rpms/nfs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
6464d6107b
nfs-utils/nfs-utils-1-2-9-rc2.patch
Steve Dickson 6464d6107b Update to latest upstream RC release: nfs-utils.1.2.9-rc1 
Added GSS_USE_PROXY variable to nfs.sysconfig (bz 967112)

Signed-off-by: Steve Dickson <steved@redhat.com>
2013-05-31 10:25:45 -04:00

442 lines
13 KiB
Diff
Raw Blame History

diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
index a0b80e1..1bfae7a 100644
--- a/support/include/nfsrpc.h
+++ b/support/include/nfsrpc.h
@@ -156,6 +156,11 @@ extern unsigned long nfs_pmap_getport(const struct sockaddr_in *,
const struct timeval *);
/*
+ * Use nfs_pmap_getport to see if statd is running locally
+ */
+extern int nfs_probe_statd(void);
+
+/*
* Contact a remote RPC service to discover whether it is responding
* to requests.
*/
diff --git a/support/nfs/getport.c b/support/nfs/getport.c
index 3331ad4..081594c 100644
--- a/support/nfs/getport.c
+++ b/support/nfs/getport.c
@@ -1102,3 +1102,25 @@ unsigned long nfs_pmap_getport(const struct sockaddr_in *sin,
return port;
}
+
+static const char *nfs_ns_pgmtbl[] = {
+ "status",
+ NULL,
+};
+
+/*
+ * nfs_probe_statd - use nfs_pmap_getport to see if statd is running locally
+ *
+ * Returns non-zero if statd is running locally.
+ */
+int nfs_probe_statd(void)
+{
+ struct sockaddr_in addr = {
+ .sin_family = AF_INET,
+ .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
+ };
+ rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl);
+
+ return nfs_getport_ping((struct sockaddr *)(char *)&addr, sizeof(addr),
+ program, (rpcvers_t)1, IPPROTO_UDP);
+}
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 1df75c5..ac13fd4 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -195,11 +195,28 @@ option when starting
.BR rpc.gssd .
.SH OPTIONS
.TP
-.B -D
-DNS Reverse lookups are not used for determining the
-server names pass to GSSAPI. This option will reverses that and forces
-the use of DNS Reverse resolution of the server's IP address to
-retrieve the server name to use in GSAPI authentication.
+.B \-D
+The server name passed to GSSAPI for authentication is normally the
+name exactly as requested. e.g. for NFS
+it is the server name in the "servername:/path" mount request. Only if this
+servername appears to be an IP address (IPv4 or IPv6) or an
+unqualified name (no dots) will a reverse DNS lookup
+will be performed to get the canoncial server name.
+
+If
+.B \-D
+is present, a reverse DNS lookup will
+.I always
+be used, even if the server name looks like a canonical name. So it
+is needed if partially qualified, or non canonical names are regularly
+used.
+
+Using
+.B \-D
+can introduce a security vulnerability, so it is recommended that
+.B \-D
+not be used, and that canonical names always be used when requesting
+services.
.TP
.B -f
Runs
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index af1844c..b7e2bbb 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -67,7 +67,6 @@
#include <errno.h>
#include <gssapi/gssapi.h>
#include <netdb.h>
-#include <ctype.h>
#include "gssd.h"
#include "err_util.h"
@@ -176,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
char *hostname;
char hbuf[NI_MAXHOST];
unsigned char buf[sizeof(struct in6_addr)];
- int servername = 0;
if (avoid_dns) {
/*
@@ -184,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
- servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
- servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
- servername = 1; /* or IPv6 */
-
- if (servername) {
+ int is_fqdn = 1;
+ if (strchr(name, '.') == NULL)
+ is_fqdn = 0; /* local name */
+ else if (inet_pton(AF_INET, name, buf) == 1)
+ is_fqdn = 0; /* IPv4 address */
+ else if (inet_pton(AF_INET6, name, buf) == 1)
+ is_fqdn = 0; /* IPv6 addrss */
+
+ if (is_fqdn) {
return strdup(name);
}
+ /* Sorry, cannot avoid dns after all */
}
switch (sa->sa_family) {
diff --git a/utils/mount/network.c b/utils/mount/network.c
index 4be48cd..e2cdcaf 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -65,11 +65,6 @@ extern int nfs_mount_data_version;
extern char *progname;
extern int verbose;
-static const char *nfs_ns_pgmtbl[] = {
- "status",
- NULL,
-};
-
static const char *nfs_mnt_pgmtbl[] = {
"mount",
"mountd",
@@ -761,18 +756,6 @@ int probe_bothports(clnt_addr_t *mnt_server, clnt_addr_t *nfs_server)
&nfs_server->pmap);
}
-static int nfs_probe_statd(void)
-{
- struct sockaddr_in addr = {
- .sin_family = AF_INET,
- .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
- };
- rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl);
-
- return nfs_getport_ping(SAFE_SOCKADDR(&addr), sizeof(addr),
- program, (rpcvers_t)1, IPPROTO_UDP);
-}
-
/**
* start_statd - attempt to start rpc.statd
*
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index a8ec46c..2a42b93 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -84,6 +84,20 @@ in
.SS "Options supported by all versions"
These options are valid to use with any NFS version.
.TP 1.5i
+.BI nfsvers= n
+The NFS protocol version number used to contact the server's NFS service.
+If the server does not support the requested version, the mount request
+fails.
+If this option is not specified, the client negotiates a suitable version
+with
+the server, trying version 4 first, version 3 second, and version 2 last.
+.TP 1.5i
+.BI vers= n
+This option is an alternative to the
+.B nfsvers
+option.
+It is included for compatibility with other operating systems
+.TP 1.5i
.BR soft " / " hard
Determines the recovery behavior of the NFS client
after an NFS request times out.
@@ -621,18 +635,6 @@ Using this option ensures that
reports the proper maximum component length to applications
in such cases.
.TP 1.5i
-.BI nfsvers= n
-The NFS protocol version number used to contact the server's NFS service.
-If the server does not support the requested version, the mount request fails.
-If this option is not specified, the client negotiates a suitable version with
-the server, trying version 4 first, version 3 second, and version 2 last.
-.TP 1.5i
-.BI vers= n
-This option is an alternative to the
-.B nfsvers
-option.
-It is included for compatibility with other operating systems.
-.TP 1.5i
.BR lock " / " nolock
Selects whether to use the NLM sideband protocol to lock files on the server.
If neither option is specified (or if
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 737927c..517aa62 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p)
static int is_subdirectory(char *child, char *parent)
{
+ /* Check is child is strictly a subdirectory of
+ * parent or a more distant descendant.
+ */
size_t l = strlen(parent);
- if (strcmp(parent, "/") == 0)
+ if (strcmp(parent, "/") == 0 && child[1] != 0)
return 1;
- return strcmp(child, parent) == 0
- || (strncmp(child, parent, l) == 0 && child[l] == '/');
+ return (strncmp(child, parent, l) == 0 && child[l] == '/');
}
static int path_matches(nfs_export *exp, char *path)
{
- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
- return is_subdirectory(path, exp->m_export.e_path);
- return strcmp(path, exp->m_export.e_path) == 0;
+ /* Does the path match the export? I.e. is it an
+ * exact match, or does the export have CROSSMOUNT, and path
+ * is a descendant?
+ */
+ return strcmp(path, exp->m_export.e_path) == 0
+ || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+ && is_subdirectory(path, exp->m_export.e_path));
}
static int
@@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
return path_matches(exp, path) && client_matches(exp, dom, ai);
}
-/* True iff e1 is a child of e2 and e2 has crossmnt set: */
+/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */
static bool subexport(struct exportent *e1, struct exportent *e2)
{
char *p1 = e1->e_path, *p2 = e2->e_path;
- size_t l2 = strlen(p2);
return e2->e_flags & NFSEXP_CROSSMOUNT
- && strncmp(p1, p2, l2) == 0
- && p1[l2] == '/';
+ && is_subdirectory(p1, p2);
}
struct parsed_fsid {
diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man
index 47007df..6940788 100644
--- a/utils/nfsdcltrack/nfsdcltrack.man
+++ b/utils/nfsdcltrack/nfsdcltrack.man
@@ -1,53 +1,3 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
.ie \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
@@ -59,70 +9,6 @@
. de IX
..
.\}
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
.IX Title "NFSDCLTRACK 8"
.TH NFSDCLTRACK 8 "2012-10-24" "" ""
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
diff --git a/utils/nfsidmap/Makefile.am b/utils/nfsidmap/Makefile.am
index c0675c4..737a219 100644
--- a/utils/nfsidmap/Makefile.am
+++ b/utils/nfsidmap/Makefile.am
@@ -1,9 +1,10 @@
## Process this file with automake to produce Makefile.in
man8_MANS = nfsidmap.man
-
sbin_PROGRAMS = nfsidmap
+
nfsidmap_SOURCES = nfsidmap.c
nfsidmap_LDADD = $(LIBNFSIDMAP) -lkeyutils ../../support/nfs/libnfs.a
MAINTAINERCLEANFILES = Makefile.in
+EXTRA_DIST = id_resolver.conf
diff --git a/utils/nfsidmap/id_resolver.conf b/utils/nfsidmap/id_resolver.conf
new file mode 100644
index 0000000..2c156c6
--- /dev/null
+++ b/utils/nfsidmap/id_resolver.conf
@@ -0,0 +1 @@
+create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
index 652546c..8c51bcc 100644
--- a/utils/statd/statd.c
+++ b/utils/statd/statd.c
@@ -28,6 +28,7 @@
#include "statd.h"
#include "nfslib.h"
+#include "nfsrpc.h"
#include "nsm.h"
/* Socket operations */
@@ -237,6 +238,12 @@ int main (int argc, char **argv)
/* Set hostname */
MY_NAME = NULL;
+ /* Refuse to start if another statd is running */
+ if (nfs_probe_statd()) {
+ fprintf(stderr, "Statd service already running!\n");
+ exit(1);
+ }
+
/* Process command line switches */
while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:L", longopts, NULL)) != EOF) {
switch (arg) {
Reference in New Issue View Git Blame Copy Permalink