ailiopoulos/nfs-utils
SHA256
1
0
Fork 0
forked from pool/nfs-utils
Code Pull Requests Activity

Accepting request 184600 from Base:System

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/184600
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nfs-utils?expand=0&rev=103
This commit is contained in:
Stephan Kulow 2013-07-30 16:40:42 +00:00 committed by Git OBS Bridge
commit 2e649219cd
13 changed files with 483 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
0001-mountd-Fix-is_subdirectory-again.patch Normal file
View File

@ -0,0 +1,81 @@
From 23d3980b6cfea4e9056d9b7b81e48b4fefc645e0 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Tue, 7 May 2013 11:46:18 -0400
Subject: [PATCH] mountd: Fix is_subdirectory again
The problem was that is_subdirectory() would also succeed if the two
directories were the same. This is needed for path_matches() which
needs to see if the child is same-or-descendant.
So this patch rearranges path_matches() to do the "are they the same"
test itself and only bother with is_subdirectory() if it they are not
the same.
So now is_subdirectory() can be strict, and so can be usable for
subexport(), which needs a strong 'in subdirectory - not the same' test.
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/mountd/cache.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 737927c..517aa62 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p)
static int is_subdirectory(char *child, char *parent)
{
+ /* Check is child is strictly a subdirectory of
+ * parent or a more distant descendant.
+ */
size_t l = strlen(parent);
- if (strcmp(parent, "/") == 0)
+ if (strcmp(parent, "/") == 0 && child[1] != 0)
return 1;
- return strcmp(child, parent) == 0
- || (strncmp(child, parent, l) == 0 && child[l] == '/');
+ return (strncmp(child, parent, l) == 0 && child[l] == '/');
}
static int path_matches(nfs_export *exp, char *path)
{
- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
- return is_subdirectory(path, exp->m_export.e_path);
- return strcmp(path, exp->m_export.e_path) == 0;
+ /* Does the path match the export? I.e. is it an
+ * exact match, or does the export have CROSSMOUNT, and path
+ * is a descendant?
+ */
+ return strcmp(path, exp->m_export.e_path) == 0
+ || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+ && is_subdirectory(path, exp->m_export.e_path));
}
static int
@@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
return path_matches(exp, path) && client_matches(exp, dom, ai);
}
-/* True iff e1 is a child of e2 and e2 has crossmnt set: */
+/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */
static bool subexport(struct exportent *e1, struct exportent *e2)
{
char *p1 = e1->e_path, *p2 = e2->e_path;
- size_t l2 = strlen(p2);
return e2->e_flags & NFSEXP_CROSSMOUNT
- && strncmp(p1, p2, l2) == 0
- && p1[l2] == '/';
+ && is_subdirectory(p1, p2);
}
struct parsed_fsid {
--
1.8.3.1.487.g3e7a5b4

102
0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch Normal file
View File

@ -0,0 +1,102 @@
From c93e8d8eeafec3e3228e24dfebef113e0a79a788 Mon Sep 17 00:00:00 2001
From: "Signed-off-by: NeilBrown" <neilb@suse.de>
Date: Tue, 28 May 2013 12:59:22 -0400
Subject: [PATCH] gssd: Fix recent fix to Avoid DNS reverse resolution in gssd.
The final version for this fix that was committed inverted the test
so makes no change in the important cases.
The documentation didn't really help a naive user know when the new -D
flag should be used.
And the code (once fixed) avoided DNS resolution on non-qualified names too,
which probably isn't a good idea.
This patch fixes all three issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd.man | 27 ++++++++++++++++++++++-----
utils/gssd/gssd_proc.c | 18 ++++++++++--------
2 files changed, 32 insertions(+), 13 deletions(-)
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 1df75c5..ac13fd4 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -195,11 +195,28 @@ option when starting
.BR rpc.gssd .
.SH OPTIONS
.TP
-.B -D
-DNS Reverse lookups are not used for determining the
-server names pass to GSSAPI. This option will reverses that and forces
-the use of DNS Reverse resolution of the server's IP address to
-retrieve the server name to use in GSAPI authentication.
+.B \-D
+The server name passed to GSSAPI for authentication is normally the
+name exactly as requested. e.g. for NFS
+it is the server name in the "servername:/path" mount request. Only if this
+servername appears to be an IP address (IPv4 or IPv6) or an
+unqualified name (no dots) will a reverse DNS lookup
+will be performed to get the canoncial server name.
+
+If
+.B \-D
+is present, a reverse DNS lookup will
+.I always
+be used, even if the server name looks like a canonical name. So it
+is needed if partially qualified, or non canonical names are regularly
+used.
+
+Using
+.B \-D
+can introduce a security vulnerability, so it is recommended that
+.B \-D
+not be used, and that canonical names always be used when requesting
+services.
.TP
.B -f
Runs
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 6cd4276..b7e2bbb 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -175,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
char *hostname;
char hbuf[NI_MAXHOST];
unsigned char buf[sizeof(struct in6_addr)];
- int servername = 0;
if (avoid_dns) {
/*
@@ -183,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
- servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
- servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
- servername = 1; /* or IPv6 */
-
- if (servername) {
+ int is_fqdn = 1;
+ if (strchr(name, '.') == NULL)
+ is_fqdn = 0; /* local name */
+ else if (inet_pton(AF_INET, name, buf) == 1)
+ is_fqdn = 0; /* IPv4 address */
+ else if (inet_pton(AF_INET6, name, buf) == 1)
+ is_fqdn = 0; /* IPv6 addrss */
+
+ if (is_fqdn) {
return strdup(name);
}
+ /* Sorry, cannot avoid dns after all */
}
switch (sa->sa_family) {
--
1.8.3.1.487.g3e7a5b4

45
0003-Fix-handling-of-preferred-realm-command-line-option.patch Normal file
View File

@ -0,0 +1,45 @@
From a402f768db1dc6497cf7f592b33e142936897de2 Mon Sep 17 00:00:00 2001
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Mon, 1 Jul 2013 11:58:13 -0400
Subject: [PATCH] Fix handling of preferred realm command line option.
The current implementation ignores any preferred realm specified on the
command line. Fix this behaviour and make sure the preferred realm is
used as first realm when trying to acquire a keytab entry
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 9ef80f0..abebdcd 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -852,11 +852,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
}
/*
- * Try the "appropriate" realm first, and if nothing found for that
- * realm, try the default realm (if it hasn't already been tried).
+ * Make sure the preferred_realm, which may have been explicitly set
+ * on the command line, is tried first. If nothing is found go on with
+ * the host and local default realm (if that hasn't already been tried).
*/
i = 0;
realm = realmnames[i];
+
+ if (strcmp (realm, preferred_realm) != 0) {
+ realm = preferred_realm;
+ /* resetting the realmnames index */
+ i = -1;
+ }
+
while (1) {
if (realm == NULL) {
tried_all = 1;
--
1.8.3.1.487.g3e7a5b4

69
0004-nfsiostat-restore-output-format.patch Normal file
View File

@ -0,0 +1,69 @@
From 94642a397d27ea0cfc6d798bc505482023eb5ec1 Mon Sep 17 00:00:00 2001
From: Weston Andros Adamson <dros@netapp.com>
Date: Mon, 1 Jul 2013 12:00:51 -0400
Subject: [PATCH] nfsiostat: restore output format
Recent changes to support python 3 changed the output of nfsiostat from:
read: ops/s kB/s kB/op retrans
avg RTT (ms) avg exe (ms)
48.094 2889.133 60.072 0 (0.0%)
177.160 184.833
...
to:
read:
ops/s kB/s kB/op retrans avg RTT (ms) avg exe
(ms)
0.000
0.000
0.000
0 (0.0%)
0.000
0.000
...
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
tools/nfs-iostat/nfs-iostat.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
index dfbef87..c035537 100644
--- a/tools/nfs-iostat/nfs-iostat.py
+++ b/tools/nfs-iostat/nfs-iostat.py
@@ -353,14 +353,14 @@ class DeviceData:
exe_per_op = 0.0
op += ':'
- print('%s' % op.lower().ljust(15))
+ print('%s' % op.lower().ljust(15), end='')
print(' ops/s\t\t kB/s\t\t kB/op\t\tretrans\t\tavg RTT (ms)\tavg exe (ms)')
- print('\t\t%7.3f' % (ops / sample_time))
- print('\t%7.3f' % (kilobytes / sample_time))
- print('\t%7.3f' % kb_per_op)
- print(' %7d (%3.1f%%)' % (retrans, retrans_percent))
- print('\t%7.3f' % rtt_per_op)
+ print('\t\t%7.3f' % (ops / sample_time), end='')
+ print('\t%7.3f' % (kilobytes / sample_time), end='')
+ print('\t%7.3f' % kb_per_op, end='')
+ print(' %7d (%3.1f%%)' % (retrans, retrans_percent), end='')
+ print('\t%7.3f' % rtt_per_op, end='')
print('\t%7.3f' % exe_per_op)
def ops(self, sample_time):
@@ -392,7 +392,7 @@ class DeviceData:
print()
print(' op/s\t\trpc bklog')
- print('%7.2f' % (sends / sample_time))
+ print('%7.2f' % (sends / sample_time), end='')
print('\t%7.2f' % backlog)
if which == 0:
--
1.8.3.1.487.g3e7a5b4

48
0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch Normal file
View File

@ -0,0 +1,48 @@
From 05e6d39a988e76d5803f79018a9e40d435f6d2f7 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Tue, 2 Jul 2013 08:27:41 -0400
Subject: [PATCH] gssd: don't give up on machine credential if hostname not
available.
krb5_util tries various different credential names in order to find
the machine credential, not all of them use the full host name of the
current host.
So if getting the full host name fails, don't give up completely,
still try the other options.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index abebdcd..a6c7eb0 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -825,8 +825,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
myhostad[i+1] = 0;
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
- if (retval)
- goto out;
+ if (retval) {
+ /* Don't use myhostname */
+ myhostname[0] = 0;
+ }
code = krb5_get_default_realm(context, &default_realm);
if (code) {
@@ -891,6 +893,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
myhostad,
NULL);
} else {
+ if (!myhostname[0])
+ continue;
snprintf(spn, sizeof(spn), "%s/%s@%s",
svcnames[j], myhostname, realm);
code = krb5_build_principal_ext(context, &princ,
--
1.8.3.1.487.g3e7a5b4

31
0006-gssd-fixed-typo-in-machine-cred-name.patch Normal file
View File

@ -0,0 +1,31 @@
From da05b199a60e8a8fa91d4d3734cbbe84b23cff69 Mon Sep 17 00:00:00 2001
From: Doug Nazar <nazard.michi@gmail.com>
Date: Tue, 2 Jul 2013 08:45:31 -0400
Subject: [PATCH] gssd: fixed typo in machine cred name.
Commit 1c787f14 [gssd: scan for DIR: ccaches, too] changed the default
prefix for the credential cache files. Update the check to ignore the
machine credential file when running with -n (root ignores machine
credentials).
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index a6c7eb0..83b9651 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -231,7 +231,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
continue;
}
if (uid == 0 && !root_uses_machine_creds &&
- strstr(namelist[i]->d_name, "_machine_")) {
+ strstr(namelist[i]->d_name, "machine_")) {
printerr(3, "CC '%s' not available to root\n",
statname);
free(namelist[i]);
--
1.8.3.1.487.g3e7a5b4

3
nfs-utils-1.2.7.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7ef8e0a8b22cd7ff33f3afd28e770d45643fae303468a180640c2967833fe75e
size 2902130

3
nfs-utils-1.2.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1cc8f02a633eddbf0a1d93421f331479c4cdab4c5ab33b8bf8c7c369f9156ac6
size 2747577

19
nfs-utils.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Mon Jul 22 06:47:57 UTC 2013 - nfbrown@suse.com
- New sysconfig variables
NFS4_SERVER_MINOR_VERSION, GSSD_OPTIONS,
NFS_GSSD_AVOID_DNS
to enable various configurations.
- bug fixes to init scripts to avoid unmounting everything(!)
and to avoid corrupting /run/nfs/bind.mounts
-------------------------------------------------------------------
Mon Jul 22 06:12:53 UTC 2013 - nfbrown@suse.com
- New upstream release 1.2.8 - mostly bugfixes, many to gssd.
No important new functionality
- Changes to ./configure command to remove warnings
- 8 more patches from upstream 'git' to fix non-trivial bugs
including on CVE.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 13 15:32:55 UTC 2013 - coolo@suse.com Mon May 13 15:32:55 UTC 2013 - coolo@suse.com

24
nfs-utils.spec
View File

@ -35,7 +35,7 @@ Url: http://kernel.org/pub/linux/utils/nfs-utils/
Summary: Support Utilities for Kernel nfsd Summary: Support Utilities for Kernel nfsd
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/NFS Group: Productivity/Networking/NFS
Version: 1.2.7 Version: 1.2.8
Release: 0 Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq %insserv_prereq PreReq: %fillup_prereq %insserv_prereq
@ -57,6 +57,18 @@ Source11: idmapd.conf
Source12: start-statd Source12: start-statd
Source13: nfs-utils.rpmlintrc Source13: nfs-utils.rpmlintrc
Patch0: nfs-utils-1.0.7-bind-syntax.patch Patch0: nfs-utils-1.0.7-bind-syntax.patch
# PATCH-FIX-UPSTREAM 0001-mountd-Fix-is_subdirectory-again.patch upstream-bugfix nfbrown@suse.de
Patch1: 0001-mountd-Fix-is_subdirectory-again.patch
# PATCH-FIX-UPSTREAM 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch upstream-bugfix nfbrown@suse.de
Patch2: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch
# PATCH-FIX-UPSTREAM 0003-Fix-handling-of-preferred-realm-command-line-option.patch upstream-bugfix nfbrown@suse.de
Patch3: 0003-Fix-handling-of-preferred-realm-command-line-option.patch
# PATCH-FIX-UPSTREAM 0004-nfsiostat-restore-output-format.patch upstream-bugfix nfbrown@suse.de
Patch4: 0004-nfsiostat-restore-output-format.patch
# PATCH-FIX-UPSTREAM 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch upstream-bugfix nfbrown@suse.de
Patch5: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch
# PATCH-FIX-UPSTREAM 0006-gssd-fixed-typo-in-machine-cred-name.patch upstream-bugfix nfbrown@suse.de
Patch6: 0006-gssd-fixed-typo-in-machine-cred-name.patch
Suggests: python-base Suggests: python-base
%description %description
@ -107,21 +119,25 @@ This package contains additional NFS documentation.
%prep %prep
%setup -q -n nfs-utils-%{version} -a 1 %setup -q -n nfs-utils-%{version} -a 1
%patch0 -p1 %patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
cp %{S:6} . cp %{S:6} .
%build %build
rm -f configure; autoreconf -fi rm -f configure; autoreconf -fi
CFLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing" LDFLAGS="-pie" ./configure \ CFLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing" LDFLAGS="-pie" ./configure \
--mandir=%{_mandir} \ --mandir=%{_mandir} \
--disable-rquotad \
--enable-nfsv4 \ --enable-nfsv4 \
--enable-gss \ --enable-gss \
--enable-ipv6 \ --enable-ipv6 \
--enable-nfsdcltrack \ --enable-nfsdcltrack \
--enable-mount \ --enable-mount \
--enable-libmount-mount \ --enable-libmount-mount \
--enable-mountconfig \ --enable-mountconfig
--with-krb5=/usr/lib/mit
make make
cd nfs cd nfs
for i in *.html ; do for i in *.html ; do

29
nfs.init
View File

@ -17,7 +17,7 @@
# Required-Stop: $network $portmap # Required-Stop: $network $portmap
# Default-Start: 3 5 # Default-Start: 3 5
# Default-Stop: 0 1 2 6 # Default-Stop: 0 1 2 6
# Short-Description: NFS client services # Short-Description: NFS client services
# Description: All necessary services for NFS clients # Description: All necessary services for NFS clients
### END INIT INFO ### END INIT INFO
@ -94,6 +94,15 @@ esac
if test -n "$flavors" ; then if test -n "$flavors" ; then
NEED_GSSD=yes NEED_GSSD=yes
fi fi
if test -n "$GSSD_OPTIONS"; then
NEED_GSSD=yes
fi
case $NFS_GSSD_AVOID_DNS in
[Nn]*) ignore_dns=-D ;;
[Yy]*) ignore_dns= ;;
* ) ignore_dns=-D
esac
if test "$NFS4_SUPPORT" = yes ; then if test "$NFS4_SUPPORT" = yes ; then
NEED_IDMAPD=yes NEED_IDMAPD=yes
@ -153,7 +162,7 @@ do_start_gssd() {
/sbin/modprobe rpcsec_gss_$flavor /sbin/modprobe rpcsec_gss_$flavor
done done
mount_rpc_pipefs mount_rpc_pipefs
startproc $GSSD_BIN startproc $GSSD_BIN $ignore_dns $GSSD_OPTIONS
return $? return $?
} }
@ -196,7 +205,7 @@ case "$1-$nfs" in
modprobe nfs modprobe nfs
grep -E '^(sunrpc|fs.nfs)' /etc/sysctl.conf | sysctl -q -e -n -p - grep -E '^(sunrpc|fs.nfs)' /etc/sysctl.conf | sysctl -q -e -n -p -
# in case we need /usr and/or /opt via nfs # in case we need /usr and/or /opt via nfs
mount_usr mount_usr
# sm-notify # sm-notify
@ -231,10 +240,10 @@ case "$1-$nfs" in
# It's sometime usefull to mount NFS devices in # It's sometime usefull to mount NFS devices in
# background with an ampersand (&) and a sleep time of # background with an ampersand (&) and a sleep time of
# two or more seconds, e.g: # two or more seconds, e.g:
# #
# sleep 2 && mount -at nfs,nfs4 & # sleep 2 && mount -at nfs,nfs4 &
# sleep 2 # sleep 2
# #
if test -n "$mnt" ; then if test -n "$mnt" ; then
# If network devices are not yet discovered, mounts # If network devices are not yet discovered, mounts
# might fail, so we might need to 'udevadm settle' to # might fail, so we might need to 'udevadm settle' to
@ -268,7 +277,7 @@ case "$1-$nfs" in
# kill process to maximise chance that umount succeeds # kill process to maximise chance that umount succeeds
mnt=`awk '$3 ~ /^nfs4*$/ {print $2}' /proc/mounts` mnt=`awk '$3 ~ /^nfs4*$/ {print $2}' /proc/mounts`
runlevel=`runlevel | awk '{print $2}'` runlevel=`runlevel | awk '{print $2}'`
if test "$runlevel" -eq 0 -o "$runlevel" -eq 6; then if test "$runlevel" -eq 0 -o "$runlevel" -eq 6; then
if test -n "$mnt" ; then if test -n "$mnt" ; then
/sbin/mkill -TERM $mnt /sbin/mkill -TERM $mnt
fi fi
@ -293,7 +302,7 @@ case "$1-$nfs" in
killproc $IDMAPD_BIN killproc $IDMAPD_BIN
fi fi
rm -f $IDMAPD_CLIENT_STATE rm -f $IDMAPD_CLIENT_STATE
fi fi
# stop rpc.statd if not needed by server # stop rpc.statd if not needed by server
if checkproc $STATD_BIN ; then if checkproc $STATD_BIN ; then
@ -334,7 +343,7 @@ case "$1-$nfs" in
echo "gssd not running" echo "gssd not running"
rc_failed 3 rc_failed 3
fi fi
# #
if test "$NEED_IDMAPD" = yes && ! checkproc $IDMAPD_BIN; then if test "$NEED_IDMAPD" = yes && ! checkproc $IDMAPD_BIN; then
echo "idmapd not running" echo "idmapd not running"
rc_failed 3 rc_failed 3
@ -354,7 +363,7 @@ case "$1-$nfs" in
if checkproc ${GSSD_BIN##*/}; then if checkproc ${GSSD_BIN##*/}; then
echo -n " gssd" echo -n " gssd"
killproc ${GSSD_BIN##*/} killproc ${GSSD_BIN##*/}
startproc $GSSD_BIN startproc $GSSD_BIN $ignore_dns $GSSD_OPTIONS
fi fi
if checkproc ${IDMAPD_BIN##*/}; then if checkproc ${IDMAPD_BIN##*/}; then
echo -n " idmapd" echo -n " idmapd"

15
nfsserver.init
View File

@ -44,7 +44,7 @@ rc_reset
# 5 - program is not installed # 5 - program is not installed
# 6 - program is not configured # 6 - program is not configured
# 7 - program is not running # 7 - program is not running
# #
# Note that starting an already running service, stopping # Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart # or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are # with force-reload (in case signalling is not supported) are
@ -108,7 +108,7 @@ nfs4_bind_mounts() {
echo "NFS: Is it no longer needed and may cease to work." echo "NFS: Is it no longer needed and may cease to work."
echo "NFS: Please remove these settings." echo "NFS: Please remove these settings."
warned=yes warned=yes
fi fi >&2
test -d "$export" || mkdir -p "$export" test -d "$export" || mkdir -p "$export"
mount -o bind "$dir" "$export" mount -o bind "$dir" "$export"
echo "$dir" "$export" echo "$dir" "$export"
@ -118,7 +118,7 @@ nfs4_bind_mounts() {
nfs4_unbind_mounts() { nfs4_unbind_mounts() {
sort -r -k2 $NFSD_BIND_MOUNTS | sort -r -k2 $NFSD_BIND_MOUNTS |
while read src mountpoint crap; do while read src mountpoint crap; do
umount -l "$mountpoint" [ -n "$mountpoint" ] && umount -l "$mountpoint"
done done
> $NFSD_BIND_MOUNTS > $NFSD_BIND_MOUNTS
} }
@ -188,6 +188,9 @@ case "$1" in
if [ "$NFS4_SUPPORT" != "yes" ]; then if [ "$NFS4_SUPPORT" != "yes" ]; then
VERSION_PARAMS="--no-nfs-version 4" VERSION_PARAMS="--no-nfs-version 4"
fi fi
if [ "$NFS4_SERVER_MINOR_VERSION" != "0" ]; then
VERSION_PARAMS="$VERSION_PARAMS -nfs-version 4 -nfs-version 4.$NFS4_SERVER_MINOR_VERSION"
fi
if [ -n "$NFSV4LEASETIME" -a -f /proc/fs/nfsd/nfsv4leasetime ]; then if [ -n "$NFSV4LEASETIME" -a -f /proc/fs/nfsd/nfsv4leasetime ]; then
echo "$NFSV4LEASETIME" > /proc/fs/nfsd/nfsv4leasetime echo "$NFSV4LEASETIME" > /proc/fs/nfsd/nfsv4leasetime
fi fi
@ -211,7 +214,7 @@ case "$1" in
echo $IDMAPD_BIN > $IDMAPD_SERVER_STATE echo $IDMAPD_BIN > $IDMAPD_SERVER_STATE
fi fi
# exportfs # exportfs
/usr/sbin/exportfs -r /usr/sbin/exportfs -r
# rpc.mountd # rpc.mountd
echo -n " mountd" echo -n " mountd"
if [ -n "$MOUNTD_PORT" ] ; then if [ -n "$MOUNTD_PORT" ] ; then
@ -295,7 +298,7 @@ case "$1" in
rc_status -v rc_status -v
;; ;;
try-restart) try-restart)
## Stop the service and if this succeeds (i.e. the ## Stop the service and if this succeeds (i.e. the
## service was running before), start it again. ## service was running before), start it again.
$0 status >/dev/null && $0 restart $0 status >/dev/null && $0 restart
@ -339,7 +342,7 @@ case "$1" in
echo -n " idmapd" echo -n " idmapd"
checkproc $IDMAPD_BIN checkproc $IDMAPD_BIN
rc_status -v rc_status -v
fi fi
echo -n " mountd" echo -n " mountd"
checkproc /usr/sbin/rpc.mountd checkproc /usr/sbin/rpc.mountd
rc_status -v rc_status -v

38
sysconfig.nfs
View File

@ -49,15 +49,28 @@ NFS3_SERVER_SUPPORT="yes"
## Default: yes ## Default: yes
## ServiceRestart: nfs nfsserver ## ServiceRestart: nfs nfsserver
# #
# Enable NFSv4 support (yes/no) # Enable NFSv4 support (server and/or client) (yes/no)
# #
NFS4_SUPPORT="yes" NFS4_SUPPORT="yes"
## Path: Network/File systems/NFS server
## Description: NFSv4 server minor version
## Type: integer
## Default: 0
## ServiceRestart: nfsserver
#
# Select NFSv4 minor version for server to support (0, 1).
# If '1' is selected, NFSv4.0 will also be supported.
NFS4_SERVER_MINOR_VERSION="0"
## Path: Network/File systems/NFS server ## Path: Network/File systems/NFS server
## Description: Network Status Monitor options ## Description: Network Status Monitor options
## Type: string ## Type: string
## Default: "" ## Default: ""
# #
# If a fixed port should be used to send reboot notification
# messages to other systems, that port should be given
# here as "-p portnumber".
# #
SM_NOTIFY_OPTIONS="" SM_NOTIFY_OPTIONS=""
@ -133,6 +146,16 @@ SVCGSSD_OPTIONS=""
# -H <shared_hostname> in a high-availability configuration. # -H <shared_hostname> in a high-availability configuration.
NFSD_OPTIONS="" NFSD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Extra options for gssd
## Type: string
## Default: ""
#
# Normally gssd does not require any options. In some circumstances,
# -n, -l or other options might be useful. See "man 8 rpc.gssd" for
# details. Those options can be set here.
GSSD_OPTIONS=""
## Path: Network/File systems/NFS server ## Path: Network/File systems/NFS server
## Description: Extra options for mountd ## Description: Extra options for mountd
## Type: string ## Type: string
@ -142,3 +165,16 @@ NFSD_OPTIONS=""
# such as --manage-gids. # such as --manage-gids.
MOUNTD_OPTIONS="" MOUNTD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Avoid DNS lookups for kerberos principal
## Type: yesno
## Default: no
## ServiceRestart: gssd
#
# Avoid DNS lookups when determining kerberos identity
# of NFS server (yes/no)
# "yes" is safest, but "no" might be needed to preserve
# correct behaviour at sites that don't use
# Fully Qualified Domain Names when mounting NFS Shares.
#
NFS_GSSD_AVOID_DNS="no"