a69f6aeb19841f5a95c3eb4f4e5fe5ca0db247f4 blkmapd: remove pretty_sig() diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c index 652a7a8..5fe3dff 100644 --- a/utils/blkmapd/device-process.c +++ b/utils/blkmapd/device-process.c @@ -49,28 +49,6 @@ #include "device-discovery.h" -static char *pretty_sig(char *sig, uint32_t siglen) -{ - static char rs[100]; - uint64_t sigval; - unsigned int i; - - if (siglen <= sizeof(sigval)) { - sigval = 0; - for (i = 0; i < siglen; i++) - sigval |= ((unsigned char *)sig)[i] << (i * 8); - sprintf(rs, "0x%0llx", (unsigned long long) sigval); - } else { - if (siglen > sizeof rs - 4) { - siglen = sizeof rs - 4; - sprintf(&rs[siglen], "..."); - } else - rs[siglen] = '\0'; - memcpy(rs, sig, siglen); - } - return rs; -} - uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) { uint32_t *q = p + ((nbytes + 3) >> 2); @@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end, * for mapping, then thrown away. */ comp->bs_string = (char *)p; - BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", - __func__, i, siglen, - pretty_sig(comp->bs_string, siglen)); p += ((siglen + 3) >> 2); } *pp = p; @@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp) } ret = memcmp(sig, comp->bs_string, siglen); - if (!ret) - BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, - pretty_sig(sig, siglen), - (long long)comp->bs_offset); out: if (sig) d4d392087f8ee049ed8f476e5ae780cbc0d0012a osd_login - ensure /sbin is created before installation. diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am index adc493a..20c2d8c 100644 --- a/utils/osd_login/Makefile.am +++ b/utils/osd_login/Makefile.am @@ -1,12 +1,9 @@ ## Process this file with automake to produce Makefile.in -OSD_LOGIN_FILES= osd_login +# These binaries go in /sbin (not /usr/sbin), and that cannot be +# overridden at config time. +sbindir = /sbin -EXTRA_DIST= $(OSD_LOGIN_FILES) - -all-local: $(OSD_LOGIN_FILES) - -install-data-hook: - $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login +sbin_SCRIPTS = osd_login MAINTAINERCLEANFILES = Makefile.in 646be42c84305d02dea06113cc9e6c9a7ab94f8a Makefile.am: Corrected a misspelling of overridden diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am index 7627854..5810936 100644 --- a/utils/mount/Makefile.am +++ b/utils/mount/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in # These binaries go in /sbin (not /usr/sbin), and that cannot be -# overriden at config time. +# overridden at config time. sbindir = /sbin man8_MANS = mount.nfs.man umount.nfs.man 7e9c0f760397d7e8fa78bdeefffc14eb8269925b autoconf: make the test for prctl have an effect diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 index 68a624c..f8a0ed1 100644 --- a/aclocal/libcap.m4 +++ b/aclocal/libcap.m4 @@ -3,7 +3,7 @@ dnl AC_DEFUN([AC_LIBCAP], [ dnl look for prctl - AC_CHECK_FUNC([prctl], , ) + AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) AC_ARG_ENABLE([caps], [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) ddb095f82becc94c8e3a2429cc755dee5d1808c9 build: avoid AM_CONDITIONAL in conditional execution. diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4 index 73d1e46..8c38993 100644 --- a/aclocal/libsqlite3.m4 +++ b/aclocal/libsqlite3.m4 @@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ LIBS="$saved_LIBS"]) AC_MSG_RESULT($libsqlite3_cv_is_recent) - AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) ])dnl diff --git a/configure.ac b/configure.ac index 9ba53e2..b408f1b 100644 --- a/configure.ac +++ b/configure.ac @@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then fi fi - AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) - dnl librpcsecgss already has a dependency on libgssapi, dnl but we need to make sure we get the right version if test "$enable_gss" = yes; then @@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then fi dnl enable nfsidmap when its support by libnfsidmap +AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) 1ca82a963ace17397bd7ec09f5e0707badd7c254 statd: drop all capabilities from the bounding set as well diff --git a/support/nsm/file.c b/support/nsm/file.c index 5dd52c1..5476446 100644 --- a/support/nsm/file.c +++ b/support/nsm/file.c @@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) * * Returns true if successful, or false if some error occurred. */ +#ifdef HAVE_SYS_CAPABILITY_H static _Bool nsm_clear_capabilities(void) { -#ifdef HAVE_SYS_CAPABILITY_H cap_t caps; caps = cap_from_text("cap_net_bind_service=ep"); @@ -357,10 +357,60 @@ nsm_clear_capabilities(void) } (void)cap_free(caps); -#endif return true; } +#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" +static _Bool +prune_bounding_set(void) +{ +#ifdef PR_CAPBSET_DROP + int ret; + unsigned long i; + struct stat st; + + /* + * Prior to kernel 2.6.25, the capabilities bounding set was a global + * value. Check to see if /proc/sys/kernel/cap-bound exists and don't + * bother to clear the bounding set if it does. + */ + ret = stat(CAP_BOUND_PROCFILE, &st); + if (!ret) { + xlog(L_WARNING, "%s exists. Not attempting to clear " + "capabilities bounding set.", + CAP_BOUND_PROCFILE); + return true; + } else if (errno != ENOENT) { + /* Warn, but attempt to clear the bounding set anyway. */ + xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); + } + + /* prune the bounding set to nothing */ + for (i = 0; i <= CAP_LAST_CAP; ++i) { + ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + if (ret) { + xlog(L_ERROR, "Unable to prune capability %lu from " + "bounding set: %m", i); + return false; + } + } +#endif /* PR_CAPBSET_DROP */ + return true; +} +#else /* !HAVE_SYS_CAPABILITY_H */ +static _Bool +nsm_clear_capabilities(void) +{ + return true; +} + +static _Bool +prune_bounding_set(void) +{ + return true; +} +#endif /* HAVE_SYS_CAPABILITY_H */ + /** * nsm_drop_privileges - drop root privileges * @pidfd: file descriptor of a pid file @@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) return false; } + if (!prune_bounding_set()) + return false; + if (st.st_uid == 0) { xlog_warn("Running as root. " "chown %s to choose different user", nsm_base_dirname); 43537ecbc1ab3ae7cefe5d47e7e03b14bf428197 nfsidmap: Allow verbosity level to be set in the config file diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c index cf11551..b767395 100644 --- a/utils/nfsidmap/nfsidmap.c +++ b/utils/nfsidmap/nfsidmap.c @@ -12,6 +12,7 @@ #include #include "xlog.h" +#include "conffile.h" int verbose = 0; char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; @@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; #define DEFAULT_KEYRING "id_resolver" #endif +#ifndef PATH_IDMAPDCONF +#define PATH_IDMAPDCONF "/etc/idmapd.conf" +#endif + static int keyring_clear(char *keyring); #define UIDKEYS 0x1 #define GIDKEYS 0x2 /* + * Check to the config file for the verbosity level + */ +int +get_config_verbose(char *path) +{ + conf_path = path; + conf_init(); + return conf_get_num("General", "Verbosity", 0); +} + +/* * Find either a user or group id based on the name@domain string */ int id_lookup(char *name_at_domain, key_serial_t key, int type) @@ -266,7 +282,9 @@ int main(int argc, char **argv) break; } } - + if (!verbose) { + verbose = get_config_verbose(PATH_IDMAPDCONF); + } if (keystr) { rc = key_revoke(keystr, keymask); return rc; 0781cf2a60dbb0d8997c4abef103d80f819cd16f Updated the version number. diff --git a/README b/README index 348f5d4..e55b2dd 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is version 1.1.0 of nfs-utils, the Linux NFS utility package. +This is version 1.2.6 of nfs-utils, the Linux NFS utility package. 0. PROJECT RESOURCES b66c96de551b650680a65a732a1338c3ec25b436 nsm_client: nsm_client needs to link with libtirpc diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am index 4bf0a45..4c15346 100644 --- a/tests/nsm_client/Makefile.am +++ b/tests/nsm_client/Makefile.am @@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c BUILT_SOURCES = $(GENFILES) nsm_client_LDADD = ../../support/nfs/libnfs.a \ - ../../support/nsm/libnsm.a $(LIBCAP) + ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) if CONFIG_RPCGEN RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen eae2fa997223ce0edb4218faf2ff67165535d21d mountd: Honor the no_root_squash flag on pseudo roots diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c index 708eb61..726b50d 100644 --- a/utils/mountd/v4root.c +++ b/utils/mountd/v4root.c @@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source) if (source->e_flags & NFSEXP_INSECURE_PORT) pseudo->e_flags |= NFSEXP_INSECURE_PORT; + if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) + pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; for (se = source->e_secinfo; se->flav; se++) { struct sec_entry *new; @@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export) exp = export_create(&eep, 0); if (exp == NULL) return NULL; - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", + exp->m_export.e_path, exp->m_export.e_flags); return &exp->m_export; } 55b1769e63cdffa07b597fa6132c9902cec25265 rpcdebug: Add new "state" flag for the nfs module diff --git a/support/include/nfs/debug.h b/support/include/nfs/debug.h index dbec5ba..80a1b1d 100644 --- a/support/include/nfs/debug.h +++ b/support/include/nfs/debug.h @@ -79,6 +79,7 @@ enum { #define NFSDBG_FSCACHE 0x0800 #define NFSDBG_PNFS 0x1000 #define NFSDBG_PNFS_LD 0x2000 +#define NFSDBG_STATE 0x4000 #define NFSDBG_ALL 0xFFFF #endif /* _NFS_DEBUG_H */ diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c index 444616d..d6e10d3 100644 --- a/tools/rpcdebug/rpcdebug.c +++ b/tools/rpcdebug/rpcdebug.c @@ -170,6 +170,7 @@ static struct flagmap { FLAG(NFS, FSCACHE), FLAG(NFS, PNFS), FLAG(NFS, PNFS_LD), + FLAG(NFS, STATE), FLAG(NFS, ALL), /* nfsd */ d18b89cd7352783580f3d3dde26f8617e36459b9 nfsdcld: Before clearing the capability bounding set, check if we have the cap diff --git a/support/nsm/file.c b/support/nsm/file.c index 5476446..4711c2c 100644 --- a/support/nsm/file.c +++ b/support/nsm/file.c @@ -386,7 +386,7 @@ prune_bounding_set(void) } /* prune the bounding set to nothing */ - for (i = 0; i <= CAP_LAST_CAP; ++i) { + for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >=0 ; ++i) { ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); if (ret) { xlog(L_ERROR, "Unable to prune capability %lu from " diff --git a/utils/nfsdcld/nfsdcld.c b/utils/nfsdcld/nfsdcld.c index e7af4e3..473d069 100644 --- a/utils/nfsdcld/nfsdcld.c +++ b/utils/nfsdcld/nfsdcld.c @@ -102,8 +102,8 @@ cld_set_caps(void) } /* prune the bounding set to nothing */ - for (i = 0; i <= CAP_LAST_CAP; ++i) { - ret = prctl(PR_CAPBSET_DROP, i); + for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0 ; ++i) { + ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); if (ret) { xlog(L_ERROR, "Unable to prune capability %lu from " "bounding set: %m", i); 78ee5f378f295e7bff24a7be41b9361f406d4f8b mount.nfs: try the next address after mount fails with ETIMEDOUT diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c index e09aa7c..0aa9a75 100644 --- a/utils/mount/stropts.c +++ b/utils/mount/stropts.c @@ -665,6 +665,7 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi) case ECONNREFUSED: case EOPNOTSUPP: case EHOSTUNREACH: + case ETIMEDOUT: continue; default: goto out; @@ -752,6 +753,7 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi) switch (errno) { case ECONNREFUSED: case EHOSTUNREACH: + case ETIMEDOUT: continue; default: goto out; 8c3d608410c2c8f405fc74d47aa3bcab1933f974 exportfs: Update exportfs flush option list in usage message. diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index a3323d7..9f79541 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -40,7 +40,7 @@ static void unexportfs(char *arg, int verbose); static void exports_update(int verbose); static void dump(int verbose); static void error(nfs_export *exp, int err); -static void usage(const char *progname); +static void usage(const char *progname, int n); static void validate_export(nfs_export *exp); static int matchhostname(const char *hostname1, const char *hostname2); static void export_d_read(const char *dname); @@ -105,11 +105,17 @@ main(int argc, char **argv) export_errno = 0; - while ((c = getopt(argc, argv, "aio:ruvf")) != EOF) { + while ((c = getopt(argc, argv, "afhio:ruv")) != EOF) { switch(c) { case 'a': f_all = 1; break; + case 'f': + force_flush = 1; + break; + case 'h': + usage(progname, 0); + break; case 'i': f_ignore = 1; break; @@ -126,11 +132,8 @@ main(int argc, char **argv) case 'v': f_verbose = 1; break; - case 'f': - force_flush = 1; - break; default: - usage(progname); + usage(progname, 1); break; } } @@ -723,8 +726,8 @@ error(nfs_export *exp, int err) } static void -usage(const char *progname) +usage(const char *progname, int n) { - fprintf(stderr, "usage: %s [-aruv] [host:/path]\n", progname); - exit(1); + fprintf(stderr, "usage: %s [-afhioruv] [host:/path]\n", progname); + exit(n); } fd27c638898010438d404cd17120729ef1d680e2 nfsidmap: Default domain not being set. diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c index b767395..e14543c 100644 --- a/utils/nfsidmap/nfsidmap.c +++ b/utils/nfsidmap/nfsidmap.c @@ -37,17 +37,6 @@ static int keyring_clear(char *keyring); #define GIDKEYS 0x2 /* - * Check to the config file for the verbosity level - */ -int -get_config_verbose(char *path) -{ - conf_path = path; - conf_init(); - return conf_get_num("General", "Verbosity", 0); -} - -/* * Find either a user or group id based on the name@domain string */ int id_lookup(char *name_at_domain, key_serial_t key, int type) @@ -282,9 +271,14 @@ int main(int argc, char **argv) break; } } - if (!verbose) { - verbose = get_config_verbose(PATH_IDMAPDCONF); + + if (nfs4_init_name_mapping(PATH_IDMAPDCONF)) { + xlog_err("Unable to create name to user id mappings."); + return 1; } + if (!verbose) + verbose = conf_get_num("General", "Verbosity", 0); + if (keystr) { rc = key_revoke(keystr, keymask); return rc; 76908c3f14a12e865054ea5d6e4cad201c28839a mount.nfs: restore correct error status when umount fails diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c index e8f17a9..5c1116a 100644 --- a/utils/mount/mount_libmount.c +++ b/utils/mount/mount_libmount.c @@ -173,6 +173,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) { int rc, c; char *spec = NULL, *opts = NULL; + int ret = EX_FAIL; static const struct option longopts[] = { { "force", 0, 0, 'f' }, @@ -243,7 +244,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) /* strange, no entry in mtab or /proc not mounted */ nfs_umount23(spec, "tcp,v3"); } - + ret = EX_FILEIO; rc = mnt_context_do_umount(cxt); /* call umount(2) syscall */ mnt_context_finalize_mount(cxt); /* mtab update */ @@ -252,12 +253,10 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) umount_error(rc, spec); goto err; } - - free(opts); - return EX_SUCCESS; + ret = EX_SUCCESS; err: free(opts); - return EX_FAIL; + return ret; } static int mount_main(struct libmnt_context *cxt, int argc, char **argv) 4dac21d1e8ff31c3b01f7f29e7cf877e89f09eaa rpc.gssd: close upcall pipe on POLLHUP diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h index 28a8206..71a140b 100644 --- a/utils/gssd/gssd.h +++ b/utils/gssd/gssd.h @@ -81,8 +81,10 @@ struct clnt_info { char *protocol; int krb5_fd; int krb5_poll_index; + int krb5_close_me; int gssd_fd; int gssd_poll_index; + int gssd_close_me; struct sockaddr_storage addr; }; diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c index cec09ea..c18e12c 100644 --- a/utils/gssd/gssd_main_loop.c +++ b/utils/gssd/gssd_main_loop.c @@ -78,8 +78,10 @@ scan_poll_results(int ret) { i = clp->gssd_poll_index; if (i >= 0 && pollarray[i].revents) { - if (pollarray[i].revents & POLLHUP) + if (pollarray[i].revents & POLLHUP) { + clp->gssd_close_me = 1; dir_changed = 1; + } if (pollarray[i].revents & POLLIN) handle_gssd_upcall(clp); pollarray[clp->gssd_poll_index].revents = 0; @@ -89,8 +91,10 @@ scan_poll_results(int ret) } i = clp->krb5_poll_index; if (i >= 0 && pollarray[i].revents) { - if (pollarray[i].revents & POLLHUP) + if (pollarray[i].revents & POLLHUP) { + clp->krb5_close_me = 1; dir_changed = 1; + } if (pollarray[i].revents & POLLIN) handle_krb5_upcall(clp); pollarray[clp->krb5_poll_index].revents = 0; diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index aa39435..2861d06 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -340,6 +340,25 @@ process_clnt_dir_files(struct clnt_info * clp) char gname[PATH_MAX]; char info_file_name[PATH_MAX]; + if (clp->gssd_close_me) { + printerr(2, "Closing 'gssd' pipe for %s\n", clp->dirname); + close(clp->gssd_fd); + memset(&pollarray[clp->gssd_poll_index], 0, + sizeof(struct pollfd)); + clp->gssd_fd = -1; + clp->gssd_poll_index = -1; + clp->gssd_close_me = 0; + } + if (clp->krb5_close_me) { + printerr(2, "Closing 'krb5' pipe for %s\n", clp->dirname); + close(clp->krb5_fd); + memset(&pollarray[clp->krb5_poll_index], 0, + sizeof(struct pollfd)); + clp->krb5_fd = -1; + clp->krb5_poll_index = -1; + clp->krb5_close_me = 0; + } + if (clp->gssd_fd == -1) { snprintf(gname, sizeof(gname), "%s/gssd", clp->dirname); clp->gssd_fd = open(gname, O_RDWR);