2) It is necessary to either modify the permitted_enctypes field of the
krb5.conf or create a custom crypto-policy module (if the
crypto-policies package is being used) on the NFS *client* so that it
does not include the newer encryption types. The reason this is
necessary is because it affects the list of encryption types that
will be present in the RPCSEC_GSS_INIT request that the NFS client
sends to the NFS server. The kernel on the NFS server cannot not
process the request on its own; it has to upcall to gssproxy to do
that... and again if the userspace krb5 libraries on the NFS server
have support for the newer encryption types, then it will select one
of those and the kernel will not be able to import the context when
it gets the downcall. Also note that modifying the permitted_enctypes
field and/or crypto policy has the side effect of impacting everything
krb5 related, not just just NFS.
So add support for an "allowed-enctypes" field in nfs.conf. This allows
the admin to restrict gssd to using a subset of the encryption types
that are supported by the kernel and krb5 libraries. This will remove
the need for steps 1 & 2 above, and will only affect NFS rather than
krb5 as a whole.
For example, for a "new" NFS client talking to an "old" NFS server, the
admin will probably want this in the client's nfs.conf:
allowed-enctypes=aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/nfs.conf b/nfs.conf
index 323f072..23b5f7d 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -23,6 +23,7 @@
# use-gss-proxy=0
# avoid-dns=1
# limit-to-legacy-enctypes=0
+# allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
# context-timeout=0
# rpc-timeout=5
# keytab-file=/etc/krb5.keytab
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index ca9b326..10c731a 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -1232,6 +1232,12 @@ main(int argc, char *argv[])
daemon_init(fg);
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ rc = get_allowed_enctypes();
+ if (rc)
+ exit(EXIT_FAILURE);
+#endif
+
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 2a5384d..c735eff 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -346,6 +346,15 @@ flag.
Equivalent to
.BR -l .
.TP
+.B allowed-enctypes
+Allows you to restrict
+.B rpc.gssd
+to using a subset of the encryption types permitted by the kernel and the krb5
+libraries. This is useful if you need to interoperate with an NFS server that
+does not have support for the newer SHA2 and Camellia encryption types, for
+example. This configuration file option does not have an equivalent
+command-line option.
+.TP
.B context-timeout
Equivalent to
.BR -t .
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4..57b3cf8 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -129,6 +129,7 @@
#include "err_util.h"
#include "gss_util.h"
#include "krb5_util.h"
+#include "conffile.h"
/*
* List of principals from our keytab that we
@@ -155,6 +156,8 @@ static pthread_mutex_t ple_lock = PTHREAD_MUTEX_INITIALIZER;
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
int limit_to_legacy_enctypes = 0;
+krb5_enctype *allowed_enctypes = NULL;
+int num_allowed_enctypes = 0;
#endif
/*==========================*/
@@ -1596,6 +1599,68 @@ out_cred:
}
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+int
+get_allowed_enctypes(void)
+{
+ struct conf_list *allowed_etypes = NULL;
+ struct conf_list_node *node;
+ char *buf = NULL, *old = NULL;
+ int len, ret = 0;
+
+ allowed_etypes = conf_get_list("gssd", "allowed-enctypes");
+ if (allowed_etypes) {
+ TAILQ_FOREACH(node, &(allowed_etypes->fields), link) {
+ allowed_enctypes = realloc(allowed_enctypes,
+ (num_allowed_enctypes + 1) *
+ sizeof(*allowed_enctypes));
+ if (allowed_enctypes == NULL) {
+ ret = ENOMEM;
+ goto out_err;
+ }
+ ret = krb5_string_to_enctype(node->field,
+ &allowed_enctypes[num_allowed_enctypes]);
+ if (ret) {
+ printerr(0, "%s: invalid enctype %s",
+ __func__, node->field);
+ goto out_err;
+ }
+ if (get_verbosity() > 1) {
+ if (buf == NULL) {
+ len = asprintf(&buf, "%s(%d)", node->field,
+ allowed_enctypes[num_allowed_enctypes]);
+ if (len < 0) {
+ ret = ENOMEM;
+ goto out_err;
+ }
+ } else {
+ old = buf;
+ len = asprintf(&buf, "%s,%s(%d)", old, node->field,
+ allowed_enctypes[num_allowed_enctypes]);
+ if (len < 0) {
+ ret = ENOMEM;
+ goto out_err;
+ }
+ free(old);
+ old = NULL;
+ }
+ }
+ num_allowed_enctypes++;
+ }
+ printerr(2, "%s: allowed_enctypes = %s", __func__, buf);
+ }
+ goto out;
+out_err:
+ num_allowed_enctypes = 0;
+ free(allowed_enctypes);
+out:
+ free(buf);
+ if (old != buf)
+ free(old);
+ if (allowed_etypes)
+ conf_free_list(allowed_etypes);
+ return ret;
+}
+
/*
* this routine obtains a credentials handle via gss_acquire_cred()
* then calls gss_krb5_set_allowable_enctypes() to limit the encryption
@@ -1619,6 +1684,10 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
extern int num_krb5_enctypes;
extern krb5_enctype *krb5_enctypes;
+ extern int num_allowed_enctypes;
+ extern krb5_enctype *allowed_enctypes;
+ int num_set_enctypes;
+ krb5_enctype *set_enctypes;
int err = -1;
if (sec->cred == GSS_C_NO_CREDENTIAL) {
@@ -1631,12 +1700,26 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
* If we failed for any reason to produce global
* list of supported enctypes, use local default here.
*/
- if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
- maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
- &krb5oid, num_enctypes, enctypes);
- else
- maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
- &krb5oid, num_krb5_enctypes, krb5_enctypes);
+ if (krb5_enctypes == NULL || limit_to_legacy_enctypes ||
+ allowed_enctypes) {
+ if (allowed_enctypes) {
+ printerr(2, "%s: using allowed enctypes from config\n",
+ __func__);
+ num_set_enctypes = num_allowed_enctypes;
+ set_enctypes = allowed_enctypes;
+ } else {
+ printerr(2, "%s: using legacy enctypes\n", __func__);
+ num_set_enctypes = num_enctypes;
+ set_enctypes = enctypes;
+ }
+ } else {
+ printerr(2, "%s: using enctypes from the kernel\n", __func__);
+ num_set_enctypes = num_krb5_enctypes;
+ set_enctypes = krb5_enctypes;
+ }
+
+ maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
+ &krb5oid, num_set_enctypes, set_enctypes);
if (maj_stat != GSS_S_COMPLETE) {
pgsserr("gss_set_allowable_enctypes",
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef8701..40ad323 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -27,6 +27,7 @@ int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
int limit_krb5_enctypes(struct rpc_gss_sec *sec);
+int get_allowed_enctypes(void);
#endif
/*

View File

@ -1,239 +0,0 @@
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
index 27368ff2..4379b14d 100644
--- a/aclocal/libtirpc.m4
+++ b/aclocal/libtirpc.m4
@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
[Define to 1 if your tirpc library provides libtirpc_set_debug])],,
[${LIBS}])])
+ AS_IF([test -n "${LIBTIRPC}"],
+ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
+ [${LIBS}])])
AC_SUBST([AM_CPPFLAGS])
AC_SUBST(LIBTIRPC)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index ae568f15..7629de0b 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -70,6 +70,9 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <syscall.h>
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+#include <rpc/rpcsec_gss.h>
+#endif
#include "gssd.h"
#include "err_util.h"
@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
struct timeval timeout;
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
socklen_t salen;
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ rpc_gss_options_req_t req;
+ rpc_gss_options_ret_t ret;
+ char mechanism[] = "kerberos_v5";
+#endif
pthread_t tid = pthread_self();
sec.qop = GSS_C_QOP_DEFAULT;
@@ -410,15 +418,43 @@ create_auth_rpc_client(struct clnt_info *clp,
printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
tid, tgtname);
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ memset(&req, 0, sizeof(req));
+ req.my_cred = sec.cred;
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
+ rpcsec_gss_svc_none, NULL, &req, &ret);
+#else
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+#endif
if (!auth) {
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ printerr(2, "WARNING: server=%s failed context "
+ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
+ clp->servername);
+ if (cred == GSS_C_NO_CREDENTIAL)
+ retval = gssd_refresh_krb5_machine_credential(clp->servername,
+ "*", NULL, 1);
+ else
+ retval = gssd_k5_remove_bad_service_cred(clp->servername);
+ if (!retval) {
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname,
+ mechanism, rpcsec_gss_svc_none,
+ NULL, &req, &ret);
+ if (auth)
+ goto success;
+ }
+ }
+#endif
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
-
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+success:
+#endif
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
@@ -571,7 +607,7 @@ krb5_use_machine_creds(struct clnt_info *clp, uid_t uid,
do {
gssd_refresh_krb5_machine_credential(clp->servername,
- service, srchost);
+ service, srchost, 0);
/*
* Get a list of credential cache names and try each
* of them until one works or we've tried them all
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index e3f270e9..6f66ef4f 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -165,7 +165,7 @@ static int select_krb5_ccache(const struct dirent *d);
static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
const char **cctype, struct dirent **d);
static int gssd_get_single_krb5_cred(krb5_context context,
- krb5_keytab kt, struct gssd_k5_kt_princ *ple);
+ krb5_keytab kt, struct gssd_k5_kt_princ *ple, int force_renew);
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
char **ret_realm);
@@ -391,7 +391,8 @@ gssd_check_if_cc_exists(struct gssd_k5_kt_princ *ple)
static int
gssd_get_single_krb5_cred(krb5_context context,
krb5_keytab kt,
- struct gssd_k5_kt_princ *ple)
+ struct gssd_k5_kt_princ *ple,
+ int force_renew)
{
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS
krb5_get_init_creds_opt *init_opts = NULL;
@@ -421,7 +422,7 @@ gssd_get_single_krb5_cred(krb5_context context,
*/
now += 300;
pthread_mutex_lock(&ple_lock);
- if (ple->ccname && ple->endtime > now && !nocache) {
+ if (ple->ccname && ple->endtime > now && !nocache && !force_renew) {
printerr(3, "%s(0x%lx): Credentials in CC '%s' are good until %s",
__func__, tid, ple->ccname, ctime((time_t *)&ple->endtime));
code = 0;
@@ -1155,7 +1156,8 @@ err_cache:
static int
gssd_refresh_krb5_machine_credential_internal(char *hostname,
struct gssd_k5_kt_princ *ple,
- char *service, char *srchost)
+ char *service, char *srchost,
+ int force_renew)
{
krb5_error_code code = 0;
krb5_context context;
@@ -1221,7 +1223,7 @@ gssd_refresh_krb5_machine_credential_internal(char *hostname,
goto out_free_kt;
}
}
- retval = gssd_get_single_krb5_cred(context, kt, ple);
+ retval = gssd_get_single_krb5_cred(context, kt, ple, force_renew);
out_free_kt:
krb5_kt_close(context, kt);
out_free_context:
@@ -1344,7 +1346,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
pthread_mutex_unlock(&ple_lock);
/* Make sure cred is up-to-date before returning it */
retval = gssd_refresh_krb5_machine_credential_internal(NULL, ple,
- NULL, NULL);
+ NULL, NULL, 0);
pthread_mutex_lock(&ple_lock);
if (gssd_k5_kt_princ_list == NULL) {
/* Looks like we did shutdown... abort */
@@ -1456,10 +1458,12 @@ gssd_destroy_krb5_principals(int destroy_machine_creds)
*/
int
gssd_refresh_krb5_machine_credential(char *hostname,
- char *service, char *srchost)
+ char *service, char *srchost,
+ int force_renew)
{
return gssd_refresh_krb5_machine_credential_internal(hostname, NULL,
- service, srchost);
+ service, srchost,
+ force_renew);
}
/*
@@ -1549,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
+/* Removed a service ticket for nfs/<name> from the ticket cache
+ */
+int
+gssd_k5_remove_bad_service_cred(char *name)
+{
+ krb5_creds in_creds, out_creds;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache cache;
+ krb5_principal principal;
+ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+ char srvname[1024];
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ goto out_cred;
+ ret = krb5_cc_default(context, &cache);
+ if (ret)
+ goto out_free_context;
+ ret = krb5_cc_get_principal(context, cache, &principal);
+ if (ret)
+ goto out_close_cache;
+ memset(&in_creds, 0, sizeof(in_creds));
+ in_creds.client = principal;
+ sprintf(srvname, "nfs/%s", name);
+ ret = krb5_parse_name(context, srvname, &in_creds.server);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
+out_free_principal:
+ krb5_free_principal(context, principal);
+out_close_cache:
+ krb5_cc_close(context, cache);
+out_free_context:
+ krb5_free_context(context);
+out_cred:
+ return ret;
+}
+
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 2415205a..7ef87018 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -16,11 +16,13 @@ int gssd_get_krb5_machine_cred_list(char ***list);
void gssd_free_krb5_machine_cred_list(char **list);
void gssd_destroy_krb5_principals(int destroy_machine_creds);
int gssd_refresh_krb5_machine_credential(char *hostname,
- char *service, char *srchost);
+ char *service, char *srchost,
+ int force_renew);
char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
+int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;

View File

@ -1,33 +0,0 @@
commit cfe41d6f06af0e7744c1ca30503f93d28aca4d8b
Author: NeilBrown <neilb@suse.de>
Date: Tue Sep 21 12:47:10 2021 -0400
gssd: fix crash in debug message.
A recent cleanup of debug messages added func and tid format specifiers
to a debug message (when full hostname was different), but the func name
and tid were NOT added as arguments.
Consequently there weren't enough args, random bytes of the stack were
interpreted as a pointer, and rpc.gssd crashed (when -v was specified).
Fixes: b538862a5135 ("gssd: Cleaned up debug messages")
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6d059f33..e3f270e9 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -673,8 +673,8 @@ get_full_hostname(const char *inhost, char *outhost, int outhostlen)
*c = tolower(*c);
if (get_verbosity() && strcmp(inhost, outhost))
- printerr(1, "%s(0x%0lx): inhost '%s' different than outhost'%s'\n",
- inhost, outhost);
+ printerr(1, "%s(0x%0lx): inhost '%s' different than outhost '%s'\n",
+ __func__, tid, inhost, outhost);
retval = 0;
out:

View File

@ -1,110 +0,0 @@
commit 75b04a9bff709a49f55326b439851822dd630be6
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Mon Oct 16 11:45:54 2023 -0400
gssd: fix handling DNS lookup failure
When the kernel does its first ever lookup for a given server ip it
sends down info for server, protocol, etc. On the gssd side as it
scans the pipefs structure and sees a new entry it reads that info
and creates a clp_info structure. At that time it also does
a DNS lookup of the provided ip to name using getnameinfo(),
this is saved in clp->servername for all other upcalls that is
down under that directory.
If this 1st getnameinfo() results in a failed resolution for
whatever reason (a temporary DNS resolution problem), this cause
of all other future upcalls to fail.
As a fix, this patch proposed to (1) save the server info that's
passed only in the initial pipefs new entry creation in the
clp_info structure, then (2) for the upcalls, if clp->servername
is NULL, then do the DNS lookup again and set all the needed
clp_info fields upon successful resolution.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 833d8e0..ca9b326 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -365,6 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
fail:
printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
+ clp->upcall_address = strdup(address);
+ clp->upcall_port = strdup(port);
+ clp->upcall_program = program;
+ clp->upcall_vers = version;
+ clp->upcall_protoname = strdup(protoname);
+ clp->upcall_service = strdup(service);
free(servername);
free(protoname);
clp->servicename = NULL;
@@ -408,6 +414,16 @@ gssd_free_client(struct clnt_info *clp)
free(clp->servicename);
free(clp->servername);
free(clp->protocol);
+ if (!clp->servername) {
+ if (clp->upcall_address)
+ free(clp->upcall_address);
+ if (clp->upcall_port)
+ free(clp->upcall_port);
+ if (clp->upcall_protoname)
+ free(clp->upcall_protoname);
+ if (clp->upcall_service)
+ free(clp->upcall_service);
+ }
free(clp);
}
@@ -446,6 +462,31 @@ gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
{
struct clnt_info *clp = data;
+ /* if there was a failure to translate IP to name for this server,
+ * try again
+ */
+ if (!clp->servername) {
+ if (!gssd_addrstr_to_sockaddr((struct sockaddr *)&clp->addr,
+ clp->upcall_address, clp->upcall_port ?
+ clp->upcall_port : "")) {
+ goto do_upcall;
+ }
+ clp->servername = gssd_get_servername(clp->upcall_address,
+ (struct sockaddr *)&clp->addr, clp->upcall_address);
+ if (!clp->servername)
+ goto do_upcall;
+
+ if (asprintf(&clp->servicename, "%s@%s", clp->upcall_service,
+ clp->servername) < 0) {
+ free(clp->servername);
+ clp->servername = NULL;
+ goto do_upcall;
+ }
+ clp->prog = clp->upcall_program;
+ clp->vers = clp->upcall_vers;
+ clp->protocol = strdup(clp->upcall_protoname);
+ }
+do_upcall:
handle_gssd_upcall(clp);
}
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index 519dc43..4e070ed 100644
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -86,6 +86,12 @@ struct clnt_info {
int gssd_fd;
struct event *gssd_ev;
struct sockaddr_storage addr;
+ char *upcall_address;
+ char *upcall_port;
+ int upcall_program;
+ int upcall_vers;
+ char *upcall_protoname;
+ char *upcall_service;
};
struct clnt_upcall_info {

View File

@ -1,32 +0,0 @@
commit 92995e0d38dc00e930c562cf936220f83c09d082
Author: Paulo Andrade <pandrade@redhat.com>
Date: Tue Jul 23 12:03:30 2024 -0400
rpc-gssd.service has status failed (due to rpc.gssd segfault)
Ensure strings are not NULL before doing a strdup() in error path.
Fixes: https://issues.redhat.com/browse/RHEL-43286
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index d7a28225..01ce7d18 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -365,12 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
fail:
printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
- clp->upcall_address = strdup(address);
- clp->upcall_port = strdup(port);
+ clp->upcall_address = address ? strdup(address) : NULL;
+ clp->upcall_port = port ? strdup(port) : NULL;
clp->upcall_program = program;
clp->upcall_vers = version;
- clp->upcall_protoname = strdup(protoname);
- clp->upcall_service = strdup(service);
+ clp->upcall_protoname = protoname ? strdup(protoname) : NULL;
+ clp->upcall_service = service ? strdup(service) : NULL;
free(servername);
free(protoname);
clp->servicename = NULL;

View File

@ -1,69 +0,0 @@
commit cdbef4e97a1cbc68cbaf16ba57d71858d2c69973
Author: Jeff Layton <jlayton@kernel.org>
Date: Tue Jan 10 09:37:25 2023 -0500
nfs-utils: Don't allow junction tests to trigger automounts
JianHong reported some strange behavior with automounts on an nfs server
without an explicit pseudoroot. When clients issued a readdir in the
pseudoroot, automounted directories that were not yet mounted would show
up even if they weren't exported, though the clients wouldn't be able to
do anything with them.
The issue was that triggering the automount on a directory would cause
the mountd upcall to time out, which would cause nfsd to include the
automounted dentry in the readdir response. Eventually, the automount
would work and report that it wasn't exported and subsequent attempts to
access the dentry would (properly) fail.
We never want mountd to trigger an automount. The kernel should do that
if it wants to use it. Change the junction checks to do an O_PATH open
and use fstatat with AT_NO_AUTOMOUNT.
Cc: Chuck Lever <chuck.lever@oracle.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
Reported-by: JianHong Yin <jiyin@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/junction/junction.c b/support/junction/junction.c
index 41cce26..0628bb0 100644
--- a/support/junction/junction.c
+++ b/support/junction/junction.c
@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
{
struct stat stb;
- if (fstat(fd, &stb) == -1) {
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
xlog(D_GENERAL, "%s: failed to stat %s: %m",
__func__, path);
return FEDFS_ERR_ACCESS;
@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
{
struct stat stb;
- if (fstat(fd, &stb) == -1) {
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
xlog(D_GENERAL, "%s: failed to stat %s: %m",
__func__, path);
return FEDFS_ERR_ACCESS;
@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
{
struct stat stb;
- if (fstat(fd, &stb) == -1) {
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
xlog(D_GENERAL, "%s: failed to stat %s: %m",
__func__, path);
return FEDFS_ERR_ACCESS;
@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
if (retval != FEDFS_OK)
return retval;
- if (fstat(fd, &stb) == -1) {
+ if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
xlog(D_GENERAL, "%s: failed to stat %s: %m",
__func__, pathname);
(void)close(fd);

View File

@ -1,23 +0,0 @@
diff -up nfs-utils-2.5.4/systemd/nfs.conf.man.orig nfs-utils-2.5.4/systemd/nfs.conf.man
--- nfs-utils-2.5.4/systemd/nfs.conf.man.orig 2023-06-06 09:51:19.931377748 -0400
+++ nfs-utils-2.5.4/systemd/nfs.conf.man 2023-06-06 11:21:47.490616649 -0400
@@ -131,8 +131,9 @@ but on the server, this will resolve to
.TP
.B exportd
Recognized values:
+.BR manage-gids ,
.BR threads ,
-.BR cache-use-upaddr ,
+.BR cache-use-ipaddr ,
.BR ttl ,
.BR state-directory-path
@@ -197,7 +198,7 @@ Recognized values:
.BR port ,
.BR threads ,
.BR reverse-lookup ,
-.BR cache-use-upaddr ,
+.BR cache-use-ipaddr ,
.BR ttl ,
.BR state-directory-path ,
.BR ha-callout .

View File

@ -1,32 +0,0 @@
commit c547ad481dca5bc0b0a2e365ebcff3439848f664
Author: Rohan Sable <rsable@redhat.com>
Date: Mon Feb 14 11:15:22 2022 -0500
mount.nfs Fix error reporting for already mounted shares
When mount is triggered for an already mounted
share (using auto negotiation), it displays
"mount.nfs: Protocol not supported" or
"mount.nfs: access denied by server while mounting"
instead of EBUSY. This easily causes confusion if
the mount was not tried verbose :
Signed-off-by: Rohan Sable <rsable@redhat.com>
Signed-off-by: Yongcheng Yang <yoyang@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
index 3c4e218a..573df6ee 100644
--- a/utils/mount/stropts.c
+++ b/utils/mount/stropts.c
@@ -973,7 +973,9 @@ fall_back:
if ((result = nfs_try_mount_v3v2(mi, FALSE)))
return result;
- errno = olderrno;
+ if (errno != EBUSY && errno != EACCES)
+ errno = olderrno;
+
return result;
}

View File

@ -1,30 +0,0 @@
commit 608591ddf1ee59c4dda82ceca3f27c90486c5618
Author: Yongcheng Yang <yongcheng.yang@gmail.com>
Date: Wed Apr 5 12:11:53 2023 -0400
nfsmount.conf: Fix typo of the attribute name
Signed-off-by: Yongcheng Yang <yongcheng.yang@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfsmount.conf b/utils/mount/nfsmount.conf
index 342063f..c498eb8 100644
--- a/utils/mount/nfsmount.conf
+++ b/utils/mount/nfsmount.conf
@@ -59,13 +59,13 @@
# acregmin=30
#
# The Maximum time (in seconds) file attributes are cached
-# acregmin=60
+# acregmax=60
#
# The minimum time (in seconds) directory attributes are cached
-# acregmin=30
+# acdirmin=30
#
# The Maximum time (in seconds) directory attributes are cached
-# acregmin=60
+# acdirmax=60
#
# Enable Access Control Lists
# Acl=False

View File

@ -1,253 +0,0 @@
diff --git a/nfs.conf b/nfs.conf
index 8c714ff7..21d3e7b2 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -68,7 +68,6 @@
# lease-time=90
# udp=n
# tcp=y
-# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
index 4436a38a..be487a11 100644
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -171,7 +171,6 @@ Recognized values:
.BR lease-time ,
.BR udp ,
.BR tcp ,
-.BR vers2 ,
.BR vers3 ,
.BR vers4 ,
.BR vers4.0 ,
diff --git a/utils/mount/configfile.c b/utils/mount/configfile.c
index 3d3684ef..1d88cbfc 100644
--- a/utils/mount/configfile.c
+++ b/utils/mount/configfile.c
@@ -71,7 +71,7 @@ struct mnt_alias {
int mnt_alias_sz = (sizeof(mnt_alias_tab)/sizeof(mnt_alias_tab[0]));
static const char *version_keys[] = {
- "v2", "v3", "v4", "vers", "nfsvers", "minorversion", NULL
+ "v3", "v4", "vers", "nfsvers", "minorversion", NULL
};
static int strict;
diff --git a/utils/mount/mount.nfs.man b/utils/mount/mount.nfs.man
index 0409c96f..a78a3b0d 100644
--- a/utils/mount/mount.nfs.man
+++ b/utils/mount/mount.nfs.man
@@ -27,7 +27,7 @@ can mount all NFS file system versions. Under earlier Linux kernel versions,
.BR mount.nfs4
must be used for mounting NFSv4 file systems while
.BR mount.nfs
-must be used for NFSv3 and v2.
+must be used for NFSv3.
.SH OPTIONS
.TP
diff --git a/utils/mount/network.c b/utils/mount/network.c
index e803dbbe..0d80d08c 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -97,7 +97,7 @@ static const char *nfs_transport_opttbl[] = {
};
static const char *nfs_version_opttbl[] = {
- "v2",
+ "v2", /* no longer supported */
"v3",
"v4",
"vers",
@@ -1290,7 +1290,7 @@ nfs_nfs_version(char *type, struct mount_options *options, struct nfs_version *v
else if (found < 0)
return 1;
else if (found <= 2 ) {
- /* v2, v3, v4 */
+ /* v3, v4 */
version_val = version_key + 1;
version->v_mode = V_SPECIFIC;
} else if (found > 2 ) {
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index f1b76936..83365a37 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -12,7 +12,7 @@ created by Sun Microsystems in 1984. NFS was developed
to allow file sharing between systems residing
on a local area network.
Depending on kernel configuration, the Linux NFS client may
-support NFS versions 2, 3, 4.0, 4.1, or 4.2.
+support NFS versions 3, 4.0, 4.1, or 4.2.
.P
The
.BR mount (8)
@@ -941,11 +941,6 @@ file. See
.BR nfsmount.conf(5)
for details.
.SH EXAMPLES
-To mount an export using NFS version 2,
-use the
-.B nfs
-file system type and specify the
-.B nfsvers=2
mount option.
To mount using NFS version 3,
use the
@@ -972,13 +967,6 @@ reasonable defaults for NFS behavior.
server:/export /mnt nfs defaults 0 0
.fi
.P
-Here is an example from an /etc/fstab file for an NFS version 2 mount over UDP.
-.P
-.nf
-.ta 8n +16n +6n +6n +30n
- server:/export /mnt nfs nfsvers=2,proto=udp 0 0
-.fi
-.P
This example shows how to mount using NFS version 4 over TCP
with Kerberos 5 mutual authentication.
.P
@@ -1071,7 +1059,7 @@ and
can safely be allowed to default to the largest values supported by
both client and server, independent of the network's MTU size.
.SS "Using the mountproto mount option"
-This section applies only to NFS version 2 and version 3 mounts
+This section applies only to NFS version 3 mounts
since NFS version 4 does not use a separate protocol for mount
requests.
.P
@@ -1474,7 +1462,7 @@ the use of the
mount option.
.SS "Using file locks with NFS"
The Network Lock Manager protocol is a separate sideband protocol
-used to manage file locks in NFS version 2 and version 3.
+used to manage file locks in NFS version 3.
To support lock recovery after a client or server reboot,
a second sideband protocol --
known as the Network Status Manager protocol --
@@ -1894,8 +1882,6 @@ RFC 768 for the UDP specification.
.br
RFC 793 for the TCP specification.
.br
-RFC 1094 for the NFS version 2 specification.
-.br
RFC 1813 for the NFS version 3 specification.
.br
RFC 1832 for the XDR specification.
diff --git a/utils/mount/nfsmount.conf b/utils/mount/nfsmount.conf
index 6bdc225a..342063f7 100644
--- a/utils/mount/nfsmount.conf
+++ b/utils/mount/nfsmount.conf
@@ -28,7 +28,7 @@
# This statically named section defines global mount
# options that can be applied on all NFS mount.
#
-# Protocol Version [2,3,4]
+# Protocol Version [3,4]
# This defines the default protocol version which will
# be used to start the negotiation with the server.
# Defaultvers=4
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
index fa67a66f..3c4e218a 100644
--- a/utils/mount/stropts.c
+++ b/utils/mount/stropts.c
@@ -357,6 +357,7 @@ static int nfs_insert_sloppy_option(struct mount_options *options)
static int nfs_set_version(struct nfsmount_info *mi)
{
+
if (!nfs_nfs_version(mi->type, mi->options, &mi->version))
return 0;
@@ -1016,7 +1017,6 @@ static int nfs_try_mount(struct nfsmount_info *mi)
}
switch (mi->version.major) {
- case 2:
case 3:
result = nfs_try_mount_v3v2(mi, FALSE);
break;
@@ -1247,6 +1247,14 @@ static int nfsmount_start(struct nfsmount_info *mi)
if (!nfs_validate_options(mi))
return EX_FAIL;
+ /*
+ * NFS v2 has been deprecated
+ */
+ if (mi->version.major == 2) {
+ mount_error(mi->spec, mi->node, EOPNOTSUPP);
+ return EX_FAIL;
+ }
+
/*
* Avoid retry and negotiation logic when remounting
*/
diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
index 77e6299a..a206a3e2 100644
--- a/utils/mountd/mountd.man
+++ b/utils/mountd/mountd.man
@@ -286,10 +286,9 @@ The values recognized in the
section include
.BR TCP ,
.BR UDP ,
-.BR vers2 ,
.BR vers3 ", and"
.B vers4
-which each have same same meaning as given by
+which each have the same meaning as given by
.BR rpc.nfsd (8).
.SH TCP_WRAPPERS SUPPORT
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index b0741718..4016a761 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -226,7 +226,6 @@ main(int argc, char **argv)
}
/* FALLTHRU */
case 3:
- case 2:
NFSCTL_VERUNSET(versbits, c);
break;
default:
@@ -251,7 +250,6 @@ main(int argc, char **argv)
minorvers = minorversset = minormask;
/* FALLTHRU */
case 3:
- case 2:
NFSCTL_VERSET(versbits, c);
break;
default:
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
index 2701ba78..634b8a63 100644
--- a/utils/nfsd/nfsd.man
+++ b/utils/nfsd/nfsd.man
@@ -57,7 +57,7 @@ This option can be used to request that
.B rpc.nfsd
does not offer certain versions of NFS. The current version of
.B rpc.nfsd
-can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.
+can support major NFS versions 3,4 and the minor versions 4.0, 4.1 and 4.2.
.TP
.B \-s " or " \-\-syslog
By default,
@@ -84,7 +84,7 @@ This option can be used to request that
.B rpc.nfsd
offer certain versions of NFS. The current version of
.B rpc.nfsd
-can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.
+can support major NFS versions 3,4 and the minor versions 4.0, 4.1 and 4.2.
.TP
.B \-L " or " \-\-lease-time seconds
Set the lease-time used for NFSv4. This corresponds to how often
@@ -156,8 +156,6 @@ Enable (with "on" or "yes" etc) or disable ("off", "no") UDP support.
.B TCP
Enable or disable TCP support.
.TP
-.B vers2
-.TP
.B vers3
.TP
.B vers4

View File

@ -1,27 +0,0 @@
commit ea536a2e641664c8ea439e5e571e757785f587c9
Author: Zhi Li <yieli@redhat.com>
Date: Mon Oct 24 13:31:41 2022 -0400
mount.nfs: fix NULL pointer derefernce in nfs_parse_square_bracket
In function nfs_parse_square_bracket, hostname could be NULL,
dereferencing it in free(*hostname) may cause an unexpected segfault.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2136807
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/parse_dev.c b/utils/mount/parse_dev.c
index 0d3bcb95..2ade5d5d 100644
--- a/utils/mount/parse_dev.c
+++ b/utils/mount/parse_dev.c
@@ -170,7 +170,8 @@ static int nfs_parse_square_bracket(const char *dev,
if (pathname) {
*pathname = strndup(cbrace, path_len);
if (*pathname == NULL) {
- free(*hostname);
+ if (hostname)
+ free(*hostname);
return nfs_pdn_nomem_err();
}
}

View File

@ -1,69 +0,0 @@
commit 4dd8d833c9350d42528ada0fd65aee41b712f41d
Author: Steve Dickson <steved@redhat.com>
Date: Tue Jul 20 17:14:04 2021 -0400
mount.nfs: Fix the sloppy option processing
The new mount API broke how the sloppy option is parsed.
So the option processing needs to be moved up in
the mount.nfs command.
The option needs to be the first option in the string
that is passed into the kernel with the -s mount(8)
and/or the -o sloppy is used.
Commit 92b664ef fixed the process of the -s flag
and this version fixes the -o sloppy processing
as well works when libmount-mount is and is not
enabled plus cleans up the mount options passed
to the kernel.
Reviewed-and-tested-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index f98cb47d..f1b76936 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -555,6 +555,13 @@ using the FS-Cache facility. See cachefilesd(8)
and <kernel_source>/Documentation/filesystems/caching
for detail on how to configure the FS-Cache facility.
Default value is nofsc.
+.TP 1.5i
+.B sloppy
+The
+.B sloppy
+option is an alternative to specifying
+.BR mount.nfs " -s " option.
+
.SS "Options for NFS versions 2 and 3 only"
Use these options, along with the options in the above subsection,
for NFS versions 2 and 3 only.
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
index 82b054a5..fa67a66f 100644
--- a/utils/mount/stropts.c
+++ b/utils/mount/stropts.c
@@ -339,11 +339,19 @@ static int nfs_verify_lock_option(struct mount_options *options)
static int nfs_insert_sloppy_option(struct mount_options *options)
{
- if (!sloppy || linux_version_code() < MAKE_VERSION(2, 6, 27))
+ if (linux_version_code() < MAKE_VERSION(2, 6, 27))
return 1;
- if (po_insert(options, "sloppy") == PO_FAILED)
- return 0;
+ if (po_contains(options, "sloppy")) {
+ po_remove_all(options, "sloppy");
+ sloppy++;
+ }
+
+ if (sloppy) {
+ if (po_insert(options, "sloppy") == PO_FAILED)
+ return 0;
+ }
+
return 1;
}

View File

@ -1,26 +0,0 @@
commit d4de031fbb2d797ec9e738deda50feec97db7593
Author: Steve Dickson <steved@redhat.com>
Date: Fri Oct 28 10:56:36 2022 -0400
nfsd.man: Explain that setting nfsv4=n turns off all v4 versions
Update the man page to explicitly say setting
nfsv4=n turns off all v4 versions
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
index 634b8a63..bb99fe2b 100644
--- a/utils/nfsd/nfsd.man
+++ b/utils/nfsd/nfsd.man
@@ -159,7 +159,9 @@ Enable or disable TCP support.
.B vers3
.TP
.B vers4
-Enable or disable a major NFS version. 3 and 4 are normally enabled
+Enable or disable
+.B all
+NFSv4 versions. All versions are normally enabled
by default.
.TP
.B vers4.1

View File

@ -1,86 +0,0 @@
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c.orig nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c
--- nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c.orig 2021-06-10 14:07:47.000000000 -0400
+++ nfs-utils-2.5.4/utils/nfsdcltrack/nfsdcltrack.c 2021-08-18 13:44:11.839124879 -0400
@@ -507,7 +507,7 @@ cltrack_gracedone(const char *timestr)
{
int ret;
char *tail;
- time_t gracetime;
+ uint64_t gracetime;
ret = sqlite_prepare_dbh(storagedir);
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c.orig nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c
--- nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c.orig 2021-06-10 14:07:47.000000000 -0400
+++ nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.c 2021-08-18 13:48:16.264408309 -0400
@@ -48,6 +48,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <sqlite3.h>
+#include <stdint.h>
#include <linux/limits.h>
#include "xlog.h"
@@ -539,7 +540,7 @@ out_err:
* remove any client records that were not reclaimed since grace_start.
*/
int
-sqlite_remove_unreclaimed(time_t grace_start)
+sqlite_remove_unreclaimed(uint64_t grace_start)
{
int ret;
char *err = NULL;
diff -up nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h.orig nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h
--- nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h.orig 2021-06-10 14:07:47.000000000 -0400
+++ nfs-utils-2.5.4/utils/nfsdcltrack/sqlite.h 2021-08-18 13:44:11.839124879 -0400
@@ -26,7 +26,7 @@ int sqlite_insert_client(const unsigned
int sqlite_remove_client(const unsigned char *clname, const size_t namelen);
int sqlite_check_client(const unsigned char *clname, const size_t namelen,
const bool has_session);
-int sqlite_remove_unreclaimed(const time_t grace_start);
+int sqlite_remove_unreclaimed(const uint64_t grace_start);
int sqlite_query_reclaiming(const time_t grace_start);
#endif /* _SQLITE_H */
diff --git a/utils/nfsdcltrack/nfsdcltrack.c b/utils/nfsdcltrack/nfsdcltrack.c
index 2f8bea81..7c1c4bcc 100644
--- a/utils/nfsdcltrack/nfsdcltrack.c
+++ b/utils/nfsdcltrack/nfsdcltrack.c
@@ -33,6 +33,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <inttypes.h>
#include <unistd.h>
#include <libgen.h>
#include <sys/inotify.h>
@@ -525,7 +526,7 @@ cltrack_gracedone(const char *timestr)
if (*tail)
return -EINVAL;
- xlog(D_GENERAL, "%s: grace done. gracetime=%ld", __func__, gracetime);
+ xlog(D_GENERAL, "%s: grace done. gracetime=%"PRIu64, __func__, gracetime);
ret = sqlite_remove_unreclaimed(gracetime);
diff --git a/utils/nfsdcltrack/sqlite.c b/utils/nfsdcltrack/sqlite.c
index b6573544..78c22af8 100644
--- a/utils/nfsdcltrack/sqlite.c
+++ b/utils/nfsdcltrack/sqlite.c
@@ -46,6 +46,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <inttypes.h>
#include <unistd.h>
#include <sqlite3.h>
#include <stdint.h>
@@ -545,7 +546,7 @@ sqlite_remove_unreclaimed(uint64_t grace_start)
int ret;
char *err = NULL;
- ret = snprintf(buf, sizeof(buf), "DELETE FROM clients WHERE time < %ld",
+ ret = snprintf(buf, sizeof(buf), "DELETE FROM clients WHERE time < %"PRIu64,
grace_start);
if (ret < 0) {
return ret;

View File

@ -1,37 +0,0 @@
commit 28deb4f398363e4e75ea41ff0fe604b11f6ee91a
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Tue Sep 21 13:00:12 2021 -0400
nfs.man: adding new mount option max_connect
When client discovers trunkable servers, instead of dropping newly
created trunkable connections, add this connection to the existing
RPC client.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index f1b76936..57a693fd 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -416,6 +416,19 @@ Note that the
option may also be used by some pNFS drivers to decide how many
connections to set up to the data servers.
.TP 1.5i
+.BR max_connect= n
+While
+.BR nconnect
+option sets a limit on the number of connections that can be established
+to a given server IP,
+.BR max_connect
+option allows the user to specify maximum number of connections to different
+server IPs that belong to the same NFSv4.1+ server (session trunkable
+connections) up to a limit of 16. When client discovers that it established
+a client ID to an already existing server, instead of dropping the newly
+created network transport, the client will add this new connection to the
+list of available transports for that RPC client.
+.TP 1.5i
.BR rdirplus " / " nordirplus
Selects whether to use NFS v3 or v4 READDIRPLUS requests.
If this option is not specified, the NFS client uses READDIRPLUS requests

View File

@ -1,36 +0,0 @@
diff --git a/tools/rpcctl/rpcctl.py b/tools/rpcctl/rpcctl.py
index b8df556b..d2110ad6 100755
--- a/tools/rpcctl/rpcctl.py
+++ b/tools/rpcctl/rpcctl.py
@@ -90,10 +90,18 @@ class Xprt:
self.dstaddr = write_addr_file(self.path / "dstaddr", newaddr)
def set_state(self, state):
+ if self.info.get("main_xprt"):
+ raise Exception(f"Main xprts cannot be set {state}")
with open(self.path / "xprt_state", 'w') as f:
f.write(state)
self.read_state()
+ def remove(self):
+ if self.info.get("main_xprt"):
+ raise Exception("Main xprts cannot be removed")
+ self.set_state("offline")
+ self.set_state("remove")
+
def add_command(subparser):
parser = subparser.add_parser("xprt", help="Commands for individual xprts")
parser.set_defaults(func=Xprt.show, xprt=None)
@@ -139,10 +147,9 @@ class Xprt:
if args.property == "dstaddr":
xprt.set_dstaddr(socket.gethostbyname(args.newaddr[0]))
elif args.property == "remove":
- xprt.set_state("offline")
- xprt.set_state("remove")
+ xprt.remove()
else:
- args.set_state(args.property)
+ xprt.set_state(args.property)
print(xprt)

View File

@ -1,24 +0,0 @@
commit a746c35822e557766d1871ec976490a71e6962d9
Author: Zhi Li <yieli@redhat.com>
Date: Wed Apr 5 12:08:10 2023 -0400
rpcdebug: avoid buffer underflow if read() returns 0
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2176740
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c
index 68206cc5..ec05179e 100644
--- a/tools/rpcdebug/rpcdebug.c
+++ b/tools/rpcdebug/rpcdebug.c
@@ -257,7 +257,7 @@ get_flags(char *module)
perror(filename);
exit(1);
}
- if ((len = read(sysfd, buffer, sizeof(buffer))) < 0) {
+ if ((len = read(sysfd, buffer, sizeof(buffer))) <= 0) {
perror("read");
exit(1);
}

View File

@ -1,40 +0,0 @@
commit 9abd3b4b57155dfdfd6895e6086ef550ee56fc49
Author: Wenchao Hao <haowenchao@huawei.com>
Date: Tue Feb 22 16:06:51 2022 -0500
idmapd: Fix error status when nfs-idmapd exits
nfs-idmapd.service would report following error when stopped:
Starting NFSv4 ID-name mapping service...
rpc.idmapd[1198]: Setting log level to 0
Started NFSv4 ID-name mapping service.
rpc.idmapd[1198]: exiting on signal 15
Stopping NFSv4 ID-name mapping service...
nfs-idmapd.service: Main process exited, code=exited, status=1/FAILURE
nfs-idmapd.service: Failed with result 'exit-code'.
Stopped NFSv4 ID-name mapping service.
commit 93e8f092(idmapd: Add graceful exit and resource cleanup)
redirected SIGTERM, so when executing "systemctl stop nfs-idmapd", the
main() of idmapd would running to tail to return, while it returned 1
which considered as error by systemd.
So here just return 0 in main().
Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index e2c160e8..e79c124d 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -474,7 +474,7 @@ main(int argc, char **argv)
event_free(svrdirev);
event_base_free(evbase);
- return 1;
+ return 0;
}
static void

View File

@ -1,31 +0,0 @@
commit 7f8463fe702174bd613df9d308cc899af25ae02e
Author: Steve Dickson <steved@redhat.com>
Date: Wed Feb 23 15:19:51 2022 -0500
systemd: Fix format-overflow warning
rpc-pipefs-generator.c:35:23: error: '%s' directive output between 0 and 2147483653 bytes may exceed minimum required size of 4095 [-Werror=format-overflow=]
35 | sprintf(path, "%s/%s", dirname, pipefs_unit);
| ^
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/systemd/rpc-pipefs-generator.c b/systemd/rpc-pipefs-generator.c
index c24db567..7b2bb4f7 100644
--- a/systemd/rpc-pipefs-generator.c
+++ b/systemd/rpc-pipefs-generator.c
@@ -28,11 +28,12 @@ static int generate_mount_unit(const char *pipefs_path, const char *pipefs_unit,
{
char *path;
FILE *f;
+ size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit) + 1);
- path = malloc(strlen(dirname) + 1 + strlen(pipefs_unit));
+ path = malloc(size);
if (!path)
return 1;
- sprintf(path, "%s/%s", dirname, pipefs_unit);
+ snprintf(path, size, "%s/%s", dirname, pipefs_unit);
f = fopen(path, "w");
if (!f)
{

View File

@ -1,427 +0,0 @@
diff --git a/support/export/cache.c b/support/export/cache.c
index a5823e92..396b3b73 100644
--- a/support/export/cache.c
+++ b/support/export/cache.c
@@ -932,6 +932,7 @@ static void write_fsloc(char **bp, int *blen, struct exportent *ep)
release_replicas(servers);
}
#endif
+
static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_mask)
{
struct sec_entry *p;
@@ -949,7 +950,20 @@ static void write_secinfo(char **bp, int *blen, struct exportent *ep, int flag_m
qword_addint(bp, blen, p->flav->fnum);
qword_addint(bp, blen, p->flags & flag_mask);
}
+}
+
+static void write_xprtsec(char **bp, int *blen, struct exportent *ep)
+{
+ struct xprtsec_entry *p;
+
+ for (p = ep->e_xprtsec; p->info; p++);
+ if (p == ep->e_xprtsec)
+ return;
+ qword_add(bp, blen, "xprtsec");
+ qword_addint(bp, blen, p - ep->e_xprtsec);
+ for (p = ep->e_xprtsec; p->info; p++)
+ qword_addint(bp, blen, p->info->number);
}
static int dump_to_cache(int f, char *buf, int blen, char *domain,
@@ -992,6 +1006,7 @@ static int dump_to_cache(int f, char *buf, int blen, char *domain,
qword_add(&bp, &blen, "uuid");
qword_addhex(&bp, &blen, u, 16);
}
+ write_xprtsec(&bp, &blen, exp);
xlog(D_AUTH, "granted access to %s for %s",
path, *domain == '$' ? domain+1 : domain);
} else {
diff --git a/support/include/nfs/export.h b/support/include/nfs/export.h
index 0eca828e..be5867cf 100644
--- a/support/include/nfs/export.h
+++ b/support/include/nfs/export.h
@@ -40,4 +40,18 @@
#define NFSEXP_OLD_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
| NFSEXP_ALLSQUASH)
+/*
+ * Transport layer security policies that are permitted to access
+ * an export
+ */
+#define NFSEXP_XPRTSEC_NONE 0x0001
+#define NFSEXP_XPRTSEC_TLS 0x0002
+#define NFSEXP_XPRTSEC_MTLS 0x0004
+
+#define NFSEXP_XPRTSEC_NUM (3)
+
+#define NFSEXP_XPRTSEC_ALL (NFSEXP_XPRTSEC_NONE | \
+ NFSEXP_XPRTSEC_TLS | \
+ NFSEXP_XPRTSEC_MTLS)
+
#endif /* _NSF_EXPORT_H */
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
index 6faba71b..61c19933 100644
--- a/support/include/nfslib.h
+++ b/support/include/nfslib.h
@@ -62,6 +62,18 @@ struct sec_entry {
int flags;
};
+#define XPRTSECMODE_COUNT 3
+
+struct xprtsec_info {
+ const char *name;
+ int number;
+};
+
+struct xprtsec_entry {
+ const struct xprtsec_info *info;
+ int flags;
+};
+
/*
* Data related to a single exports entry as returned by getexportent.
* FIXME: export options should probably be parsed at a later time to
@@ -83,6 +95,7 @@ struct exportent {
char * e_fslocdata;
char * e_uuid;
struct sec_entry e_secinfo[SECFLAVOR_COUNT+1];
+ struct xprtsec_entry e_xprtsec[XPRTSECMODE_COUNT + 1];
unsigned int e_ttl;
char * e_realpath;
};
@@ -99,6 +112,7 @@ struct rmtabent {
void setexportent(char *fname, char *type);
struct exportent * getexportent(int,int);
void secinfo_show(FILE *fp, struct exportent *ep);
+void xprtsecinfo_show(FILE *fp, struct exportent *ep);
void putexportent(struct exportent *xep);
void endexportent(void);
struct exportent * mkexportent(char *hname, char *path, char *opts);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index ec6f8013..d36f7664 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -99,6 +99,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
ee->e_fslocmethod = FSLOC_NONE;
ee->e_fslocdata = NULL;
ee->e_secinfo[0].flav = NULL;
+ ee->e_xprtsec[0].info = NULL;
ee->e_nsquids = 0;
ee->e_nsqgids = 0;
ee->e_uuid = NULL;
@@ -122,7 +123,7 @@ getexportent(int fromkernel, int fromexports)
if (first || (ok = getexport(exp, sizeof(exp))) == 0) {
has_default_opts = 0;
has_default_subtree_opts = 0;
-
+
init_exportent(&def_ee, fromkernel);
ok = getpath(def_ee.e_path, sizeof(def_ee.e_path));
@@ -146,7 +147,7 @@ getexportent(int fromkernel, int fromexports)
if (exp[0] == '-' && !fromkernel) {
if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0)
return NULL;
-
+
has_default_opts = 1;
ok = getexport(exp, sizeof(exp));
@@ -239,7 +240,6 @@ void secinfo_show(FILE *fp, struct exportent *ep)
if (ep->e_secinfo[0].flav == NULL)
secinfo_addflavor(find_flavor("sys"), ep);
for (p1=ep->e_secinfo; p1->flav; p1=p2) {
-
fprintf(fp, ",sec=%s", p1->flav->flavour);
for (p2=p1+1; (p2->flav != NULL) && (p1->flags == p2->flags);
p2++) {
@@ -249,6 +249,17 @@ void secinfo_show(FILE *fp, struct exportent *ep)
}
}
+void xprtsecinfo_show(FILE *fp, struct exportent *ep)
+{
+ struct xprtsec_entry *p1, *p2;
+
+ for (p1 = ep->e_xprtsec; p1->info; p1 = p2) {
+ fprintf(fp, ",xprtsec=%s", p1->info->name);
+ for (p2 = p1 + 1; p2->info && (p1->flags == p2->flags); p2++)
+ fprintf(fp, ":%s", p2->info->name);
+ }
+}
+
static void
fprintpath(FILE *fp, const char *path)
{
@@ -345,6 +356,7 @@ putexportent(struct exportent *ep)
}
fprintf(fp, "anonuid=%d,anongid=%d", ep->e_anonuid, ep->e_anongid);
secinfo_show(fp, ep);
+ xprtsecinfo_show(fp, ep);
fprintf(fp, ")\n");
}
@@ -483,6 +495,75 @@ static unsigned int parse_flavors(char *str, struct exportent *ep)
return out;
}
+static const struct xprtsec_info xprtsec_name2info[] = {
+ { "none", NFSEXP_XPRTSEC_NONE },
+ { "tls", NFSEXP_XPRTSEC_TLS },
+ { "mtls", NFSEXP_XPRTSEC_MTLS },
+ { NULL, 0 }
+};
+
+static const struct xprtsec_info *find_xprtsec_info(const char *name)
+{
+ const struct xprtsec_info *info;
+
+ for (info = xprtsec_name2info; info->name; info++)
+ if (strcmp(info->name, name) == 0)
+ return info;
+ return NULL;
+}
+
+/*
+ * Append the given xprtsec mode to the exportent's e_xprtsec array,
+ * or do nothing if it's already there. Returns the index of flavor in
+ * the resulting array in any case.
+ */
+static int xprtsec_addmode(const struct xprtsec_info *info, struct exportent *ep)
+{
+ struct xprtsec_entry *p;
+
+ for (p = ep->e_xprtsec; p->info; p++)
+ if (p->info == info || p->info->number == info->number)
+ return p - ep->e_xprtsec;
+
+ if (p - ep->e_xprtsec >= XPRTSECMODE_COUNT) {
+ xlog(L_ERROR, "more than %d xprtsec modes on an export\n",
+ XPRTSECMODE_COUNT);
+ return -1;
+ }
+ p->info = info;
+ p->flags = ep->e_flags;
+ (p + 1)->info = NULL;
+ return p - ep->e_xprtsec;
+}
+
+/*
+ * @str is a colon seperated list of transport layer security modes.
+ * Their order is recorded in @ep, and a bitmap corresponding to the
+ * list is returned.
+ *
+ * A zero return indicates an error.
+ */
+static unsigned int parse_xprtsec(char *str, struct exportent *ep)
+{
+ unsigned int out = 0;
+ char *name;
+
+ while ((name = strsep(&str, ":"))) {
+ const struct xprtsec_info *info = find_xprtsec_info(name);
+ int bit;
+
+ if (!info) {
+ xlog(L_ERROR, "unknown xprtsec mode %s\n", name);
+ return 0;
+ }
+ bit = xprtsec_addmode(info, ep);
+ if (bit < 0)
+ return 0;
+ out |= 1 << bit;
+ }
+ return out;
+}
+
/* Sets the bits in @mask for the appropriate security flavor flags. */
static void setflags(int mask, unsigned int active, struct exportent *ep)
{
@@ -621,7 +702,7 @@ parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
ep->e_anonuid = strtol(opt+8, &oe, 10);
if (opt[8]=='\0' || *oe != '\0') {
xlog(L_ERROR, "%s: %d: bad anonuid \"%s\"\n",
- flname, flline, opt);
+ flname, flline, opt);
bad_option:
free(opt);
return -1;
@@ -631,7 +712,7 @@ bad_option:
ep->e_anongid = strtol(opt+8, &oe, 10);
if (opt[8]=='\0' || *oe != '\0') {
xlog(L_ERROR, "%s: %d: bad anongid \"%s\"\n",
- flname, flline, opt);
+ flname, flline, opt);
goto bad_option;
}
} else if (strncmp(opt, "squash_uids=", 12) == 0) {
@@ -649,13 +730,13 @@ bad_option:
setflags(NFSEXP_FSID, active, ep);
} else {
ep->e_fsid = strtoul(opt+5, &oe, 0);
- if (opt[5]!='\0' && *oe == '\0')
+ if (opt[5]!='\0' && *oe == '\0')
setflags(NFSEXP_FSID, active, ep);
else if (valid_uuid(opt+5))
ep->e_uuid = strdup(opt+5);
else {
xlog(L_ERROR, "%s: %d: bad fsid \"%s\"\n",
- flname, flline, opt);
+ flname, flline, opt);
goto bad_option;
}
}
@@ -688,6 +769,9 @@ bad_option:
active = parse_flavors(opt+4, ep);
if (!active)
goto bad_option;
+ } else if (strncmp(opt, "xprtsec=", 8) == 0) {
+ if (!parse_xprtsec(opt + 8, ep))
+ goto bad_option;
} else {
xlog(L_ERROR, "%s:%d: unknown keyword \"%s\"\n",
flname, flline, opt);
@@ -709,7 +793,7 @@ out:
if (warn && !had_subtree_opt)
xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n"
" Assuming default behaviour ('no_subtree_check').\n"
- " NOTE: this default has changed since nfs-utils version 1.0.x\n",
+ " NOTE: this default has changed since nfs-utils version 1.0.x\n",
flname, flline,
ep->e_hostname, ep->e_path);
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index 6ba615d1..a87a7806 100644
--- a/utils/exportfs/exportfs.c
+++ b/utils/exportfs/exportfs.c
@@ -743,6 +743,7 @@ dump(int verbose, int export_format)
#endif
}
secinfo_show(stdout, ep);
+ xprtsecinfo_show(stdout, ep);
printf("%c\n", (c != '(')? ')' : ' ');
}
}
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 54b3f877..83dd6807 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -125,7 +125,55 @@ In that case you may include multiple sec= options, and following options
will be enforced only for access using flavors listed in the immediately
preceding sec= option. The only options that are permitted to vary in
this way are ro, rw, no_root_squash, root_squash, and all_squash.
+.SS Transport layer security
+The Linux NFS server allows the use of RPC-with-TLS (RFC 9289) to
+protect RPC traffic between itself and its clients.
+Alternately, administrators can secure NFS traffic using a VPN,
+or an ssh tunnel or similar mechanism, in a way that is transparent
+to the server.
.PP
+To enable the use of RPC-with-TLS, the server's administrator must
+install and configure
+.BR tlshd
+to handle transport layer security handshake requests from the local
+kernel.
+Clients can then choose to use RPC-with-TLS or they may continue
+operating without it.
+.PP
+Administrators may require the use of RPC-with-TLS to protect access
+to individual exports.
+This is particularly useful when using non-cryptographic security
+flavors such as
+.IR sec=sys .
+The
+.I xprtsec=
+option, followed by an unordered colon-delimited list of security policies,
+can restrict access to the export to only clients that have negotiated
+transport-layer security.
+Currently supported transport layer security policies include:
+.TP
+.IR none
+The server permits clients to access the export
+without the use of transport layer security.
+.TP
+.IR tls
+The server permits clients that have negotiated an RPC-with-TLS session
+without peer authentication (confidentiality only) to access the export.
+Clients are not required to offer an x.509 certificate
+when establishing a transport layer security session.
+.TP
+.IR mtls
+The server permits clients that have negotiated an RPC-with-TLS session
+with peer authentication to access the export.
+The server requires clients to offer an x.509 certificate
+when establishing a transport layer security session.
+.PP
+If RPC-with-TLS is configured and enabled and the
+.I xprtsec=
+option is not specified, the default setting for an export is
+.IR xprtsec=none:tls:mtls .
+With this setting, the server permits clients to use any transport
+layer security mechanism or none at all to access the export.
.SS General Options
.BR exportfs
understands the following export options:
@@ -581,7 +629,8 @@ a character class wildcard match.
.BR netgroup (5),
.BR mountd (8),
.BR nfsd (8),
-.BR showmount (8).
+.BR showmount (8),
+.BR tlshd (8).
.\".SH DIAGNOSTICS
.\"An error parsing the file is reported using syslogd(8) as level NOTICE from
.\"a DAEMON whenever
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index d9f34df3..dfc31a5d 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -574,7 +574,43 @@ The
.B sloppy
option is an alternative to specifying
.BR mount.nfs " -s " option.
-
+.TP 1.5i
+.BI xprtsec= policy
+Specifies the use of transport layer security to protect NFS network
+traffic on behalf of this mount point.
+.I policy
+can be one of
+.BR none ,
+.BR tls ,
+or
+.BR mtls .
+.IP
+If
+.B none
+is specified,
+transport layer security is forced off, even if the NFS server supports
+transport layer security.
+If
+.B tls
+is specified, the client uses RPC-with-TLS to provide in-transit
+confidentiality.
+If
+.B mtls
+is specified, the client uses RPC-with-TLS to authenticate itself and
+to provide in-transit confidentiality.
+If either
+.B tls
+or
+.B mtls
+is specified and the server does not support RPC-with-TLS or peer
+authentication fails, the mount attempt fails.
+.IP
+If the
+.B xprtsec=
+option is not specified,
+the default behavior depends on the kernel version,
+but is usually equivalent to
+.BR "xprtsec=none" .
.SS "Options for NFS versions 2 and 3 only"
Use these options, along with the options in the above subsection,
for NFS versions 2 and 3 only.

View File

@ -1,31 +0,0 @@
commit 8a835cebb149ba2a54b6518722c79019cf8e3da4
Author: Benjamin Coddington <bcodding@redhat.com>
Date: Mon Aug 1 13:19:04 2022 -0400
rpc-statd.service: Stop rpcbind and rpc.stat in an exit race
When `systemctl stop rpcbind.socket` is run, the dependency means
that systemd first sends SIGTERM to rpcbind, then sigterm to rpc.statd.
On SIGTERM, rpcbind tears down /var/run/rpcbind.sock. However,
rpc-statd on SIGTERM attempts to unregister from rpcbind
systemd needs to wait for rpc.statd to exit before sending
SIGTERM to rpcbind
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2100395
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
index 095629f2..392750da 100644
--- a/systemd/rpc-statd.service
+++ b/systemd/rpc-statd.service
@@ -5,7 +5,7 @@ Conflicts=umount.target
Requires=nss-lookup.target rpcbind.socket
Wants=network-online.target
Wants=rpc-statd-notify.service
-After=network-online.target nss-lookup.target rpcbind.socket
+After=network-online.target nss-lookup.target rpcbind.service
PartOf=nfs-utils.service
IgnoreOnIsolate=yes

324
SOURCES/nfsconvert.py Normal file
View File

@ -0,0 +1,324 @@
#!/usr/bin/env python3
"""
Read in the deprecated /etc/sysconfig/nfs file and
set the corresponding values in nfs.conf
"""
from __future__ import print_function
import os
import sys
import getopt
import subprocess
import configparser
CONF_NFS = '/etc/nfs.conf'
CONF_IDMAP = '/etc/idmapd.conf'
SYSCONF_NFS = '/etc/sysconfig/nfs'
SYSCONF_BACKUP = ".rpmsave"
CONF_TOOL = '/usr/sbin/nfsconf'
# options for nfsd found in RPCNFSDARGS
OPTS_NFSD = 'dH:p:rR:N:V:stTuUG:L:'
LONG_NFSD = ['debug', 'host=', 'port=', 'rdma=', 'nfs-version=', 'no-nfs-version=',
'tcp', 'no-tcp', 'udp', 'no-udp', 'grace-time=', 'lease-time=']
CONV_NFSD = {'-d': (CONF_NFS, 'nfsd', 'debug', 'all'),
'-H': (CONF_NFS, 'nfsd', 'host', ','),
'-p': (CONF_NFS, 'nfsd', 'port', '$1'),
'-r': (CONF_NFS, 'nfsd', 'rdma', 'nfsrdma'),
'-R': (CONF_NFS, 'nfsd', 'rdma', '$1'),
'-N': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
'-V': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
'-t': (CONF_NFS, 'nfsd', 'tcp', '1'),
'-T': (CONF_NFS, 'nfsd', 'tcp', '0'),
'-u': (CONF_NFS, 'nfsd', 'udp', '1'),
'-U': (CONF_NFS, 'nfsd', 'udp', '0'),
'-G': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
'-L': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
'$1': (CONF_NFS, 'nfsd', 'threads', '$1'),
'--debug': (CONF_NFS, 'nfsd', 'debug', 'all'),
'--host': (CONF_NFS, 'nfsd', 'host', ','),
'--port': (CONF_NFS, 'nfsd', 'port', '$1'),
'--rdma': (CONF_NFS, 'nfsd', 'rdma', '$1'),
'--no-nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
'--nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
'--tcp': (CONF_NFS, 'nfsd', 'tcp', '1'),
'--no-tcp': (CONF_NFS, 'nfsd', 'tcp', '0'),
'--udp': (CONF_NFS, 'nfsd', 'udp', '1'),
'--no-udp': (CONF_NFS, 'nfsd', 'udp', '0'),
'--grace-time': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
'--lease-time': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
}
# options for mountd found in RPCMOUNTDOPTS
OPTS_MOUNTD = 'go:d:H:p:N:nrs:t:V:'
LONG_MOUNTD = ['descriptors=', 'debug=', 'nfs-version=', 'no-nfs-version=',
'port=', 'no-tcp', 'ha-callout=', 'state-directory-path=',
'num-threads=', 'reverse-lookup', 'manage-gids', 'no-udp']
CONV_MOUNTD = {'-g': (CONF_NFS, 'mountd', 'manage-gids', '1'),
'-o': (CONF_NFS, 'mountd', 'descriptors', '$1'),
'-d': (CONF_NFS, 'mountd', 'debug', '$1'),
'-H': (CONF_NFS, 'mountd', 'ha-callout', '$1'),
'-p': (CONF_NFS, 'mountd', 'port', '$1'),
'-N': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
'-V': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
'-n': (CONF_NFS, 'nfsd', 'tcp', '0'),
'-s': (CONF_NFS, 'mountd', 'stat-directory-path', '$1'),
'-t': (CONF_NFS, 'mountd', 'threads', '$1'),
'-r': (CONF_NFS, 'mountd', 'reverse-lookup', '1'),
'-u': (CONF_NFS, 'nfsd', 'udp', '0'),
'--manage-gids': (CONF_NFS, 'mountd', 'manage-gids', '1'),
'--descriptors': (CONF_NFS, 'mountd', 'descriptors', '$1'),
'--debug': (CONF_NFS, 'mountd', 'debug', '$1'),
'--ha-callout': (CONF_NFS, 'mountd', 'ha-callout', '$1'),
'--port': (CONF_NFS, 'mountd', 'port', '$1'),
'--nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'y'),
'--no-nfs-version': (CONF_NFS, 'nfsd', 'vers$1', 'n'),
'--no-tcp': (CONF_NFS, 'nfsd', 'tcp', '0'),
'--state-directory-path': (CONF_NFS, 'mountd', 'state-directory-path', '$1'),
'--num-threads': (CONF_NFS, 'mountd', 'threads', '$1'),
'--reverse-lookup': (CONF_NFS, 'mountd', 'reverse-lookup', '1'),
'--no-udp': (CONF_NFS, 'nfsd', 'udp', '0'),
}
# options for statd found in STATDARG
OPTS_STATD = 'o:p:T:U:n:P:H:L'
LONG_STATD = ['outgoing-port=', 'port=', 'name=', 'state-directory-path=',
'ha-callout=', 'nlm-port=', 'nlm-udp-port=', 'no-notify']
CONV_STATD = {'-o': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
'-p': (CONF_NFS, 'statd', 'port', '$1'),
'-T': (CONF_NFS, 'lockd', 'port', '$1'),
'-U': (CONF_NFS, 'lockd', 'udp-port', '$1'),
'-n': (CONF_NFS, 'statd', 'name', '$1'),
'-P': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
'-H': (CONF_NFS, 'statd', 'ha-callout', '$1'),
'-L': (CONF_NFS, 'statd', 'no-notify', '1'),
'--outgoing-port': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
'--port': (CONF_NFS, 'statd', 'port', '$1'),
'--name': (CONF_NFS, 'statd', 'name', '$1'),
'--state-directory-path': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
'--ha-callout': (CONF_NFS, 'statd', 'ha-callout', '$1'),
'--nlm-port': (CONF_NFS, 'lockd', 'port', '$1'),
'--nlm-udp-port': (CONF_NFS, 'lockd', 'udp-port', '$1'),
'--no-notify': (CONF_NFS, 'statd', 'no-notify', '1'),
}
# options for sm-notify found in SMNOTIFYARGS
OPTS_SMNOTIFY = 'dm:np:v:P:f'
CONV_SMNOTIFY = {'-d': (CONF_NFS, 'sm-notify', 'debug', 'all'),
'-m': (CONF_NFS, 'sm-notify', 'retry-time', '$1'),
'-n': (CONF_NFS, 'sm-notify', 'update-state', '1'),
'-p': (CONF_NFS, 'sm-notify', 'outgoing-port', '$1'),
'-v': (CONF_NFS, 'sm-notify', 'outgoing-addr', '$1'),
'-f': (CONF_NFS, 'sm-notify', 'force', '1'),
'-P': (CONF_NFS, 'statd', 'state-directory-path', '$1'),
}
# options for idmapd found in RPCIDMAPDARGS
OPTS_IDMAPD = 'vp:CS'
CONV_IDMAPD = {'-v': (CONF_IDMAP, 'general', 'verbosity', '+'),
'-p': (CONF_NFS, 'general', 'pipefs-directory', '$1'),
'-C': (CONF_IDMAP, 'general', 'client-only', '1'),
'-S': (CONF_IDMAP, 'general', 'server-only', '1'),
}
# options for gssd found in RPCGSSDARGS
OPTS_GSSD = 'Mnvrp:k:d:t:T:R:lD'
CONV_GSSD = {'-M': (CONF_NFS, 'gssd', 'use-memcache', '1'),
'-n': (CONF_NFS, 'gssd', 'root_uses_machine_creds', '0'),
'-v': (CONF_NFS, 'gssd', 'verbosity', '+'),
'-r': (CONF_NFS, 'gssd', 'rpc-verbosity', '+'),
'-p': (CONF_NFS, 'general', 'pipefs-directory', '$1'),
'-k': (CONF_NFS, 'gssd', 'keytab-file', '$1'),
'-d': (CONF_NFS, 'gssd', 'cred-cache-directory', '$1'),
'-t': (CONF_NFS, 'gssd', 'context-timeout', '$1'),
'-T': (CONF_NFS, 'gssd', 'rpc-timeout', '$1'),
'-R': (CONF_NFS, 'gssd', 'preferred-realm', '$1'),
'-l': (CONF_NFS, 'gssd', 'limit-to-legacy-enctypes', '0'),
'-D': (CONF_NFS, 'gssd', 'avoid-dns', '0'),
}
# options for blkmapd found in BLKMAPDARGS
OPTS_BLKMAPD = ''
CONV_BLKMAPD = {}
# meta list of all the getopt lists
GETOPT_MAPS = [('RPCNFSDARGS', OPTS_NFSD, LONG_NFSD, CONV_NFSD),
('RPCMOUNTDOPTS', OPTS_MOUNTD, LONG_MOUNTD, CONV_MOUNTD),
('STATDARG', OPTS_STATD, LONG_STATD, CONV_STATD),
('STATDARGS', OPTS_STATD, LONG_STATD, CONV_STATD),
('SMNOTIFYARGS', OPTS_SMNOTIFY, [], CONV_SMNOTIFY),
('RPCIDMAPDARGS', OPTS_IDMAPD, [], CONV_IDMAPD),
('RPCGSSDARGS', OPTS_GSSD, [], CONV_GSSD),
('BLKMAPDARGS', OPTS_BLKMAPD, [], CONV_BLKMAPD),
]
# any fixups we need to apply first
GETOPT_FIXUP = {'RPCNFSDARGS': ('--rdma', '--rdma=nfsrdma'),
}
# map for all of the single option values
VALUE_MAPS = {'LOCKD_TCPPORT': (CONF_NFS, 'lockd', 'port', '$1'),
'LOCKD_UDPPORT': (CONF_NFS, 'lockd', 'udp-port', '$1'),
'RPCNFSDCOUNT': (CONF_NFS, 'nfsd', 'threads', '$1'),
'NFSD_V4_GRACE': (CONF_NFS, 'nfsd', 'grace-time', '$1'),
'NFSD_V4_LEASE': (CONF_NFS, 'nfsd', 'lease-time', '$1'),
'MOUNTD_PORT': (CONF_NFS, 'mountd', 'port', '$1'),
'STATD_PORT': (CONF_NFS, 'statd', 'port', '$1'),
'STATD_OUTGOING_PORT': (CONF_NFS, 'statd', 'outgoing-port', '$1'),
'STATD_HA_CALLOUT': (CONF_NFS, 'statd', 'ha-callout', '$1'),
'GSS_USE_PROXY': (CONF_NFS, 'gssd', 'use-gss-proxy', '$1')
}
def eprint(*args, **kwargs):
""" Print error to stderr """
print(*args, file=sys.stderr, **kwargs)
def makesub(param, value):
""" Variable substitution """
return param.replace('$1', value)
def set_value(value, entry):
""" Set a configuration value by running nfsconf tool"""
cfile, section, tag, param = entry
tag = makesub(tag, value)
param = makesub(param, value)
if param == '+':
param = value
if param == ',':
param = value
args = [CONF_TOOL, "--file", cfile, "--set", section, tag, param]
try:
subprocess.check_output(args, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
print("Error running nfs-conf tool:\n %s" % (e.output.decode()))
print("Args: %s\n" % args)
raise Exception
def convert_getopt(optname, options, optstring, longopts, conversions):
""" Parse option string into seperate config items
Take a getopt string and a table of conversions
parse it all and spit out the converted config
Keyword arguments:
options -- the argv string to convert
optstring -- getopt format option list
conversions -- table of translations
"""
optcount = 0
try:
args = options.strip('\"').split()
if optname in GETOPT_FIXUP:
(k, v) = GETOPT_FIXUP[optname]
for i, opt in enumerate(args):
if opt == k:
args[i] = v
elif opt == '--':
break
optlist, optargs = getopt.gnu_getopt(args, optstring, longopts=longopts)
except getopt.GetoptError as err:
eprint(err)
raise Exception
setlist = {}
for (k, v) in optlist:
if k in conversions:
# it's already been set once
param = conversions[k][3]
tag = k + makesub(conversions[k][2], v)
if tag in setlist:
value = setlist[tag][0]
# is it a cummulative entry
if param == '+':
value = str(int(value) + 1)
if param == ',':
value += "," + v
else:
if param == '+':
value = "1"
elif param == ',':
value = v
else:
value = v
setlist[tag] = (value, conversions[k])
else:
if v:
eprint("Ignoring unrecognised option %s=%s in %s" % (k, v, optname))
else:
eprint("Ignoring unrecognised option %s in %s" % (k, optname))
for v, c in setlist.values():
try:
set_value(v, c)
optcount += 1
except Exception:
raise
i = 1
for o in optargs:
opname = '$' + str(i)
if opname in conversions:
try:
set_value(o, conversions[opname])
optcount += 1
except Exception:
raise
else:
eprint("Unrecognised trailing arguments")
raise Exception
i += 1
return optcount
def map_values():
""" Main function """
mapcount = 0
# Lets load the old config
with open(SYSCONF_NFS) as cfile:
file_content = '[sysconf]\n' + cfile.read()
sysconfig = configparser.RawConfigParser()
sysconfig.read_string(file_content)
# Map all the getopt option lists
for (name, opts, lopts, conv) in GETOPT_MAPS:
if name in sysconfig['sysconf']:
try:
mapcount += convert_getopt(name, sysconfig['sysconf'][name], opts,
lopts, conv)
except Exception:
eprint("Error whilst converting %s to nfsconf options." % (name))
raise
# Map the single value options
for name, opts in VALUE_MAPS.items():
if name in sysconfig['sysconf']:
try:
value = sysconfig['sysconf'][name]
set_value(value.strip('\"'), opts)
mapcount += 1
except Exception:
raise
# All went well, move aside the old file
# but dont bother if there were no changes and
# an old config file already exists
backupfile = SYSCONF_NFS + SYSCONF_BACKUP
if mapcount > 0 or not os.path.exists(backupfile):
try:
os.replace(SYSCONF_NFS, backupfile)
except OSError as err:
eprint("Error moving old config %s: %s" % (SYSCONF_NFS, err))
raise
# Main routine
try:
map_values()
except Exception as e:
eprint(e)
eprint("Conversion failed. Please correct the error and try again.")
exit(1)

38
SOURCES/nfsconvert.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
#
# Convert /etc/sysconfig/nfs values in /etc/nfs.conf valuse
#
#
# No file no conversion
#
if [ ! -f /etc/sysconfig/nfs ]; then
exit 0
fi
#
# See if the conversion happen already
#
grep "nfs.conf" /etc/sysconfig/nfs > /dev/null
if [ $? -eq 0 ]; then
exit 0
fi
if [ -f /etc/nfs.conf.rpmnew ]; then
# See if it is the we want to use
grep tag1234 /etc/nfs.conf.rpmnew > /dev/null
if [ $? -eq 0 ]; then
cp /etc/nfs.conf /etc/nfs.conf.rpmsave
cat /etc/nfs.conf.rpmnew | sed '/tag123/d' > /etc/nfs.conf
rm /etc/nfs.conf.rpmnew
fi
else
cp /etc/nfs.conf /etc/nfs.conf.rpmsave
fi
#
# Do the conversion
#
/usr/sbin/nfsconvert

View File

@ -1,83 +1,124 @@
Summary: NFS utilities and supporting clients and daemons for the kernel NFS server Summary: NFS utilities and supporting clients and daemons for the kernel NFS server
Name: nfs-utils Name: nfs-utils
URL: http://linux-nfs.org/ URL: http://linux-nfs.org/
Version: 2.5.4 Version: 2.3.3
Release: 27%{?dist} Release: 59%{?dist}
Epoch: 1 Epoch: 1
# group all 32bit related archs # group all 32bit related archs
%global all_32bit_archs i386 i486 i586 i686 athlon ppc sparcv9 %define all_32bit_archs i386 i486 i586 i686 athlon ppc sparcv9
Source0: https://www.kernel.org/pub/linux/utils/nfs-utils/%{version}/%{name}-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/utils/nfs-utils/%{version}/%{name}-%{version}.tar.xz
Source1: id_resolver.conf Source1: id_resolver.conf
Source2: lockd.conf Source2: lockd.conf
Source3: 24-nfs-server.conf Source3: 24-nfs-server.conf
Source4: 10-nfsv4.conf Source4: nfsconvert.py
Source5: nfsconvert.sh
Source6: nfs-convert.service
# #
# RHEL9.0 # RHEL 8.0
# #
Patch001: nfs-utils-2.5.4-mount-sloppy.patch Patch001: nfs-utils-2.3.3-nfsd-disable-v4.patch
Patch002: nfs-utils-2.5.4-nfsdcltrack-printf.patch Patch002: nfs-utils-2.3.3-remove-osd_login.patch
Patch003: nfs-utils-2.5.4-general-memory-fixes.patch Patch003: nfs-utils-2.3.3-mount-sharecache.patch
Patch004: nfs-utils-2.5.4-mount-nov2.patch Patch004: nfs-utils-2.3.3-gssd-usegssproxy.patch
Patch005: nfs-utils-2.5.4-gssd-debug-msg.patch Patch005: nfs-utils-2.3.3-nfsconf-usegssproxy.patch
Patch006: nfs-utils-2.5.4-rpcctl.patch Patch006: nfs-utils-2.3.3-man-tcpwrappers.patch
Patch007: nfs-utils-2.3.3-junction-update.patch
# #
# RHEL9.1 # RHEL 8.1
# #
Patch007: nfs-utils-2.5.4-nfsman-maxconnect.patch Patch008: nfs-utils-2.3.3-nfsconf-manage-gids.patch
Patch008: nfs-utils-2.5.4-rpcpipefs-warn.patch Patch009: nfs-utils-2.3.3-statd-force.patch
Patch009: nfs-utils-2.5.4-rpcidmapd-return.patch Patch010: nfs-utils-2.3.3-statd-no-notify.patch
Patch010: nfs-utils-2.5.4-mount-ebusy.patch Patch011: nfs-utils-2.3.3-gssd-verbose.patch
Patch011: nfs-utils-2.5.4-rpcctl-xprt.patch Patch012: nfs-utils-2.3.3-nfsconf-inplace.patch
Patch012: nfs-utils-2.5.4-systemd-rpcstatd.patch Patch013: nfs-utils-2.3.3-covscan-resource-leaks.patch
Patch014: nfs-utils-2.3.3-nfsman-typo.patch
Patch015: nfs-utils-2.3.3-mount-fallback.patch
Patch016: nfs-utils-2.3.3-mountd-memleak.patch
Patch017: nfs-utils-2.3.3-lseek-error-handling.patch
Patch018: nfs-utils-2.3.3-memleak-on-error.patch
# #
# RHEL9.2 # RHEL 8.2
# #
Patch013: nfs-utils-2.5.4-nfsd-man-4vers.patch Patch019: nfs-utils-2.3.3-nfsiostat-err-cnts.patch
Patch014: nfs-utils-2.5.4-mount-null-ptr.patch Patch020: nfs-utils-2.3.3-gssd-man-verbose.patch
Patch015: nfs-utils-2.5.4-nfsrahead-cmd.patch Patch021: nfs-utils-2.3.3-nfsconf-rdmaport.patch
Patch016: nfs-utils-2.5.4-covscan-return-value.patch Patch022: nfs-utils-2.3.3-gssd-early-daemon.patch
Patch023: nfs-utils-2.3.3-covscan-rm-deadcode-leaks.patch
Patch024: nfs-utils-2.3.3-gssd-memoryleak.patch
# #
# RHEL9.3 # RHEL 8.3
# #
Patch017: nfs-utils-2.5.4-juncs-automount.patch Patch025: nfs-utils-2.3.3-junction-err-fix.patch
Patch018: nfs-utils-2.5.4-man-nfsconf.patch Patch026: nfs-utils-2.3.3-nfsdcld-upstream-update.patch
Patch027: nfs-utils-2.3.3-nconnect-manpage.patch
Patch028: nfs-utils-2.3.3-nfsdclddb-rename.patch
Patch029: nfs-utils-2.3.3-nfsclnts-cmd.patch
# #
# RHEL9.4 # RHEL 8.4
# #
Patch019: nfs-utils-2.5.4-gssd-dns-failure.patch Patch030: nfs-utils-2.3.3-exportfs-man-labels.patch
Patch020: nfs-utils-2.5.4-gssd-bad-integ-error-support.patch Patch031: nfs-utils-2.3.3-nfsiostat-div-zero.patch
Patch021: nfs-utils-2.5.4-mount-mountconf-typo.patch Patch032: nfs-utils-2.3.3-nfsiostat-key-error.patch
Patch022: nfs-utils-2.5.4-support-for-rpc-with-tls.patch Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch
Patch023: nfs-utils-2.5.4-fix-typos-in-messages.patch Patch034: nfs-utils-2.3.3-systemd-exportfs-nofail.patch
Patch024: nfs-utils-2.5.4-blkmapd-double-free.patch Patch035: nfs-utils-2.3.3-exports-manpage-outdated.patch
Patch025: nfs-utils-2.5.4-rpcdebug-check-read-return.patch Patch036: nfs-utils-2.3.3-gssd-multithread-updates.patch
Patch037: nfs-utils-2.3.3-mountd-pseudofs.patch
# #
# RHEL9.5 # RHEL 8.5
# #
Patch026: nfs-utils-2.5.4-gssd-allowed-enctypes.patch Patch038: nfs-utils-2.3.3-gssd-k5identity.patch
Patch027: nfs-utils-2.5.4-gssd-segfault.patch Patch039: nfs-utils-2.3.3-gssd-man-tflag.patch
Patch040: nfs-utils-2.3.3-exportfs-root.patch
Patch041: nfs-utils-2.3.3-mount-sloppy.patch
Patch042: nfs-utils-2.3.3-gssd-failed-thread.patch
Patch043: nfs-utils-2.3.3-gssd-timeout-thread.patch
Patch044: nfs-utils-2.3.3-gssd-debug-cleanup.patch
Patch045: nfs-utils-2.3.3-gssd-mutex-refcnt.patch
#
# RHEL 8.6
#
Patch046: nfs-utils-2.3.3-mountd-v4-logging.patch
Patch047: nfs-utils-2.3.3-gssd-printerr.patch
Patch048: nfs-utils-2.3.3-mount-ebusy.patch
Patch049: nfs-utils-2.3.3-nfsidmap-debug.patch
#
# RHEL 8.7
#
Patch050: nfs-utils-2.3.3-nfsman-softreval.patch
Patch051: nfs-utils-2.3.3-rpcctl.patch
Patch052: nfs-utils-2.3.3-nfsrahead.patch
Patch053: nfs-utils-2.3.3-rpcctl-subparser.patch
Patch054: nfs-utils-2.3.3-rpcctl-posixpath.patch
Patch055: nfs-utils-2.3.3-systemd-rpcstatd.patch
#
# rhel 8.8
#
Patch056: nfs-utils-2.3.3-mountd-v4clnts.patch
Patch057: nfs-utils-2.3.3-covscan-return-value.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
Patch102: nfs-utils-1.2.5-idmap-errmsg.patch Patch102: nfs-utils-2.3.3-idmap-errmsg.patch
Patch103: nfs-utils-2.3.1-systemd-gssproxy-restart.patch Patch103: nfs-utils-2.3.1-systemd-gssproxy-restart.patch
Patch104: nfs-utils-2.3.3-man-tcpwrappers.patch Patch104: nfs-utils-2.3.1-systemd-svcgssd-removed.patch
Patch105: nfs-utils-2.3.3-nfsconf-usegssproxy.patch
Patch106: nfs-utils-2.4.2-systemd-svcgssd.patch
Provides: exportfs = %{epoch}:%{version}-%{release} Provides: exportfs = %{epoch}:%{version}-%{release}
Provides: nfsstat = %{epoch}:%{version}-%{release} Provides: nfsstat = %{epoch}:%{version}-%{release}
Provides: showmount = %{epoch}:%{version}-%{release} Provides: showmount = %{epoch}:%{version}-%{release}
Provides: rpcdebug = %{epoch}:%{version}-%{release} Provides: rpcdebug = %{epoch}:%{version}-%{release}
Provides: rpcctl = %{epoch}:%{version}-%{release}
Provides: rpc.idmapd = %{epoch}:%{version}-%{release} Provides: rpc.idmapd = %{epoch}:%{version}-%{release}
Provides: rpc.mountd = %{epoch}:%{version}-%{release} Provides: rpc.mountd = %{epoch}:%{version}-%{release}
Provides: rpc.nfsd = %{epoch}:%{version}-%{release} Provides: rpc.nfsd = %{epoch}:%{version}-%{release}
@ -91,8 +132,9 @@ Provides: sm-notify = %{epoch}:%{version}-%{release}
Provides: start-statd = %{epoch}:%{version}-%{release} Provides: start-statd = %{epoch}:%{version}-%{release}
License: MIT and GPLv2 and GPLv2+ and BSD License: MIT and GPLv2 and GPLv2+ and BSD
BuildRequires: make Requires: rpcbind, sed, gawk, grep
BuildRequires: libevent-devel libcap-devel libuuid-devel Requires: kmod, keyutils, quota, python3-pyyaml
BuildRequires: libevent-devel libcap-devel
BuildRequires: libtirpc-devel libblkid-devel BuildRequires: libtirpc-devel libblkid-devel
BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2 BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
BuildRequires: automake, libtool, gcc, device-mapper-devel BuildRequires: automake, libtool, gcc, device-mapper-devel
@ -107,58 +149,17 @@ Requires(pre): coreutils
Requires(preun): coreutils Requires(preun): coreutils
Requires: libnfsidmap libevent Requires: libnfsidmap libevent
Requires: libtirpc >= 0.2.3-1 libblkid libcap libmount Requires: libtirpc >= 0.2.3-1 libblkid libcap libmount
Requires: gssproxy => 0.7.0-3
Requires: rpcbind, sed, gawk, grep
Requires: kmod, keyutils, quota, python3-pyyaml
%{?systemd_requires} %{?systemd_requires}
%package -n nfs-utils-coreos
Summary: Minimal NFS utilities for supporting clients
Provides: nfsstat = %{epoch}:%{version}-%{release}
Provides: rpc.statd = %{epoch}:%{version}-%{release}
Provides: rpc.gssd = %{epoch}:%{version}-%{release}
Provides: mount.nfs = %{epoch}:%{version}-%{release}
Provides: mount.nfs4 = %{epoch}:%{version}-%{release}
Provides: umount.nfs = %{epoch}:%{version}-%{release}
Provides: umount.nfs4 = %{epoch}:%{version}-%{release}
Provides: start-statd = %{epoch}:%{version}-%{release}
Provides: nfsidmap = %{epoch}:%{version}-%{release}
Provides: showmount = %{epoch}:%{version}-%{release}
Requires: rpcbind
%{?systemd_requires}
%description -n nfs-utils-coreos
Minimal NFS utilities for supporting clients
%package -n nfs-stats-utils
Summary: NFS utilities for supporting clients
Provides: nfsstat = %{epoch}:%{version}-%{release}
Provides: mountstats = %{epoch}:%{version}-%{release}
Provides: nfsiostat = %{epoch}:%{version}-%{release}
%description -n nfs-stats-utils
Show NFS client Statistics
%package -n nfsv4-client-utils
Summary: NFSv4 utilities for supporting client
Provides: rpc.gssd = %{epoch}:%{version}-%{release}
Provides: rpcctl = %{epoch}:%{version}-%{release}
Provides: mount.nfs = %{epoch}:%{version}-%{release}
Provides: mount.nfs4 = %{epoch}:%{version}-%{release}
Provides: umount.nfs = %{epoch}:%{version}-%{release}
Provides: umount.nfs4 = %{epoch}:%{version}-%{release}
Provides: nfsidmap = %{epoch}:%{version}-%{release}
Requires: gssproxy => 0.7.0-3 Requires: gssproxy => 0.7.0-3
%description -n nfsv4-client-utils
The nfsv4-client-utils packages provided NFSv4 client support
%package -n libnfsidmap %package -n libnfsidmap
Summary: NFSv4 User and Group ID Mapping Library Summary: NFSv4 User and Group ID Mapping Library
Provides: libnfsidmap%{?_isa} = %{epoch}:%{version}-%{release} Provides: libnfsidmap%{?_isa} = %{epoch}:%{version}-%{release}
License: BSD License: BSD
BuildRequires: pkgconfig, openldap-devel BuildRequires: pkgconfig, openldap-devel
BuildRequires: automake, libtool BuildRequires: automake, libtool
Requires(postun): /sbin/ldconfig
Requires(pre): /sbin/ldconfig
Requires: openldap Requires: openldap
%description -n libnfsidmap %description -n libnfsidmap
@ -175,16 +176,8 @@ developing programs which use the libnfsidmap library.
%description %description
The nfs-utils package provides a daemon for the kernel NFS server and The nfs-utils package provides various utilities for use with NFS
related tools, which provides a much higher level of performance than the clients and servers.
traditional Linux NFS server used by most users.
This package also contains the showmount program. Showmount queries the
mount daemon on a remote host for information about the NFS (Network File
System) server on the remote host. For example, showmount can display the
clients which are mounted on that host.
This package also contains the mount.nfs and umount.nfs program.
%prep %prep
%autosetup -p1 %autosetup -p1
@ -197,10 +190,10 @@ find -name \*.py -exec sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' {
%build %build
sh -x autogen.sh sh -x autogen.sh
%global _statdpath /var/lib/nfs/statd %define _statdpath /var/lib/nfs/statd
%configure \ %configure \
CFLAGS="%{build_cflags} -D_FILE_OFFSET_BITS=64" \ CFLAGS="%{build_cflags} -D_FILE_OFFSET_BITS=64 `pkg-config --cflags libtirpc`" \
LDFLAGS="%{build_ldflags}" \ LDFLAGS="%{build_ldflags} `pkg-config --libs libtirpc`" \
--enable-mountconfig \ --enable-mountconfig \
--enable-ipv6 \ --enable-ipv6 \
--with-statdpath=%{_statdpath} \ --with-statdpath=%{_statdpath} \
@ -213,7 +206,7 @@ sh -x autogen.sh
%make_build all %make_build all
%install %install
%global _pkgdir %{_prefix}/lib/systemd %define _pkgdir %{_prefix}/lib/systemd
rm -rf $RPM_BUILD_ROOT/* rm -rf $RPM_BUILD_ROOT/*
@ -235,9 +228,13 @@ install -m 644 nfs.conf $RPM_BUILD_ROOT%{_sysconfdir}
install -m 644 support/nfsidmap/idmapd.conf $RPM_BUILD_ROOT%{_sysconfdir} install -m 644 support/nfsidmap/idmapd.conf $RPM_BUILD_ROOT%{_sysconfdir}
install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/request-key.d install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/request-key.d
mkdir -p $RPM_BUILD_ROOT/run/sysconfig mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/scripts
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d/lockd.conf install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d/lockd.conf
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/gssproxy install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/gssproxy
install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_sbindir}/nfsconvert
install -m 755 %{SOURCE5} $RPM_BUILD_ROOT/%{_libexecdir}/nfs-utils/nfsconvert.sh
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pkgdir}/system
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.{a,la} rm -rf $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
rm -rf $RPM_BUILD_ROOT%{_libdir}/libnfsidmap/*.{a,la} rm -rf $RPM_BUILD_ROOT%{_libdir}/libnfsidmap/*.{a,la}
@ -252,9 +249,6 @@ mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/nfs/statd/sm.bak
mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/nfs/v4recovery mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/nfs/v4recovery
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/exports.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/exports.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/nfsmount.conf.d
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/nfsmount.conf.d
%pre %pre
# move files so the running service will have this applied as well # move files so the running service will have this applied as well
@ -264,7 +258,7 @@ for x in gssd idmapd ; do
fi fi
done done
%global rpcuser_uid 29 %define rpcuser_uid 29
# Create rpcuser gid as long as it does not already exist # Create rpcuser gid as long as it does not already exist
cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null
if [ "$?" -eq 1 ]; then if [ "$?" -eq 1 ]; then
@ -281,11 +275,7 @@ else
fi fi
# Using the 16-bit value of -2 for the nfsnobody uid and gid # Using the 16-bit value of -2 for the nfsnobody uid and gid
%global nfsnobody_uid 65534 %define nfsnobody_uid 65534
# Nowadays 'nobody/65534' user/group are included in setup rpm. But on
# systems installed previously, nobody/99 might be present, with user
# 65534 missing. Let's create nfsnobody/65534 in that case.
# Create nfsnobody gid as long as it does not already exist # Create nfsnobody gid as long as it does not already exist
cat /etc/group | cut -d':' -f 3 | grep --quiet %{nfsnobody_uid} 2>/dev/null cat /etc/group | cut -d':' -f 3 | grep --quiet %{nfsnobody_uid} 2>/dev/null
@ -306,37 +296,19 @@ if [ $1 -eq 1 ] ; then
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || : /bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
/bin/systemctl start nfs-client.target >/dev/null 2>&1 || : /bin/systemctl start nfs-client.target >/dev/null 2>&1 || :
fi fi
%systemd_post nfs-server %systemd_post nfs-server
%post -n nfsv4-client-utils
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
/bin/systemctl start nfs-client.target >/dev/null 2>&1 || :
fi
%preun %preun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
%systemd_preun nfs-client.target %systemd_preun nfs-client.target
%systemd_preun nfs-server.service %systemd_preun nfs-server.server
fi
%preun -n nfsv4-client-utils
if [ $1 -eq 0 ]; then
%systemd_preun nfs-client.target
rm -rf /etc/nfsmount.conf.d
rm -rf /var/lib/nfs/v4recovery
fi fi
%postun %postun
%systemd_postun_with_restart nfs-client.target %systemd_postun_with_restart nfs-client.target
%systemd_postun_with_restart nfs-server %systemd_postun_with_restart nfs-server
%postun -n nfsv4-client-utils
%systemd_postun_with_restart nfs-client.target
/bin/systemctl --system daemon-reload >/dev/null 2>&1 || : /bin/systemctl --system daemon-reload >/dev/null 2>&1 || :
if [ $1 -eq 0 ] ; then if [ $1 -eq 0 ] ; then
@ -347,9 +319,6 @@ fi
%triggerin -- nfs-utils > 1:2.1.1-3 %triggerin -- nfs-utils > 1:2.1.1-3
/bin/systemctl try-restart gssproxy || : /bin/systemctl try-restart gssproxy || :
%triggerun -- nfs-utils < 1:2.5.4-3
/bin/systemctl disable nfs-convert >/dev/null 2>&1 || :
%files %files
%config(noreplace) /etc/nfsmount.conf %config(noreplace) /etc/nfsmount.conf
%dir %{_sysconfdir}/exports.d %dir %{_sysconfdir}/exports.d
@ -360,13 +329,13 @@ fi
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd %dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm %dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm.bak %dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm.bak
%ghost %attr(644,rpcuser,rpcuser) %{_statdpath}/state %ghost %attr(644,root,root) %{_statdpath}/state
%config(noreplace) %{_sharedstatedir}/nfs/etab %config(noreplace) %{_sharedstatedir}/nfs/etab
%config(noreplace) %{_sharedstatedir}/nfs/rmtab %config(noreplace) %{_sharedstatedir}/nfs/rmtab
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf %config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
%config(noreplace) %{_sysconfdir}/modprobe.d/lockd.conf %config(noreplace) %{_sysconfdir}/modprobe.d/lockd.conf
%config(noreplace) %{_sysconfdir}/nfs.conf %config(noreplace) %{_sysconfdir}/nfs.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gssproxy/24-nfs-server.conf %attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/24-nfs-server.conf
%doc linux-nfs/ChangeLog linux-nfs/KNOWNBUGS linux-nfs/NEW linux-nfs/README %doc linux-nfs/ChangeLog linux-nfs/KNOWNBUGS linux-nfs/NEW linux-nfs/README
%doc linux-nfs/THANKS linux-nfs/TODO %doc linux-nfs/THANKS linux-nfs/TODO
/sbin/rpc.statd /sbin/rpc.statd
@ -374,7 +343,6 @@ fi
%{_sbindir}/exportfs %{_sbindir}/exportfs
%{_sbindir}/nfsstat %{_sbindir}/nfsstat
%{_sbindir}/rpcdebug %{_sbindir}/rpcdebug
%{_sbindir}/rpcctl
%{_sbindir}/rpc.mountd %{_sbindir}/rpc.mountd
%{_sbindir}/rpc.nfsd %{_sbindir}/rpc.nfsd
%{_sbindir}/showmount %{_sbindir}/showmount
@ -388,15 +356,18 @@ fi
%{_sbindir}/blkmapd %{_sbindir}/blkmapd
%{_sbindir}/nfsconf %{_sbindir}/nfsconf
%{_sbindir}/nfsref %{_sbindir}/nfsref
%{_sbindir}/nfsdcld %{_sbindir}/nfsconvert
%{_sbindir}/nfsdclddb %{_sbindir}/nfsdclddb
%{_sbindir}/nfsdcld
%{_sbindir}/nfsdclnts %{_sbindir}/nfsdclnts
%{_sbindir}/rpcctl
%{_libexecdir}/nfsrahead %{_libexecdir}/nfsrahead
%{_udevrulesdir}/99-nfs.rules %{_udevrulesdir}/99-nfs.rules
%{_mandir}/*/* %{_mandir}/*/*
%{_pkgdir}/*/* %{_pkgdir}/*/*
%attr(4755,root,root) /sbin/mount.nfs %attr(4755,root,root) /sbin/mount.nfs
%attr(755,root,root) %{_libexecdir}/nfs-utils/nfsconvert.sh
/sbin/mount.nfs4 /sbin/mount.nfs4
/sbin/umount.nfs /sbin/umount.nfs
@ -407,7 +378,6 @@ fi
%config(noreplace) %{_sysconfdir}/idmapd.conf %config(noreplace) %{_sysconfdir}/idmapd.conf
%{_libdir}/libnfsidmap.so.* %{_libdir}/libnfsidmap.so.*
%{_libdir}/libnfsidmap/*.so %{_libdir}/libnfsidmap/*.so
%{_mandir}/man3/nfs4_uid_to_name.*
%files -n libnfsidmap-devel %files -n libnfsidmap-devel
%{_libdir}/pkgconfig/libnfsidmap.pc %{_libdir}/pkgconfig/libnfsidmap.pc
@ -415,375 +385,222 @@ fi
%{_includedir}/nfsidmap_plugin.h %{_includedir}/nfsidmap_plugin.h
%{_libdir}/libnfsidmap.so %{_libdir}/libnfsidmap.so
%files -n nfs-utils-coreos
%dir %attr(555, root, root) %{_sharedstatedir}/nfs/rpc_pipefs
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm
%dir %attr(700,rpcuser,rpcuser) %{_sharedstatedir}/nfs/statd/sm.bak
%ghost %attr(644,rpcuser,rpcuser) %{_statdpath}/state
%config(noreplace) %{_sysconfdir}/nfsmount.conf
%config(noreplace) %{_sysconfdir}/nfs.conf
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
%{_sbindir}/nfsidmap
%{_sbindir}/nfsstat
%{_sbindir}/rpc.gssd
%{_sbindir}/start-statd
%{_sbindir}/showmount
%{_libexecdir}/nfsrahead
%{_udevrulesdir}/99-nfs.rules
%attr(4755,root,root) /sbin/mount.nfs
/sbin/mount.nfs4
/sbin/rpc.statd
/sbin/umount.nfs
/sbin/umount.nfs4
%{_mandir}/*/nfs.5.gz
%{_mandir}/*/nfs.conf.5.gz
%{_mandir}/*/nfsmount.conf.5.gz
%{_mandir}/*/nfs.systemd.7.gz
%{_mandir}/*/gssd.8.gz
%{_mandir}/*/mount.nfs.8.gz
%{_mandir}/*/nfsconf.8.gz
%{_mandir}/*/nfsidmap.8.gz
%{_mandir}/*/nfsstat.8.gz
%{_mandir}/*/rpc.gssd.8.gz
%{_mandir}/*/rpc.statd.8.gz
%{_mandir}/*/showmount.8.gz
%{_mandir}/*/statd.8.gz
%{_mandir}/*/umount.nfs.8.gz
%{_mandir}/*/nfsrahead.5.gz
%{_pkgdir}/*/rpc-pipefs-generator
%{_pkgdir}/*/auth-rpcgss-module.service
%{_pkgdir}/*/nfs-client.target
%{_pkgdir}/*/rpc-gssd.service
%{_pkgdir}/*/rpc-statd.service
%{_pkgdir}/*/rpc_pipefs.target
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
%files -n nfsv4-client-utils
%config(noreplace) /etc/nfsmount.conf
%dir %{_sharedstatedir}/nfs/v4recovery
%dir %attr(555, root, root) %{_sharedstatedir}/nfs/rpc_pipefs
%dir %{_libexecdir}/nfs-utils
%config(noreplace) %{_sysconfdir}/request-key.d/id_resolver.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gssproxy/24-nfs-server.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/nfsmount.conf.d/10-nfsv4.conf
%{_sbindir}/rpc.gssd
%{_sbindir}/rpcctl
%{_sbindir}/nfsidmap
%{_sbindir}/nfsstat
%{_libexecdir}/nfsrahead
%{_udevrulesdir}/99-nfs.rules
%attr(4755,root,root) /sbin/mount.nfs
/sbin/mount.nfs4
/sbin/umount.nfs
/sbin/umount.nfs4
%{_mandir}/*/nfs.5.gz
%{_mandir}/*/nfs.conf.5.gz
%{_mandir}/*/nfsmount.conf.5.gz
%{_mandir}/*/nfsrahead.5.gz
%{_mandir}/*/gssd.8.gz
%{_mandir}/*/mount.nfs.8.gz
%{_mandir}/*/nfsconf.8.gz
%{_mandir}/*/nfsidmap.8.gz
%{_mandir}/*/rpc.gssd.8.gz
%{_mandir}/*/mount.nfs.8.gz
%{_mandir}/*/umount.nfs.8.gz
%{_mandir}/*/nfsidmap.8.gz
%{_mandir}/*/nfsstat.8.gz
%{_mandir}/*/rpcctl.8.gz
%{_pkgdir}/*/rpc-pipefs-generator
%{_pkgdir}/*/auth-rpcgss-module.service
%{_pkgdir}/*/nfs-client.target
%{_pkgdir}/*/rpc-gssd.service
%{_pkgdir}/*/rpc_pipefs.target
%{_pkgdir}/*/var-lib-nfs-rpc_pipefs.mount
%files -n nfs-stats-utils
%{_sbindir}/mountstats
%{_sbindir}/nfsiostat
%{_mandir}/*/mountstats.8.gz
%{_mandir}/*/nfsiostat.8.gz
%changelog %changelog
* Fri Aug 9 2024 Steve Dickson <steved@redhat.com> 2.5.4-27 * Thu Jan 12 2023 Steve Dickson <steved@redhat.com> 2.3.3-59
- rpc-gssd.service has status failed (due to rpc.gssd segfault) (RHEL-43286) - Covscan Scan: Wrong Check of Return Value (bz 2151966)
- Covscan Scan: Clang (experimental) (bz 2151971)
* Tue Apr 30 2024 Steve Dickson <steved@redhat.com> 2.5.4-26 * Mon Sep 26 2022 Steve Dickson <steved@redhat.com> 2.3.3-58
- gssd: add support for an "allowed-enctypes" option in nfs.conf (RHEL-31858) - mountd: Check 'nfsd/clients' directory presence (bz 2123073)
* Sun Feb 18 2024 Steve Dickson <steved@redhat.com> 2.5.4-25 * Tue Aug 2 2022 Steve Dickson <steved@redhat.com> 2.3.3-57
- Update: Typos and documentation fixes (RHEL-22654) - rpc-statd.service: Stop rpcbind and rpc.stat in an exit race (bz 2100395)
* Fri Feb 16 2024 Pavel Reichl <preichl@redhat.com> - 2.5.4-24 * Thu Jun 30 2022 Steve Dickson <steved@redhat.com> 2.3.3-56
- Fix gating (RHEL-25837) - rpcctl: 'PosixPath' object has no attribute 'readlink' (bz 2087187)
* Tue Feb 6 2024 Steve Dickson <steved@redhat.com> 2.5.4-23 * Mon Jun 27 2022 Steve Dickson <steved@redhat.com> 2.3.3-55
- Typos and documentation fixes (RHEL-22654) - rpcctl: Remove subparser required option as that was added in py3.7 (bz 2087187)
- blkmapd: fix coredump in bl_add_disk (RHEL-7941)
- rpcdebug: avoid buffer underflow (RHEL-7931)
* Thu Feb 1 2024 Steve Dickson <steved@redhat.com> 2.5.4-22 * Tue Jun 14 2022 Steve Dickson <steved@redhat.com> 2.3.3-54
- nfsmount.conf: Fix typo of the attribute name (RHEL-7904) - Create the nfsrahead command (bz 1946283)
- Update to support for the NFS RPC-with-TLS (RHEL-14754)
* Thu Jan 11 2024 Steve Dickson <steved@redhat.com> 2.5.4-21 * Tue May 31 2022 Steve Dickson <steved@redhat.com> 2.3.3-53
- gssd: fix handling DNS lookup failure (RHEL-15035) - rpcctl: Add a rpcctl.py tool (bz 2087187)
- gssd: handle KRB5_AP_ERR_BAD_INTEGRITY errors (RHEL-15034)
* Mon Aug 7 2023 Steve Dickson <steved@redhat.com> 2.5.4-20 * Tue May 24 2022 Steve Dickson <steved@redhat.com> 2.3.3-52
- Fixed a regression in the junction code (bz 2213669) - manpage: Add a description of the softreval/nosoftreval (bz 2073476)
* Tue Jun 6 2023 Steve Dickson <steved@redhat.com> 2.5.4-19 * Mon Mar 7 2022 Steve Dickson <steved@redhat.com> 2.3.3-51
- Don't allow junction tests to trigger automounts (bz 2148353) - libnfsidmap: Turn off default verbosity (bz 2057612)
- Fix typo in man page nfs.conf.man (bz 2203092)
* Thu Jan 26 2023 Steve Dickson <steved@redhat.com> 2.5.4-18 * Sat Feb 19 2022 Steve Dickson <steved@redhat.com> 2.3.3-50
- Covscan Scan: Wrong Check of Return Value (bz 2151968) - mount.nfs: Fix Typo auto negotiating code. (bz 1946346)
* Thu Dec 1 2022 Steve Dickson <steved@redhat.com> 2.5.4-17 * Mon Feb 14 2022 Steve Dickson <steved@redhat.com> 2.3.3-49
- Create the nfsrahead command (bz 2143747) - mount.nfs Fix error reporting for already mounted shares (bz 1946346)
* Mon Nov 14 2022 Steve Dickson <steved@redhat.com> 2.5.4-16 * Thu Nov 4 2021 Steve Dickson <steved@redhat.com> 2.3.3-48
- nfsd.man: Explain that setting nfsv4=n turns off all v4 versions (bz 2042362) - gssd: fix crash in debug message (bz 1988283)
- mount.nfs: fix NULL pointer derefernce in nfs_parse_square_bracket (bz 2136807)
* Thu Aug 18 2022 Steve Dickson <steved@redhat.com> 2.5.4-15 * Tue Nov 2 2021 Steve Dickson <steved@redhat.com> 2.3.3-47
- Fix uninstall warnings (bz 2048023) - Enable logging for NFSv4 mount requests (bz 2004151)
- rpc-statd.service: Stop rpcbind and rpc.stat in an exit race (bz 2112941)
* Mon Aug 1 2022 Steve Dickson <steved@redhat.com> 2.5.4-14 * Wed Jul 28 2021 Steve Dickson <steved@redhat.com> 2.3.3-46
- Fix the typo of dependency tag "Provides: rpcclt" (bz 2104406) - mount.nfs: Fix the sloppy option processing (bz 1967883)
* Thu Jul 28 2022 Steve Dickson <steved@redhat.com> 2.5.4-13 * Thu Jul 22 2021 Steve Dickson <steved@redhat.com> 2.3.3-45
- mount.nfs: Fix Typo auto negotiating code. (bz 2054300) - gssd: use mutex to protect decrement of refcount (bz 1511706)
* Fri Jul 22 2022 Steve Dickson <steved@redhat.com> 2.5.4-12 * Mon Jul 19 2021 Steve Dickson <steved@redhat.com> 2.3.3-44
- idmapd: Fix error status when nfs-idmapd exits (bz 2001764) - gssd: Deal with failed thread creation (bz 1981400)
- mount.nfs Fix error reporting for already mounted shares (bz 2054300) - gssd: Add timeout for upcall threads (bz 1981403)
- rpcctl - fix failure when setting xprt offline and online (bz 2081934) - gssd: Cleaned up debug messages (bz 1961056)
- rpc-pipefs-generator: allocate enough space (bz 2109420) - spec: Updated description of the nfs-utils rpm (bz 1981419)
* Sat Jul 16 2022 Steve Dickson <steved@redhat.com> 2.5.4-11 * Sat Jul 10 2021 Steve Dickson <steved@redhat.com> 2.3.3-43
- nfs.man: adding new mount option max_connect (bz 2106848) - mount.nfs: insert 'sloppy' at beginning of the options (bz 1967883)
- systemd: Fix format-overflow warning (bz 2106896)
* Mon Feb 28 2022 Steve Dickson <steved@redhat.com> 2.5.4-10 * Mon May 10 2021 Steve Dickson <steved@redhat.com> 2.3.3-42
- Added the rpcctl command (bz 2059245) - gssd: Add options to allow for the use of ~/.k5identity file (bz 1868087)
- man: Correct gssd(8) description of rpc-timeout and context-timeout (bz 1908232)
- exportfs: fix unexporting of '/' (bz 1944119)
* Sat Jan 22 2022 Steve Dickson <steved@redhat.com> 2.5.4-9 * Wed Jan 20 2021 Steve Dickson <steved@redhat.com> 2.3.3-41
- manpage: remove the no longer supported value "vers2" (bz 1966643) - mountd: never root squash on the pseudofs (bz 1804912)
* Thu Jan 13 2022 Steve Dickson <steved@redhat.com> 2.5.4-8 * Mon Dec 14 2020 Steve Dickson <steved@redhat.com> 2.3.3-40
- Added the tests directory for the gatings tests (bz 1996211) - gssd: upstream multithreaded updates (bz 1906792)
* Tue Jan 11 2022 Steve Dickson <steved@redhat.com> 2.5.4-7 * Fri Dec 11 2020 Steve Dickson <steved@redhat.com> 2.3.3-39
- Added a gating.yaml file (bz 1996211) - systemd: Ingnore export failures in nfs-server.serivce unit (bz 1894873)
- gssd: fix crash in debug message. (bz 1999476) - exports.man: Remove some outdated verbiage (bz 1769688)
* Mon Jan 10 2022 Steve Dickson <steved@redhat.com> 2.5.4-6 * Thu Dec 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-38
- Update tools to reflect removal of NFS v2 support (bz 1966643) - exports man page: warn about subdirectory exports (bz 1652437)
- Don't modify /etc/group on upgrades (bz 1856881)
- nfs-iostat: divide by zero with fresh mount (bz 1861823)
- nfsiostat: Drop autofs entries before calling compare_iostats() (bz 1859130)
- nfsdclddb: clddb-tool was recently renamed to nfsdclddb (bz 1893599)
* Thu Aug 26 2021 Alice Mitchell <ajmitchell@redhat.com> 2.5.4-5 * Thu Dec 10 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-37
- triggerun doesn't work correctly unless the epoch is given (bz 1937811) - Remove manual enabling of nfs-convert (bz 1683895)
- Restored the nfs-utils-2.5.4-mount-sloppy.patch (bz 1987070)
- General memory fixes (bz 1938822)
* Tue Aug 24 2021 Alice Mitchell <ajmitchell@redhat.com> 2.5.4-4 * Fri Oct 9 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-36
- explicitly disable any previous nfs-convert (bz 1937811) - Fix uninstall warnings (bz 1733170)
* Fri Aug 20 2021 Steve Dickson <steved@redhat.com> 2.5.4-3 * Wed Jun 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-35
- mount.nfs: insert 'sloppy' at beginning of the options (bz 1987070) - Fix dependency problems with nfsdclnts (bz 1841502)
- spec: Fix dependency problems with nfsdclnts (bz 1924708)
- nfsdcltrack: Fix printf format (bz 1995316)
* Mon Aug 16 2021 Steve Dickson <steved@redhat.com> 2.5.4-2 * Tue Jun 9 2020 Steve Dickson <steved@redhat.com> 2.3.3-34
- Remove nfsconvert command (bz 1937811) - New nfsdclnts command added (bz 1841502)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.5.4-1 * Mon May 18 2020 Steve Dickson <steved@redhat.com> 2.3.3-33
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - manpage: Add a description of the 'nconnect' mount option (bz 1761352)
Related: rhbz#1991688 - nfsdclddb: Redname clddb-tool to nfsdclddb (bz 1836924)
* Thu Jun 24 2021 Steve Dickson <steved@redhat.com> 2.5.4-0 * Wed May 6 2020 Steve Dickson <steved@redhat.com> 2.3.3-32
- Rebased to upstream release: nfs-utils-2-5-4 (bz 1971684) - junction: Fixed debug statement (bz 1831829)
- Userspace support for the latest nfsdcld daemon (bz 1817756)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.5.3-2.rc1.1 * Fri Mar 6 2020 Steve Dickson <steved@redhat.com> 2.3.3-31
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - gssd: Closed a memory leak in find_keytab_entry() (bz 1809277)
* Tue Mar 16 2021 Steve Dickson <steved@redhat.com> 2.5.3-3.rc1 * Fri Feb 7 2020 Steve Dickson <steved@redhat.com> 2.3.3-30
- Enable NFS server RDMA by default (bz 1931565) - Removed dead code that was flagged by a covscan (bz 1746572)
* Mon Mar 15 2021 Steve Dickson <steved@redhat.com> 2.5.3-2.rc1 * Thu Jan 16 2020 Steve Dickson <steved@redhat.com> 2.3.3-29
- Updated to the latest RC release: nfs-utils-2-5-4-rc1 (bz 1939257) - statd: Fix permission denied error path (bz 1776096)
* Sat Mar 13 2021 Steve Dickson <steved@redhat.com> 2.5.3-1 * Tue Nov 26 2019 Steve Dickson <steved@redhat.com> 2.3.3-28
- Created a V4 only client package - gssd: daemonize earlier (bz 1762847)
- Broke out the stat cmds using python into a separate package
* Sun Feb 21 2021 Steve Dickson <steved@redhat.com> 2.5.3-0 * Mon Nov 11 2019 Steve Dickson <steved@redhat.com> 2.3.3-27
- Updated to latest upstream release: nfs-utils-2-5-3 (bz 1931101) - More coverity scans updates (bz 1746572)
- nfsd: Adjust nfs.conf setting/parsing of rdma port (bz 1710532)
- Add plain --rdma option to nfs.conf convertor (bz 1747295)
- mountstats: Add per-op error counts to iostat command (bz 1719983)
- gssd: add configure options verbosity to man page (bz 1749642)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5.2-1.rc4.1 * Wed Sep 18 2019 Steve Dickson <steved@redhat.com> 2.3.3-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Updated coverity scans patch to not do a double free (bz 1752326)
* Thu Jan 7 2021 Steve Dickson <steved@redhat.com> 2.5.2-1.rc4 * Mon Aug 19 2019 Steve Dickson <steved@redhat.com> 2.3.3-25
- Updated to the latest RC release: nfs-utils-2-5-3-rc4 (bz 1913830) - Change the owner/group of the state file (bz 1733445)
* Thu Dec 17 2020 Steve Dickson <steved@redhat.com> 2.5.2-1.rc3 * Mon Aug 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-24
- Updated to the latest RC release: nfs-utils-2-5-3-rc3 (bz 1906841) - nfs.man: Fixed small typo in man page (bz 1732877)
- mount: Report correct error in the fall_back cases (bz 1709963)
- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1712202)
- spec: Remove redundant manpage files (bz 1718738)
* Tue Nov 10 2020 Steve Dickson <steved@redhat.com> 2.5.2-1.rc1 * Wed Jul 31 2019 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-23
- Updated to the latest RC release: nfs-utils-2-5-3-rc1 (bz 1896543) - Fix memory leak on error (bz 1440524)
- Fix error handling on lseek (bz 1733887)
* Mon Oct 26 2020 Steve Dickson <steved@redhat.com> 2.5.2-0 * Thu Jul 18 2019 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-22
- Updated to latest upstream release: nfs-utils-2-5-2 (bz 1880563) - Revert the forced chmod of nfs.conf as unneccessary (bz 1687496)
* Tue Sep 15 2020 Steve Dickson <steved@redhat.com> 2.5.2-5.rc4 * Mon Jul 15 2019 Steve Dickson <steved@redhat.com> 2.3.3-21
- Rebuild for the soname change on libevent - Gating tests: run tests from tests namespace (bz 1653927)
* Tue Sep 08 2020 Steve Dickson <steved@redhat.com> 2.5.2-4.rc4 * Tue Jul 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-20
- rpc.idmapd: Do not free config variables (bz 1873965) - Gating tests: Fix _env data and source it in every test run (bz 1653927)
- nfsiostat: Drop autofs entries before calling compare_iostats()
* Mon Aug 31 2020 Steve Dickson <steved@redhat.com> 2.5.2-3.rc4 * Fri May 3 2019 Steve Dickson <steved@redhat.com> 2.3.3-19
- Fixed rpc.gssd: munmap_chunk(): invalid pointer - Removed resource leaks found by coverity scans (bz 1602633)
* Mon Aug 31 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc4 * Thu Apr 25 2019 Steve Dickson <steved@redhat.com> 2.3.3-18
- Updated to the latest RC release: nfs-utils-2-5-2-rc4 - Modify nfs.conf in-place instead of replacing the file (bz 1687496)
* Fri Aug 07 2020 Steve Dickson <steved@redhat.com> 2.5.2-2.rc3 * Tue Mar 19 2019 Steve Dickson <steved@redhat.com> 2.3.3-17
- rpc.idmapd: Turn down the verbosity in flush_inotify() (bz 1867172) - Moved the gating tests out of a patch and into the top dir (bz 1653927)
- Don't modify /etc/group on upgrades (bz 1856890) - Move the mode corrections on /etc/nfs.conf to nfsconvert.py (bz 1655880)
- gssd: add verbosity options to the rpc.gssd man page (bz 1668026)
* Tue Aug 04 2020 Steve Dickson <steved@redhat.com> 2.5.1-1.rc3 * Fri Mar 8 2019 Steve Dickson <steved@redhat.com> 2.3.3-16
- Updated to the latest RC release: nfs-utils-2-5-2-rc3 (bz 1856958) - Add a conversion for new sm-notify force option in nfs.conf (bz 1677576)
- Correct the modes on /etc/nfs.conf after a conversion (bz 1655880)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5.1-1 * Tue Mar 5 2019 Steve Dickson <steved@redhat.com> 2.3.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - nfs.conf: Fixed manage-gids option typo (bz 1672395)
- sm-notify: Added -f flag to nfs.conf parsing (bz 1677576)
- Add nfs.conf equivalent for the statd --no-notify cmdline option (bz 1683714)
* Mon Jul 13 2020 Steve Dickson <steved@redhat.com> 2.5.1-0 * Wed Feb 13 2019 Steve Dickson <steved@redhat.com> 2.3.3-14
- Updated to latest upstream release: nfs-utils-2-5-1 - Fix typo in checking for the 65534 uid/gid (bz 1655960)
* Tue Apr 07 2020 Steve Dickson <steved@redhat.com> 2.4.3-1.rc2 * Tue Feb 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-13
- Updated to the latest RC release: nfs-utils-2-4-4-rc2 (bz 1807999) - Always have the nfs-convert service enabled (bz 1673685)
* Tue Mar 03 2020 Steve Dickson <steved@redhat.com> 2.4.3-1.rc1 * Sat Feb 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-12
- Updated to the latest RC release: nfs-utils-2-4-4-rc1 (bz 1807999) - Change nfsconvert.sh not to set the immutable bit (bz 1673685)
- Change nfsconvert.py not to create the new dummy /etc/sysconfig/nfs (bz 1673685)
* Mon Feb 10 2020 Steve Dickson <steved@redhat.com> 2.4.3-0 * Sat Feb 9 2019 Steve Dickson <steved@redhat.com> 2.3.3-11
- Updated to latest upstream release: nfs-utils-2-4-3 (bz 1787831) - Do not install /etc/sysconfig/nfs (bz 1673685)
- Fix error in preuninstall scriptlet (bz 1785816)
- Fix update conflicts (bz 1724305)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.4.2-3.rc3.1 * Fri Jan 25 2019 Steve Dickson <steved@redhat.com> 2.3.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Only create nfsnobody when uid 65534 does not exist (bz 1655960)
* Thu Dec 19 2019 Steve Dickson <steved@redhat.com> 2.4.2-3.rc3 * Wed Jan 23 2019 Steve Dickson <steved@redhat.com> 2.3.3-9
- Updated to the latest upstream RC release: nfs-utils-2-4-3-rc3 (bz 1782349) - Critical component nfs-utils requires tests for gating (bz 1653927)
- Remove rpc-svcgssd from auth-rpcgss-module (bz 1662737)
- libnfsidmap: Turn off default verbosity (bz 1774787)
* Fri Nov 22 2019 Steve Dickson <steved@redhat.com> 2.4.2-2.rc2 * Wed Dec 12 2018 Steve Dickson <steved@redhat.com> 2.3.3-8
- mount: Fix return 0 from void function - Update junction code with latest upstream code (1543126)
- Make sure /etc/sysconfig/nfs is immutabl (1639432)
* Fri Nov 22 2019 Steve Dickson <steved@redhat.com> 2.4.2-1.rc2 * Tue Nov 6 2018 Steve Dickson <steved@redhat.com> 2.3.3-7
- Updated to the latest upstream RC release: nfs-utils-2-4-3-rc2 (bz 1772987) - Use systemd scripts to convert NFS configurations (bz 1646626)
* Wed Nov 13 2019 Steve Dickson <steved@redhat.com> 2.4.2-0 * Fri Oct 26 2018 Steve Dickson <steved@redhat.com> 2.3.3-6
- Updated to the latest upstream release: 2.4.2 (bz 1772987) - Changed /var/lib/nfs/rpc_pipefs to have 555 permissions (bz 1583489)
- Removed tcp wrappers support from man pages (bz 1642596)
- Reload not restart gssproxy in nfs-server.service (bz 1592660)
* Tue Nov 05 2019 Christian Glombek <lorbus@fedoraproject.org> 2.4.1-1.rc1 * Thu Oct 25 2018 Steve Dickson <steved@redhat.com> 2.3.3-5
- Added missing Requires and statd dirs to nfs-utils-coreos package (bz 1768897) - mount.nfs: Add braces around EBUSY code (bz 1629644)
* Thu Aug 29 2019 Steve Dickson <steved@redhat.com> 2.4.1-1.rc1 * Mon Oct 22 2018 Steve Dickson <steved@redhat.com> 2.3.3-4
- Updated to the latest upstream RC release: nfs-utils-2-4-2-rc1 - Deprecated /etc/sysconfig/nfs (bz 1639432)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.4.1-1 * Sat Oct 20 2018 Steve Dickson <steved@redhat.com> 2.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Ensure /var/lib/nfs/rpc_pipefs has the correct permissions (bz 1583489)
- mount.nfs: Only ignore EBUSY when a filesystem is already mount (bz 1629644)
* Mon Jun 24 2019 Steve Dickson <steved@redhat.com> 2.4.1-0 * Fri Oct 19 2018 Steve Dickson <steved@redhat.com> 2.3.3-2
- Updated to the latest upstream release: 2.4.1 (bz 1719016) - Enable NFS basic junction support (bz 1543126)
- Removed osd_login (bz 1636434)
* Tue May 28 2019 Steve Dickson <steved@redhat.com> 2.3.4-2 * Fri Oct 5 2018 Steve Dickson <steved@redhat.com> 2.3.3-1
- rpc.mountd: Fix mountd segfault (bz 1713937) - nfs.conf: fail to disable major NFS version 4 using "vers4=n" (bz 1624319)
* Thu May 23 2019 Steve Dickson <steved@redhat.com> 2.3.4-1 * Thu Sep 13 2018 Steve Dickson <steved@redhat.com> 2.3.3-0
- mount: Report correct error in the fall_back cases (bz 1709961) - Updated to the latest upstream release: nfs-utils-2-3-3 (bz 1543126)
- sqlite.c: Use PRIx64 macro to print 64-bit integers
- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1713360)
* Fri May 10 2019 Steve Dickson <steved@redhat.com> 2.3.4-0 * Fri Sep 7 2018 Steve Dickson <steved@redhat.com> 2.3.1-8.rc1
- Updated to the latest upstream release: 2.3.4 (bz 1708690) - Ensure /var/lib/nfs/rpc_pipefs has the correct permissions (bz 1583489)
- Remove rpc.svcgssd from systemd scripts (bz 1591700)
* Wed Feb 20 2019 Steve Dickson <steved@redhat.com> 2.3.3-7.rc2
- Added nfs-utils-coreos package (bz 1667889)
* Tue Feb 12 2019 Steve Dickson <steved@redhat.com> 2.3.3-6.rc2
- Always have the nfs-convert service enabled (bz 1668836)
* Mon Feb 11 2019 Steve Dickson <steved@redhat.com> 2.3.3-5.rc2
- Do not install /etc/sysconfig/nfs (bz 1668836)
- Change nfsconvert.sh not to set the immutable bit (bz 1668836)
- Change nfsconvert.py not to create the new dummy /etc/sysconfig/nfs (bz 1668836)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.3-4.rc2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 30 2019 Steve Dickson <steved@redhat.com> 2.3.3-4.rc2
- Make sysconfig/nfs mutable when the package is removed
- Removed new error=format-overflow=2 errors
* Tue Dec 11 2018 Steve Dickson <steved@redhat.com> 2.3.3-3.rc2
- Updated to latest RC release: nfs-utils-2-3-4-rc2
- Addeding libxml2-devel dependency
- Make sure /etc/sysconfig/nfs is immutable
- Added Requires: e2fsprogs (bz 1647727)
- nfsref: switch the way libraries are linked
* Fri Nov 9 2018 Steve Dickson <steved@redhat.com> 2.3.3-3.rc1
- Fix typo in the spec file.
* Mon Nov 5 2018 Steve Dickson <steved@redhat.com> 2.3.3-2.rc1
- Deprecated /etc/sysconfig/nfs (bz 1644049)
- Remove nfs server legacy systemd unit files
* Sat Oct 27 2018 Steve Dickson <steved@redhat.com> 2.3.3-1.rc1
- Changed /var/lib/nfs/rpc_pipefs to have 555 permissions
- Removed tcp wrappers support from man pages
- Reload not restart gssproxy in nfs-server.service
* Sat Oct 27 2018 Steve Dickson <steved@redhat.com> 2.3.3-0.rc1
- Updated to latest uupstream RC release: nfs-utils-2-3-4-rc1
* Thu Sep 6 2018 Steve Dickson <steved@redhat.com> 2.3.3-0
- Updated to latest upstream release: nfs-utils-2-3-3
* Wed Jul 18 2018 Steve Dickson <steved@redhat.com> 2.3.2-1.rc3
- Update to latest RC release: nfs-utils-2-3-3-rc3 (bz 1595927)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2-1.rc2.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:2.3.2-1.rc2.1
- Rebuilt for Python 3.7
* Wed Jun 27 2018 Steve Dickson <steved@redhat.com> 2.3.2-1-rc2
- Revert: gssd.c: Remomved a couple of warning errors
* Mon Jun 25 2018 Steve Dickson <steved@redhat.com> 2.3.2-0-rc2
- Update to latest RC release: nfs-utils-2-3-3-rc2
* Tue Jun 19 2018 Miro Hronok <mhroncok@redhat.com> - 1:2.3.2-0.rc1.1
- Rebuilt for Python 3.7
* Thu Jun 7 2018 Steve Dickson <steved@redhat.com> 2.3.2-0-rc1
- Update to latest RC release: nfs-utils-2-3-3-rc1
* Thu May 24 2018 Steve Dickson <steved@redhat.com> 2.3.2-0
- Updated to latest upstream release: 2.3.2 (bz 1582341)
* Tue May 15 2018 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> 2.3.1-9.rc1
- Only try to create nfsnobody if the uid/gid are not found (bz 1488897)
- Turn off the building of rpcgen
* Thu May 3 2018 Steve Dickson <steved@redhat.com> 2.3.1-8.rc1 * Thu May 3 2018 Steve Dickson <steved@redhat.com> 2.3.1-8.rc1
- nfsd: Set default minor versions (bz 1570066) - nfsd: Set default minor versions (bz 1570066)