From ce3ce091131ce8f10a4a6c9eca0c1c0e36f3892a08771816711fc878126d5dbc Mon Sep 17 00:00:00 2001
From: Neil Brown <nfbrown@suse.com>
Date: Sun, 9 May 2010 23:55:36 +0000
Subject: [PATCH] - nfsserver.init / sysconfig.nfs: allow NFSv3 service   to be
 disabled so only NFSv4 can be used. bnc#598671 - nfs-v2-disable.patch: mountd
 support for above - nfs.init: unmount bind mounts with '-l' to ensure they   
   really unmount. bnc#598681

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=18
---
 nfs-utils.changes    |  9 ++++++
 nfs-utils.spec       |  4 ++-
 nfs-v2-disable.patch | 66 ++++++++++++++++++++++++++++++++++++++++++++
 nfsserver.init       | 28 ++++++++++++-------
 sysconfig.nfs        | 13 +++++++++
 5 files changed, 109 insertions(+), 11 deletions(-)
 create mode 100644 nfs-v2-disable.patch

diff --git a/nfs-utils.changes b/nfs-utils.changes
index d9c1b33..c49b1e5 100644
--- a/nfs-utils.changes
+++ b/nfs-utils.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Sun May  9 23:07:24 UTC 2010 - nfbrown@novell.com
+
+- nfsserver.init / sysconfig.nfs: allow NFSv3 service
+  to be disabled so only NFSv4 can be used. bnc#598671
+- nfs-v2-disable.patch: mountd support for above
+- nfs.init: unmount bind mounts with '-l' to ensure they
+     really unmount. bnc#598681
+
 -------------------------------------------------------------------
 Mon Apr 19 23:43:45 UTC 2010 - nfbrown@novell.com
 
diff --git a/nfs-utils.spec b/nfs-utils.spec
index 3a44948..79d42e4 100644
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@@ -27,7 +27,7 @@ BuildRequires:  libevent
 Url:            http://nfs.sourceforge.net
 Summary:        Support Utilities for Kernel nfsd
 Version:        1.2.1
-Release:        4
+Release:        5
 Group:          Productivity/Networking/NFS
 License:        GPLv2+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -50,6 +50,7 @@ Source12:       start-statd
 Patch0:         nfs-utils-1.0.7-bind-syntax.patch
 Patch1:         warn-nfs-udp.patch
 Patch2:         nfs-utils-eperm-fallback.patch
+Patch3:         nfs-v2-disable.patch
 
 %description
 This package contains the NFS utilities. You can tune the number of
@@ -129,6 +130,7 @@ Authors:
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 cp %{S:6} .
 
 %build
diff --git a/nfs-v2-disable.patch b/nfs-v2-disable.patch
new file mode 100644
index 0000000..24d2bc7
--- /dev/null
+++ b/nfs-v2-disable.patch
@@ -0,0 +1,66 @@
+Subject: Allow mountd to not listen for RPC calls when v2/v3 disabled
+References: 598671
+
+Mountd listens on 2 different versions for NFSv2 (MOUNTv1 and MOUNTv2)
+and one for NFSv3 (MOUNTv3)
+
+When --no-nfs-version requests an NFS version to be disabled, the
+code actually disabled the MOUNT version. This works is several cases,
+but requires --no-nfs-version 1 to completely disable NFSv2, which
+is wrong.
+
+So if we do disable 1, 2, and 3. mountd complain and won't run, it
+is not possible to run just v4 - i.e. not listening for MOUNT requests
+at all (as v4 doesn't need them).
+
+So change the handling of "--no-nfs-version 2" it disable MOUNTv1 as well as
+MOUNTv2, and allow mountd to continue running as long as one of
+NFSv2 NFSv3 NFSv4 is enabled.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index a0a1f2d..5373d81 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -80,10 +80,10 @@ static int nfs_version = -1;
+ static void
+ unregister_services (void)
+ {
+-	if (nfs_version & 0x1)
++	if (nfs_version & (0x1 << 1)) {
+ 		pmap_unset (MOUNTPROG, MOUNTVERS);
+-	if (nfs_version & (0x1 << 1))
+ 		pmap_unset (MOUNTPROG, MOUNTVERS_POSIX);
++	}
+ 	if (nfs_version & (0x1 << 2))
+ 		pmap_unset (MOUNTPROG, MOUNTVERS_NFSV3);
+ }
+@@ -712,8 +712,10 @@ main(int argc, char **argv)
+ 			usage(argv [0], 1);
+ 		}
+ 
+-	/* No more arguments allowed. */
+-	if (optind != argc || !(nfs_version & 0x7))
++	/* No more arguments allowed.
++	 * Require at least one valid version (2, 3, or 4)
++	 */
++	if (optind != argc || !(nfs_version & 0xE))
+ 		usage(argv [0], 1);
+ 
+ 	if (chdir(state_dir)) {
+@@ -761,12 +763,12 @@ main(int argc, char **argv)
+ 	if (new_cache)
+ 		cache_open();
+ 
+-	if (nfs_version & 0x1)
++	if (nfs_version & (0x1 << 1)) {
+ 		rpc_init("mountd", MOUNTPROG, MOUNTVERS,
+ 			 mount_dispatch, port);
+-	if (nfs_version & (0x1 << 1))
+ 		rpc_init("mountd", MOUNTPROG, MOUNTVERS_POSIX,
+ 			 mount_dispatch, port);
++	}
+ 	if (nfs_version & (0x1 << 2))
+ 		rpc_init("mountd", MOUNTPROG, MOUNTVERS_NFSV3,
+ 			 mount_dispatch, port);
diff --git a/nfsserver.init b/nfsserver.init
index 90e9cd9..5c2f9f5 100644
--- a/nfsserver.init
+++ b/nfsserver.init
@@ -95,11 +95,11 @@ nfs4_bind_mounts() {
 	    sed 's/^\([^[:space:]]*\).*bind=\([^,)]*\).*/\1 \2/;t;d' |
 	    sort |
 	    while read export dir; do
-		test -d $export || mkdir -p $export
+		test -d "$export" || mkdir -p "$export"
 		# Fortunately, mount ignores unknown
 		# options, so we have an easy way to
 		# tag our "magic" bind mounts
-	    	mount -o bind,nfsexp $dir $export
+	    	mount -o bind,nfsexp "$dir" "$export"
 	    done
 }
 
@@ -109,7 +109,7 @@ nfs4_unbind_mounts() {
 	    grep '\<nfsexp\>' |
 	    sort -r -k2 |
 	    while read src mountpoint crap; do
-		umount $mountpoint
+		umount -l "$mountpoint"
 	    done
 }
 
@@ -171,11 +171,17 @@ case "$1" in
 	mount -t nfsd nfsd /proc/fs/nfsd
 	rc_status
       fi
-      if [ "$NFS4_SUPPORT" = "yes" ]; then
-       VERSION_LIST="+2 +3 +4"
-       VERSION_PARAMS=""
+      VERSION_PARAMS=
+      if [ "$NFS3_SERVER_SUPPORT" != "no" ]; then
+       VERSION_LIST="+2 +3 "
       else
-       VERSION_LIST="+2 +3 -4"
+       VERSION_LIST="-2 -3"
+       VERSION_PARAMS="--no-nfs-version 2 --no-nfs-version 3"
+      fi
+      if [ "$NFS4_SUPPORT" = "yes" ]; then
+       VERSION_LIST="$VERSION_LIST +4"
+      else
+       VERSION_LIST="$VERSION_LIST -4"
        VERSION_PARAMS="--no-nfs-version 4"
       fi
       if [ " `cat /proc/fs/nfsd/threads`" = " 0" ]; then
@@ -211,11 +217,13 @@ case "$1" in
           rc_exit
       }
       # rpc.statd
-      echo -n " statd"
-      startproc /usr/sbin/rpc.statd --no-notify $STATD_OPTIONS || {
+      if [ "$NFS3_SERVER_SUPPORT" != "no" ]; then
+        echo -n " statd"
+        startproc /usr/sbin/rpc.statd --no-notify $STATD_OPTIONS || {
           rc_status -v
           rc_exit
-      }
+        }
+      fi
       # rpc.nfsd
       echo -n " nfsd"
       $NFSD_BIN $PARAMS $VERSION_PARAMS || {
diff --git a/sysconfig.nfs b/sysconfig.nfs
index 023440a..e357570 100644
--- a/sysconfig.nfs
+++ b/sysconfig.nfs
@@ -30,6 +30,19 @@ MOUNTD_PORT=""
 #
 NFS_SECURITY_GSS="no"
 
+## Path:                Network/File systems/NFS server
+## Description:         NFSv3 server support
+## Type:                yesno
+## Default:             yes
+## ServiceRestart:      nfsserver
+#
+# Enable NFSv3 server support (yes/no)
+# This causes the NFS server to respond to
+# NFSv2 and NFSv3 requests.  Only disable this
+# if you want to ensure only NFSv4 is used.
+#
+NFS3_SERVER_SUPPORT="yes"
+
 ## Path:                Network/File systems/NFS server
 ## Description:         NFSv4 protocol support
 ## Type:                yesno