479 lines
15 KiB
Diff
479 lines
15 KiB
Diff
commit eae2fa997223ce0edb4218faf2ff67165535d21d
|
|
Author: J. Bruce Fields <bfields@redhat.com>
|
|
Date: Tue May 29 14:40:38 2012 -0400
|
|
|
|
mountd: Honor the no_root_squash flag on pseudo roots
|
|
|
|
From: "J. Bruce Fields" <bfields@redhat.com>
|
|
|
|
If root squashing is turned off on a export that
|
|
has multiple directories, the parent directories
|
|
of the pseudo exports that's built, also needs to
|
|
have root squashing turned off.
|
|
|
|
Tested-by: Steve Dickson <steved@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
|
|
index 708eb61..726b50d 100644
|
|
--- a/utils/mountd/v4root.c
|
|
+++ b/utils/mountd/v4root.c
|
|
@@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source)
|
|
|
|
if (source->e_flags & NFSEXP_INSECURE_PORT)
|
|
pseudo->e_flags |= NFSEXP_INSECURE_PORT;
|
|
+ if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0)
|
|
+ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
|
|
for (se = source->e_secinfo; se->flav; se++) {
|
|
struct sec_entry *new;
|
|
|
|
@@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export)
|
|
exp = export_create(&eep, 0);
|
|
if (exp == NULL)
|
|
return NULL;
|
|
- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
|
|
+ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
|
|
+ exp->m_export.e_path, exp->m_export.e_flags);
|
|
return &exp->m_export;
|
|
}
|
|
|
|
|
|
commit b66c96de551b650680a65a732a1338c3ec25b436
|
|
Author: Adam Sampson <ats@offog.org>
|
|
Date: Tue May 29 14:37:22 2012 -0400
|
|
|
|
nsm_client: nsm_client needs to link with libtirpc
|
|
|
|
nsm_client needs to link against libtirpc.
|
|
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am
|
|
index 4bf0a45..4c15346 100644
|
|
--- a/tests/nsm_client/Makefile.am
|
|
+++ b/tests/nsm_client/Makefile.am
|
|
@@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c
|
|
|
|
BUILT_SOURCES = $(GENFILES)
|
|
nsm_client_LDADD = ../../support/nfs/libnfs.a \
|
|
- ../../support/nsm/libnsm.a $(LIBCAP)
|
|
+ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC)
|
|
|
|
if CONFIG_RPCGEN
|
|
RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen
|
|
|
|
commit 0781cf2a60dbb0d8997c4abef103d80f819cd16f
|
|
Author: Steve Dickson <steved@redhat.com>
|
|
Date: Tue May 29 14:31:57 2012 -0400
|
|
|
|
Updated the version number.
|
|
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/README b/README
|
|
index 348f5d4..e55b2dd 100644
|
|
--- a/README
|
|
+++ b/README
|
|
@@ -1,4 +1,4 @@
|
|
-This is version 1.1.0 of nfs-utils, the Linux NFS utility package.
|
|
+This is version 1.2.6 of nfs-utils, the Linux NFS utility package.
|
|
|
|
|
|
0. PROJECT RESOURCES
|
|
|
|
commit 43537ecbc1ab3ae7cefe5d47e7e03b14bf428197
|
|
Author: Steve Dickson <steved@redhat.com>
|
|
Date: Tue May 29 14:27:24 2012 -0400
|
|
|
|
nfsidmap: Allow verbosity level to be set in the config file
|
|
|
|
To make it easier to enable ID mapping debugging, nfsidmap
|
|
should read /etc/idmap.conf to see if the verbosity level
|
|
is set, similar to what rpc.idmapd does
|
|
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
|
|
index cf11551..b767395 100644
|
|
--- a/utils/nfsidmap/nfsidmap.c
|
|
+++ b/utils/nfsidmap/nfsidmap.c
|
|
@@ -12,6 +12,7 @@
|
|
|
|
#include <unistd.h>
|
|
#include "xlog.h"
|
|
+#include "conffile.h"
|
|
|
|
int verbose = 0;
|
|
char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
|
|
@@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
|
|
#define DEFAULT_KEYRING "id_resolver"
|
|
#endif
|
|
|
|
+#ifndef PATH_IDMAPDCONF
|
|
+#define PATH_IDMAPDCONF "/etc/idmapd.conf"
|
|
+#endif
|
|
+
|
|
static int keyring_clear(char *keyring);
|
|
|
|
#define UIDKEYS 0x1
|
|
#define GIDKEYS 0x2
|
|
|
|
/*
|
|
+ * Check to the config file for the verbosity level
|
|
+ */
|
|
+int
|
|
+get_config_verbose(char *path)
|
|
+{
|
|
+ conf_path = path;
|
|
+ conf_init();
|
|
+ return conf_get_num("General", "Verbosity", 0);
|
|
+}
|
|
+
|
|
+/*
|
|
* Find either a user or group id based on the name@domain string
|
|
*/
|
|
int id_lookup(char *name_at_domain, key_serial_t key, int type)
|
|
@@ -266,7 +282,9 @@ int main(int argc, char **argv)
|
|
break;
|
|
}
|
|
}
|
|
-
|
|
+ if (!verbose) {
|
|
+ verbose = get_config_verbose(PATH_IDMAPDCONF);
|
|
+ }
|
|
if (keystr) {
|
|
rc = key_revoke(keystr, keymask);
|
|
return rc;
|
|
|
|
commit 1ca82a963ace17397bd7ec09f5e0707badd7c254
|
|
Author: Jeff Layton <jlayton@redhat.com>
|
|
Date: Tue May 29 14:23:18 2012 -0400
|
|
|
|
statd: drop all capabilities from the bounding set as well
|
|
|
|
statd drops all capabilities except for CAP_NET_BIND when it starts.
|
|
It's possible though that if it ever had a compromise that an attacker would
|
|
be able to invoke a setuid process (or something with file capabilities) in
|
|
order to reinstate some caps.
|
|
|
|
This could happen as a result of the daemon becoming compromised, or
|
|
possibly as a result of the ha-callout program becoming compromised.
|
|
|
|
In order to prevent that, have statd also prune the capability bounding
|
|
set to nothing prior to dropping capabilities. That ensures that the
|
|
process won't be able to reacquire capabilities via any means --
|
|
including exec'ing a setuid program.
|
|
|
|
We do however need to be cognizant of the fact that PR_CAPBSET_DROP was
|
|
only added in 2.6.25, so check to make sure that #define exists via
|
|
autoconf before we rely on it. In order to do that, we must add
|
|
ax_check_define.m4 from the GNU autoconf macro archive.
|
|
|
|
Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound
|
|
exists before attempting to clear the bounding set. If it does, then
|
|
don't bother trying since it won't work. In that event though, do
|
|
throw a warning however since the presence of that file indicates that
|
|
there is a disconnect between the build and runtime environments.
|
|
|
|
Acked-by: Chuck Lever <chuck.lever@oracle.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/support/nsm/file.c b/support/nsm/file.c
|
|
index 5dd52c1..5476446 100644
|
|
--- a/support/nsm/file.c
|
|
+++ b/support/nsm/file.c
|
|
@@ -338,10 +338,10 @@ nsm_is_default_parentdir(void)
|
|
*
|
|
* Returns true if successful, or false if some error occurred.
|
|
*/
|
|
+#ifdef HAVE_SYS_CAPABILITY_H
|
|
static _Bool
|
|
nsm_clear_capabilities(void)
|
|
{
|
|
-#ifdef HAVE_SYS_CAPABILITY_H
|
|
cap_t caps;
|
|
|
|
caps = cap_from_text("cap_net_bind_service=ep");
|
|
@@ -357,10 +357,60 @@ nsm_clear_capabilities(void)
|
|
}
|
|
|
|
(void)cap_free(caps);
|
|
-#endif
|
|
return true;
|
|
}
|
|
|
|
+#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound"
|
|
+static _Bool
|
|
+prune_bounding_set(void)
|
|
+{
|
|
+#ifdef PR_CAPBSET_DROP
|
|
+ int ret;
|
|
+ unsigned long i;
|
|
+ struct stat st;
|
|
+
|
|
+ /*
|
|
+ * Prior to kernel 2.6.25, the capabilities bounding set was a global
|
|
+ * value. Check to see if /proc/sys/kernel/cap-bound exists and don't
|
|
+ * bother to clear the bounding set if it does.
|
|
+ */
|
|
+ ret = stat(CAP_BOUND_PROCFILE, &st);
|
|
+ if (!ret) {
|
|
+ xlog(L_WARNING, "%s exists. Not attempting to clear "
|
|
+ "capabilities bounding set.",
|
|
+ CAP_BOUND_PROCFILE);
|
|
+ return true;
|
|
+ } else if (errno != ENOENT) {
|
|
+ /* Warn, but attempt to clear the bounding set anyway. */
|
|
+ xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE);
|
|
+ }
|
|
+
|
|
+ /* prune the bounding set to nothing */
|
|
+ for (i = 0; i <= CAP_LAST_CAP; ++i) {
|
|
+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
|
|
+ if (ret) {
|
|
+ xlog(L_ERROR, "Unable to prune capability %lu from "
|
|
+ "bounding set: %m", i);
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+#endif /* PR_CAPBSET_DROP */
|
|
+ return true;
|
|
+}
|
|
+#else /* !HAVE_SYS_CAPABILITY_H */
|
|
+static _Bool
|
|
+nsm_clear_capabilities(void)
|
|
+{
|
|
+ return true;
|
|
+}
|
|
+
|
|
+static _Bool
|
|
+prune_bounding_set(void)
|
|
+{
|
|
+ return true;
|
|
+}
|
|
+#endif /* HAVE_SYS_CAPABILITY_H */
|
|
+
|
|
/**
|
|
* nsm_drop_privileges - drop root privileges
|
|
* @pidfd: file descriptor of a pid file
|
|
@@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd)
|
|
return false;
|
|
}
|
|
|
|
+ if (!prune_bounding_set())
|
|
+ return false;
|
|
+
|
|
if (st.st_uid == 0) {
|
|
xlog_warn("Running as root. "
|
|
"chown %s to choose different user", nsm_base_dirname);
|
|
|
|
commit ddb095f82becc94c8e3a2429cc755dee5d1808c9
|
|
Author: Diego Elio Pettenò <flameeyes@flameeyes.eu>
|
|
Date: Tue May 29 14:15:32 2012 -0400
|
|
|
|
build: avoid AM_CONDITIONAL in conditional execution.
|
|
|
|
Automake does not support conditional AM_CONDITIONAL calls; what that
|
|
means is that you always have to execute AM_CONDITIONAL one way or the
|
|
other. Both the libsqlite3.m4 file and the nfsdcld conditionals are
|
|
executed only when NFSv4 is enabled, which breaks building with
|
|
--disable-nfsv4.
|
|
|
|
Remove the SQLite3 conditional altogether as it's never used, and move
|
|
the nfsdcld conditional outside of the conditional code.
|
|
|
|
Acked-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4
|
|
index 73d1e46..8c38993 100644
|
|
--- a/aclocal/libsqlite3.m4
|
|
+++ b/aclocal/libsqlite3.m4
|
|
@@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [
|
|
LIBS="$saved_LIBS"])
|
|
|
|
AC_MSG_RESULT($libsqlite3_cv_is_recent)
|
|
- AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"])
|
|
])dnl
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 9ba53e2..b408f1b 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then
|
|
fi
|
|
fi
|
|
|
|
- AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ])
|
|
-
|
|
dnl librpcsecgss already has a dependency on libgssapi,
|
|
dnl but we need to make sure we get the right version
|
|
if test "$enable_gss" = yes; then
|
|
@@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then
|
|
fi
|
|
|
|
dnl enable nfsidmap when its support by libnfsidmap
|
|
+AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ])
|
|
AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
|
|
|
|
|
|
|
|
commit 7e9c0f760397d7e8fa78bdeefffc14eb8269925b
|
|
Author: Jeff Layton <jlayton@redhat.com>
|
|
Date: Tue May 29 13:53:09 2012 -0400
|
|
|
|
autoconf: make the test for prctl have an effect
|
|
|
|
We currently test to ensure that prctl() is available, but the results
|
|
of that test are a no-op either way. statd calls prctl()
|
|
unconditionally, so make configure bail out if prctl() isn't available
|
|
since the build will fail in that event anyway.
|
|
|
|
Cc: Chuck Lever <chuck.lever@oracle.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4
|
|
index 68a624c..f8a0ed1 100644
|
|
--- a/aclocal/libcap.m4
|
|
+++ b/aclocal/libcap.m4
|
|
@@ -3,7 +3,7 @@ dnl
|
|
AC_DEFUN([AC_LIBCAP], [
|
|
|
|
dnl look for prctl
|
|
- AC_CHECK_FUNC([prctl], , )
|
|
+ AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available]))
|
|
|
|
AC_ARG_ENABLE([caps],
|
|
[AS_HELP_STRING([--disable-caps], [Disable capabilities support])])
|
|
|
|
commit 646be42c84305d02dea06113cc9e6c9a7ab94f8a
|
|
Author: Steve Dickson <steved@redhat.com>
|
|
Date: Thu May 17 08:16:29 2012 -0400
|
|
|
|
Makefile.am: Corrected a misspelling of overridden
|
|
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am
|
|
index 7627854..5810936 100644
|
|
--- a/utils/mount/Makefile.am
|
|
+++ b/utils/mount/Makefile.am
|
|
@@ -1,7 +1,7 @@
|
|
## Process this file with automake to produce Makefile.in
|
|
|
|
# These binaries go in /sbin (not /usr/sbin), and that cannot be
|
|
-# overriden at config time.
|
|
+# overridden at config time.
|
|
sbindir = /sbin
|
|
|
|
man8_MANS = mount.nfs.man umount.nfs.man
|
|
|
|
commit d4d392087f8ee049ed8f476e5ae780cbc0d0012a
|
|
Author: NeilBrown <neilb@suse.de>
|
|
Date: Thu May 17 08:14:57 2012 -0400
|
|
|
|
osd_login - ensure /sbin is created before installation.
|
|
|
|
If we use a more standard approach to describing the osd_login
|
|
script, the automake infrastructure will create /sbin before
|
|
attempting installation.
|
|
This is important for: make DESTDIR=/empty-dir install
|
|
|
|
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am
|
|
index adc493a..20c2d8c 100644
|
|
--- a/utils/osd_login/Makefile.am
|
|
+++ b/utils/osd_login/Makefile.am
|
|
@@ -1,12 +1,9 @@
|
|
## Process this file with automake to produce Makefile.in
|
|
|
|
-OSD_LOGIN_FILES= osd_login
|
|
+# These binaries go in /sbin (not /usr/sbin), and that cannot be
|
|
+# overridden at config time.
|
|
+sbindir = /sbin
|
|
|
|
-EXTRA_DIST= $(OSD_LOGIN_FILES)
|
|
-
|
|
-all-local: $(OSD_LOGIN_FILES)
|
|
-
|
|
-install-data-hook:
|
|
- $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login
|
|
+sbin_SCRIPTS = osd_login
|
|
|
|
MAINTAINERCLEANFILES = Makefile.in
|
|
|
|
commit a69f6aeb19841f5a95c3eb4f4e5fe5ca0db247f4
|
|
Author: Jim Rees <rees@umich.edu>
|
|
Date: Tue May 15 10:10:01 2012 -0400
|
|
|
|
blkmapd: remove pretty_sig()
|
|
|
|
This really only works against EMC servers. There is at least one server
|
|
that returns unprintable signatures, which fill the log with garbage (the
|
|
spec does not mandate printable signatures). It could be made more generic,
|
|
for example by checking each byte for isprint(). But the signatures are
|
|
really only of interest to developers, not admins, so it seems better to
|
|
just remove it.
|
|
|
|
Signed-off-by: Jim Rees <rees@umich.edu>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c
|
|
index 652a7a8..5fe3dff 100644
|
|
--- a/utils/blkmapd/device-process.c
|
|
+++ b/utils/blkmapd/device-process.c
|
|
@@ -49,28 +49,6 @@
|
|
|
|
#include "device-discovery.h"
|
|
|
|
-static char *pretty_sig(char *sig, uint32_t siglen)
|
|
-{
|
|
- static char rs[100];
|
|
- uint64_t sigval;
|
|
- unsigned int i;
|
|
-
|
|
- if (siglen <= sizeof(sigval)) {
|
|
- sigval = 0;
|
|
- for (i = 0; i < siglen; i++)
|
|
- sigval |= ((unsigned char *)sig)[i] << (i * 8);
|
|
- sprintf(rs, "0x%0llx", (unsigned long long) sigval);
|
|
- } else {
|
|
- if (siglen > sizeof rs - 4) {
|
|
- siglen = sizeof rs - 4;
|
|
- sprintf(&rs[siglen], "...");
|
|
- } else
|
|
- rs[siglen] = '\0';
|
|
- memcpy(rs, sig, siglen);
|
|
- }
|
|
- return rs;
|
|
-}
|
|
-
|
|
uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes)
|
|
{
|
|
uint32_t *q = p + ((nbytes + 3) >> 2);
|
|
@@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end,
|
|
* for mapping, then thrown away.
|
|
*/
|
|
comp->bs_string = (char *)p;
|
|
- BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n",
|
|
- __func__, i, siglen,
|
|
- pretty_sig(comp->bs_string, siglen));
|
|
p += ((siglen + 3) >> 2);
|
|
}
|
|
*pp = p;
|
|
@@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp)
|
|
}
|
|
|
|
ret = memcmp(sig, comp->bs_string, siglen);
|
|
- if (!ret)
|
|
- BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name,
|
|
- pretty_sig(sig, siglen),
|
|
- (long long)comp->bs_offset);
|
|
|
|
out:
|
|
if (sig)
|