diff -up nfs-utils-1.2.6/aclocal/libcap.m4.orig nfs-utils-1.2.6/aclocal/libcap.m4 --- nfs-utils-1.2.6/aclocal/libcap.m4.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/aclocal/libcap.m4 2012-06-19 14:59:06.669623204 -0400 @@ -3,7 +3,7 @@ dnl AC_DEFUN([AC_LIBCAP], [ dnl look for prctl - AC_CHECK_FUNC([prctl], , ) + AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) AC_ARG_ENABLE([caps], [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) diff -up nfs-utils-1.2.6/aclocal/libsqlite3.m4.orig nfs-utils-1.2.6/aclocal/libsqlite3.m4 --- nfs-utils-1.2.6/aclocal/libsqlite3.m4.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/aclocal/libsqlite3.m4 2012-06-19 14:59:06.668623223 -0400 @@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ LIBS="$saved_LIBS"]) AC_MSG_RESULT($libsqlite3_cv_is_recent) - AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) ])dnl diff -up nfs-utils-1.2.6/configure.ac.orig nfs-utils-1.2.6/configure.ac --- nfs-utils-1.2.6/configure.ac.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/configure.ac 2012-06-19 14:59:06.668623223 -0400 @@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then fi fi - AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) - dnl librpcsecgss already has a dependency on libgssapi, dnl but we need to make sure we get the right version if test "$enable_gss" = yes; then @@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then fi dnl enable nfsidmap when its support by libnfsidmap +AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) diff -up nfs-utils-1.2.6/README.orig nfs-utils-1.2.6/README --- nfs-utils-1.2.6/README.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/README 2012-06-19 14:59:06.668623224 -0400 @@ -1,4 +1,4 @@ -This is version 1.1.0 of nfs-utils, the Linux NFS utility package. +This is version 1.2.6 of nfs-utils, the Linux NFS utility package. 0. PROJECT RESOURCES diff -up nfs-utils-1.2.6/support/include/nfs/debug.h.orig nfs-utils-1.2.6/support/include/nfs/debug.h --- nfs-utils-1.2.6/support/include/nfs/debug.h.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/support/include/nfs/debug.h 2012-06-19 14:59:06.665623291 -0400 @@ -79,6 +79,7 @@ enum { #define NFSDBG_FSCACHE 0x0800 #define NFSDBG_PNFS 0x1000 #define NFSDBG_PNFS_LD 0x2000 +#define NFSDBG_STATE 0x4000 #define NFSDBG_ALL 0xFFFF #endif /* _NFS_DEBUG_H */ diff -up nfs-utils-1.2.6/support/nsm/file.c.orig nfs-utils-1.2.6/support/nsm/file.c --- nfs-utils-1.2.6/support/nsm/file.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/support/nsm/file.c 2012-06-19 15:00:50.667702768 -0400 @@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) * * Returns true if successful, or false if some error occurred. */ +#ifdef HAVE_SYS_CAPABILITY_H static _Bool nsm_clear_capabilities(void) { -#ifdef HAVE_SYS_CAPABILITY_H cap_t caps; caps = cap_from_text("cap_net_bind_service=ep"); @@ -357,10 +357,60 @@ nsm_clear_capabilities(void) } (void)cap_free(caps); -#endif return true; } +#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" +static _Bool +prune_bounding_set(void) +{ +#ifdef PR_CAPBSET_DROP + int ret; + unsigned long i; + struct stat st; + + /* + * Prior to kernel 2.6.25, the capabilities bounding set was a global + * value. Check to see if /proc/sys/kernel/cap-bound exists and don't + * bother to clear the bounding set if it does. + */ + ret = stat(CAP_BOUND_PROCFILE, &st); + if (!ret) { + xlog(L_WARNING, "%s exists. Not attempting to clear " + "capabilities bounding set.", + CAP_BOUND_PROCFILE); + return true; + } else if (errno != ENOENT) { + /* Warn, but attempt to clear the bounding set anyway. */ + xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); + } + + /* prune the bounding set to nothing */ + for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >=0 ; ++i) { + ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + if (ret) { + xlog(L_ERROR, "Unable to prune capability %lu from " + "bounding set: %m", i); + return false; + } + } +#endif /* PR_CAPBSET_DROP */ + return true; +} +#else /* !HAVE_SYS_CAPABILITY_H */ +static _Bool +nsm_clear_capabilities(void) +{ + return true; +} + +static _Bool +prune_bounding_set(void) +{ + return true; +} +#endif /* HAVE_SYS_CAPABILITY_H */ + /** * nsm_drop_privileges - drop root privileges * @pidfd: file descriptor of a pid file @@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) return false; } + if (!prune_bounding_set()) + return false; + if (st.st_uid == 0) { xlog_warn("Running as root. " "chown %s to choose different user", nsm_base_dirname); diff -up nfs-utils-1.2.6/tests/nsm_client/Makefile.am.orig nfs-utils-1.2.6/tests/nsm_client/Makefile.am --- nfs-utils-1.2.6/tests/nsm_client/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/tests/nsm_client/Makefile.am 2012-06-19 14:59:06.667623245 -0400 @@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_cli BUILT_SOURCES = $(GENFILES) nsm_client_LDADD = ../../support/nfs/libnfs.a \ - ../../support/nsm/libnsm.a $(LIBCAP) + ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) if CONFIG_RPCGEN RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen diff -up nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c.orig nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c --- nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c 2012-06-19 14:59:06.667623245 -0400 @@ -170,6 +170,7 @@ static struct flagmap { FLAG(NFS, FSCACHE), FLAG(NFS, PNFS), FLAG(NFS, PNFS_LD), + FLAG(NFS, STATE), FLAG(NFS, ALL), /* nfsd */ diff -up nfs-utils-1.2.6/utils/blkmapd/device-process.c.orig nfs-utils-1.2.6/utils/blkmapd/device-process.c --- nfs-utils-1.2.6/utils/blkmapd/device-process.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/blkmapd/device-process.c 2012-06-19 14:59:06.670623190 -0400 @@ -49,28 +49,6 @@ #include "device-discovery.h" -static char *pretty_sig(char *sig, uint32_t siglen) -{ - static char rs[100]; - uint64_t sigval; - unsigned int i; - - if (siglen <= sizeof(sigval)) { - sigval = 0; - for (i = 0; i < siglen; i++) - sigval |= ((unsigned char *)sig)[i] << (i * 8); - sprintf(rs, "0x%0llx", (unsigned long long) sigval); - } else { - if (siglen > sizeof rs - 4) { - siglen = sizeof rs - 4; - sprintf(&rs[siglen], "..."); - } else - rs[siglen] = '\0'; - memcpy(rs, sig, siglen); - } - return rs; -} - uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) { uint32_t *q = p + ((nbytes + 3) >> 2); @@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t * for mapping, then thrown away. */ comp->bs_string = (char *)p; - BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", - __func__, i, siglen, - pretty_sig(comp->bs_string, siglen)); p += ((siglen + 3) >> 2); } *pp = p; @@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, i } ret = memcmp(sig, comp->bs_string, siglen); - if (!ret) - BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, - pretty_sig(sig, siglen), - (long long)comp->bs_offset); out: if (sig) diff -up nfs-utils-1.2.6/utils/mountd/v4root.c.orig nfs-utils-1.2.6/utils/mountd/v4root.c --- nfs-utils-1.2.6/utils/mountd/v4root.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/mountd/v4root.c 2012-06-19 14:59:06.667623245 -0400 @@ -62,6 +62,8 @@ void set_pseudofs_security(struct export if (source->e_flags & NFSEXP_INSECURE_PORT) pseudo->e_flags |= NFSEXP_INSECURE_PORT; + if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) + pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; for (se = source->e_secinfo; se->flav; se++) { struct sec_entry *new; @@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *ex exp = export_create(&eep, 0); if (exp == NULL) return NULL; - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", + exp->m_export.e_path, exp->m_export.e_flags); return &exp->m_export; } diff -up nfs-utils-1.2.6/utils/mount/Makefile.am.orig nfs-utils-1.2.6/utils/mount/Makefile.am --- nfs-utils-1.2.6/utils/mount/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/mount/Makefile.am 2012-06-19 14:59:06.669623204 -0400 @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in # These binaries go in /sbin (not /usr/sbin), and that cannot be -# overriden at config time. +# overridden at config time. sbindir = /sbin man8_MANS = mount.nfs.man umount.nfs.man diff -up nfs-utils-1.2.6/utils/mount/stropts.c.orig nfs-utils-1.2.6/utils/mount/stropts.c --- nfs-utils-1.2.6/utils/mount/stropts.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/mount/stropts.c 2012-06-19 14:59:06.664623305 -0400 @@ -665,6 +665,7 @@ static int nfs_try_mount_v3v2(struct nfs case ECONNREFUSED: case EOPNOTSUPP: case EHOSTUNREACH: + case ETIMEDOUT: continue; default: goto out; @@ -752,6 +753,7 @@ static int nfs_try_mount_v4(struct nfsmo switch (errno) { case ECONNREFUSED: case EHOSTUNREACH: + case ETIMEDOUT: continue; default: goto out; diff -up nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c.orig nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c --- nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c 2012-06-19 14:59:06.665623291 -0400 @@ -102,8 +102,8 @@ cld_set_caps(void) } /* prune the bounding set to nothing */ - for (i = 0; i <= CAP_LAST_CAP; ++i) { - ret = prctl(PR_CAPBSET_DROP, i); + for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0 ; ++i) { + ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); if (ret) { xlog(L_ERROR, "Unable to prune capability %lu from " "bounding set: %m", i); diff -up nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c.orig nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c --- nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c 2012-06-19 14:59:06.668623224 -0400 @@ -12,6 +12,7 @@ #include #include "xlog.h" +#include "conffile.h" int verbose = 0; char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; @@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|- #define DEFAULT_KEYRING "id_resolver" #endif +#ifndef PATH_IDMAPDCONF +#define PATH_IDMAPDCONF "/etc/idmapd.conf" +#endif + static int keyring_clear(char *keyring); #define UIDKEYS 0x1 #define GIDKEYS 0x2 /* + * Check to the config file for the verbosity level + */ +int +get_config_verbose(char *path) +{ + conf_path = path; + conf_init(); + return conf_get_num("General", "Verbosity", 0); +} + +/* * Find either a user or group id based on the name@domain string */ int id_lookup(char *name_at_domain, key_serial_t key, int type) @@ -266,7 +282,9 @@ int main(int argc, char **argv) break; } } - + if (!verbose) { + verbose = get_config_verbose(PATH_IDMAPDCONF); + } if (keystr) { rc = key_revoke(keystr, keymask); return rc; diff -up nfs-utils-1.2.6/utils/osd_login/Makefile.am.orig nfs-utils-1.2.6/utils/osd_login/Makefile.am --- nfs-utils-1.2.6/utils/osd_login/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 +++ nfs-utils-1.2.6/utils/osd_login/Makefile.am 2012-06-19 14:59:06.669623204 -0400 @@ -1,12 +1,9 @@ ## Process this file with automake to produce Makefile.in -OSD_LOGIN_FILES= osd_login +# These binaries go in /sbin (not /usr/sbin), and that cannot be +# overridden at config time. +sbindir = /sbin -EXTRA_DIST= $(OSD_LOGIN_FILES) - -all-local: $(OSD_LOGIN_FILES) - -install-data-hook: - $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login +sbin_SCRIPTS = osd_login MAINTAINERCLEANFILES = Makefile.in