commit eae2fa997223ce0edb4218faf2ff67165535d21d Author: J. Bruce Fields Date: Tue May 29 14:40:38 2012 -0400 mountd: Honor the no_root_squash flag on pseudo roots From: "J. Bruce Fields" If root squashing is turned off on a export that has multiple directories, the parent directories of the pseudo exports that's built, also needs to have root squashing turned off. Tested-by: Steve Dickson Signed-off-by: Steve Dickson diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c index 708eb61..726b50d 100644 --- a/utils/mountd/v4root.c +++ b/utils/mountd/v4root.c @@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source) if (source->e_flags & NFSEXP_INSECURE_PORT) pseudo->e_flags |= NFSEXP_INSECURE_PORT; + if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) + pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; for (se = source->e_secinfo; se->flav; se++) { struct sec_entry *new; @@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export) exp = export_create(&eep, 0); if (exp == NULL) return NULL; - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", + exp->m_export.e_path, exp->m_export.e_flags); return &exp->m_export; } commit b66c96de551b650680a65a732a1338c3ec25b436 Author: Adam Sampson Date: Tue May 29 14:37:22 2012 -0400 nsm_client: nsm_client needs to link with libtirpc nsm_client needs to link against libtirpc. Signed-off-by: Steve Dickson diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am index 4bf0a45..4c15346 100644 --- a/tests/nsm_client/Makefile.am +++ b/tests/nsm_client/Makefile.am @@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c BUILT_SOURCES = $(GENFILES) nsm_client_LDADD = ../../support/nfs/libnfs.a \ - ../../support/nsm/libnsm.a $(LIBCAP) + ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) if CONFIG_RPCGEN RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen commit 0781cf2a60dbb0d8997c4abef103d80f819cd16f Author: Steve Dickson Date: Tue May 29 14:31:57 2012 -0400 Updated the version number. Signed-off-by: Steve Dickson diff --git a/README b/README index 348f5d4..e55b2dd 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is version 1.1.0 of nfs-utils, the Linux NFS utility package. +This is version 1.2.6 of nfs-utils, the Linux NFS utility package. 0. PROJECT RESOURCES commit 43537ecbc1ab3ae7cefe5d47e7e03b14bf428197 Author: Steve Dickson Date: Tue May 29 14:27:24 2012 -0400 nfsidmap: Allow verbosity level to be set in the config file To make it easier to enable ID mapping debugging, nfsidmap should read /etc/idmap.conf to see if the verbosity level is set, similar to what rpc.idmapd does Signed-off-by: Steve Dickson diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c index cf11551..b767395 100644 --- a/utils/nfsidmap/nfsidmap.c +++ b/utils/nfsidmap/nfsidmap.c @@ -12,6 +12,7 @@ #include #include "xlog.h" +#include "conffile.h" int verbose = 0; char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; @@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; #define DEFAULT_KEYRING "id_resolver" #endif +#ifndef PATH_IDMAPDCONF +#define PATH_IDMAPDCONF "/etc/idmapd.conf" +#endif + static int keyring_clear(char *keyring); #define UIDKEYS 0x1 #define GIDKEYS 0x2 /* + * Check to the config file for the verbosity level + */ +int +get_config_verbose(char *path) +{ + conf_path = path; + conf_init(); + return conf_get_num("General", "Verbosity", 0); +} + +/* * Find either a user or group id based on the name@domain string */ int id_lookup(char *name_at_domain, key_serial_t key, int type) @@ -266,7 +282,9 @@ int main(int argc, char **argv) break; } } - + if (!verbose) { + verbose = get_config_verbose(PATH_IDMAPDCONF); + } if (keystr) { rc = key_revoke(keystr, keymask); return rc; commit 1ca82a963ace17397bd7ec09f5e0707badd7c254 Author: Jeff Layton Date: Tue May 29 14:23:18 2012 -0400 statd: drop all capabilities from the bounding set as well statd drops all capabilities except for CAP_NET_BIND when it starts. It's possible though that if it ever had a compromise that an attacker would be able to invoke a setuid process (or something with file capabilities) in order to reinstate some caps. This could happen as a result of the daemon becoming compromised, or possibly as a result of the ha-callout program becoming compromised. In order to prevent that, have statd also prune the capability bounding set to nothing prior to dropping capabilities. That ensures that the process won't be able to reacquire capabilities via any means -- including exec'ing a setuid program. We do however need to be cognizant of the fact that PR_CAPBSET_DROP was only added in 2.6.25, so check to make sure that #define exists via autoconf before we rely on it. In order to do that, we must add ax_check_define.m4 from the GNU autoconf macro archive. Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound exists before attempting to clear the bounding set. If it does, then don't bother trying since it won't work. In that event though, do throw a warning however since the presence of that file indicates that there is a disconnect between the build and runtime environments. Acked-by: Chuck Lever Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson diff --git a/support/nsm/file.c b/support/nsm/file.c index 5dd52c1..5476446 100644 --- a/support/nsm/file.c +++ b/support/nsm/file.c @@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) * * Returns true if successful, or false if some error occurred. */ +#ifdef HAVE_SYS_CAPABILITY_H static _Bool nsm_clear_capabilities(void) { -#ifdef HAVE_SYS_CAPABILITY_H cap_t caps; caps = cap_from_text("cap_net_bind_service=ep"); @@ -357,10 +357,60 @@ nsm_clear_capabilities(void) } (void)cap_free(caps); -#endif return true; } +#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" +static _Bool +prune_bounding_set(void) +{ +#ifdef PR_CAPBSET_DROP + int ret; + unsigned long i; + struct stat st; + + /* + * Prior to kernel 2.6.25, the capabilities bounding set was a global + * value. Check to see if /proc/sys/kernel/cap-bound exists and don't + * bother to clear the bounding set if it does. + */ + ret = stat(CAP_BOUND_PROCFILE, &st); + if (!ret) { + xlog(L_WARNING, "%s exists. Not attempting to clear " + "capabilities bounding set.", + CAP_BOUND_PROCFILE); + return true; + } else if (errno != ENOENT) { + /* Warn, but attempt to clear the bounding set anyway. */ + xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); + } + + /* prune the bounding set to nothing */ + for (i = 0; i <= CAP_LAST_CAP; ++i) { + ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + if (ret) { + xlog(L_ERROR, "Unable to prune capability %lu from " + "bounding set: %m", i); + return false; + } + } +#endif /* PR_CAPBSET_DROP */ + return true; +} +#else /* !HAVE_SYS_CAPABILITY_H */ +static _Bool +nsm_clear_capabilities(void) +{ + return true; +} + +static _Bool +prune_bounding_set(void) +{ + return true; +} +#endif /* HAVE_SYS_CAPABILITY_H */ + /** * nsm_drop_privileges - drop root privileges * @pidfd: file descriptor of a pid file @@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) return false; } + if (!prune_bounding_set()) + return false; + if (st.st_uid == 0) { xlog_warn("Running as root. " "chown %s to choose different user", nsm_base_dirname); commit ddb095f82becc94c8e3a2429cc755dee5d1808c9 Author: Diego Elio Pettenò Date: Tue May 29 14:15:32 2012 -0400 build: avoid AM_CONDITIONAL in conditional execution. Automake does not support conditional AM_CONDITIONAL calls; what that means is that you always have to execute AM_CONDITIONAL one way or the other. Both the libsqlite3.m4 file and the nfsdcld conditionals are executed only when NFSv4 is enabled, which breaks building with --disable-nfsv4. Remove the SQLite3 conditional altogether as it's never used, and move the nfsdcld conditional outside of the conditional code. Acked-by: Jeff Layton Signed-off-by: Diego Elio Pettenò Signed-off-by: Steve Dickson diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4 index 73d1e46..8c38993 100644 --- a/aclocal/libsqlite3.m4 +++ b/aclocal/libsqlite3.m4 @@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ LIBS="$saved_LIBS"]) AC_MSG_RESULT($libsqlite3_cv_is_recent) - AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) ])dnl diff --git a/configure.ac b/configure.ac index 9ba53e2..b408f1b 100644 --- a/configure.ac +++ b/configure.ac @@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then fi fi - AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) - dnl librpcsecgss already has a dependency on libgssapi, dnl but we need to make sure we get the right version if test "$enable_gss" = yes; then @@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then fi dnl enable nfsidmap when its support by libnfsidmap +AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) commit 7e9c0f760397d7e8fa78bdeefffc14eb8269925b Author: Jeff Layton Date: Tue May 29 13:53:09 2012 -0400 autoconf: make the test for prctl have an effect We currently test to ensure that prctl() is available, but the results of that test are a no-op either way. statd calls prctl() unconditionally, so make configure bail out if prctl() isn't available since the build will fail in that event anyway. Cc: Chuck Lever Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 index 68a624c..f8a0ed1 100644 --- a/aclocal/libcap.m4 +++ b/aclocal/libcap.m4 @@ -3,7 +3,7 @@ dnl AC_DEFUN([AC_LIBCAP], [ dnl look for prctl - AC_CHECK_FUNC([prctl], , ) + AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) AC_ARG_ENABLE([caps], [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) commit 646be42c84305d02dea06113cc9e6c9a7ab94f8a Author: Steve Dickson Date: Thu May 17 08:16:29 2012 -0400 Makefile.am: Corrected a misspelling of overridden Signed-off-by: Steve Dickson diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am index 7627854..5810936 100644 --- a/utils/mount/Makefile.am +++ b/utils/mount/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in # These binaries go in /sbin (not /usr/sbin), and that cannot be -# overriden at config time. +# overridden at config time. sbindir = /sbin man8_MANS = mount.nfs.man umount.nfs.man commit d4d392087f8ee049ed8f476e5ae780cbc0d0012a Author: NeilBrown Date: Thu May 17 08:14:57 2012 -0400 osd_login - ensure /sbin is created before installation. If we use a more standard approach to describing the osd_login script, the automake infrastructure will create /sbin before attempting installation. This is important for: make DESTDIR=/empty-dir install Signed-off-by: NeilBrown Signed-off-by: Steve Dickson diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am index adc493a..20c2d8c 100644 --- a/utils/osd_login/Makefile.am +++ b/utils/osd_login/Makefile.am @@ -1,12 +1,9 @@ ## Process this file with automake to produce Makefile.in -OSD_LOGIN_FILES= osd_login +# These binaries go in /sbin (not /usr/sbin), and that cannot be +# overridden at config time. +sbindir = /sbin -EXTRA_DIST= $(OSD_LOGIN_FILES) - -all-local: $(OSD_LOGIN_FILES) - -install-data-hook: - $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login +sbin_SCRIPTS = osd_login MAINTAINERCLEANFILES = Makefile.in commit a69f6aeb19841f5a95c3eb4f4e5fe5ca0db247f4 Author: Jim Rees Date: Tue May 15 10:10:01 2012 -0400 blkmapd: remove pretty_sig() This really only works against EMC servers. There is at least one server that returns unprintable signatures, which fill the log with garbage (the spec does not mandate printable signatures). It could be made more generic, for example by checking each byte for isprint(). But the signatures are really only of interest to developers, not admins, so it seems better to just remove it. Signed-off-by: Jim Rees Signed-off-by: Steve Dickson diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c index 652a7a8..5fe3dff 100644 --- a/utils/blkmapd/device-process.c +++ b/utils/blkmapd/device-process.c @@ -49,28 +49,6 @@ #include "device-discovery.h" -static char *pretty_sig(char *sig, uint32_t siglen) -{ - static char rs[100]; - uint64_t sigval; - unsigned int i; - - if (siglen <= sizeof(sigval)) { - sigval = 0; - for (i = 0; i < siglen; i++) - sigval |= ((unsigned char *)sig)[i] << (i * 8); - sprintf(rs, "0x%0llx", (unsigned long long) sigval); - } else { - if (siglen > sizeof rs - 4) { - siglen = sizeof rs - 4; - sprintf(&rs[siglen], "..."); - } else - rs[siglen] = '\0'; - memcpy(rs, sig, siglen); - } - return rs; -} - uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) { uint32_t *q = p + ((nbytes + 3) >> 2); @@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end, * for mapping, then thrown away. */ comp->bs_string = (char *)p; - BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", - __func__, i, siglen, - pretty_sig(comp->bs_string, siglen)); p += ((siglen + 3) >> 2); } *pp = p; @@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp) } ret = memcmp(sig, comp->bs_string, siglen); - if (!ret) - BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, - pretty_sig(sig, siglen), - (long long)comp->bs_offset); out: if (sig)