pool/nfs-utils
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- New upstream version 1.2.4 - plus a few important

Browse Source 
patches from git.  This adds a new binary nfsidmap,
  with man page. Also: build with libmount enabled
  to correctly handle /etc/mtab being linked to
  /proc/self/mounts. (bnc#681106)

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=54
This commit is contained in:
Neil Brown 2011-08-18 08:20:54 +00:00 committed by Git OBS Bridge
parent 3eec09d634
commit 0ee893353b
20 changed files with 256 additions and 593 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@ -21,6 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
nfs-utils-allow-port-number-sharing filter=lfs diff=lfs merge=lfs -text
nfs-utils-improve-v4-umount filter=lfs diff=lfs merge=lfs -text

55
Statd-should-always-chdir-to-its-state-directory.patch Normal file
View File

@ -0,0 +1,55 @@
From 1ce0374d445d8a3dbdfb3e9da4c76be9df44666b Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Thu, 21 Jul 2011 14:23:00 -0400
Subject: [PATCH] Statd should always 'chdir' to its state directory.
s statd can be started by 'mount' which can sometimes be run by a
normal user, the current-working-directory could be anything. In
partcular it could be in a mounted filesystem. As 'statd' continues
running as a daemon it could keep prevent that filesystem from being
unmounted.
statd does currently 'chdir' to the state directory, but only if the
state directory is not owned by root. This is wrong - it should check
for root after the chdir, not before.
So swap the two if statements around.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/nsm/file.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/support/nsm/file.c b/support/nsm/file.c
index 98b47bf..a12c753 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -395,18 +395,18 @@ nsm_drop_privileges(const int pidfd)
return false;
}
- if (st.st_uid == 0) {
- xlog_warn("Running as root. "
- "chown %s to choose different user", nsm_base_dirname);
- return true;
- }
-
if (chdir(nsm_base_dirname) == -1) {
xlog(L_ERROR, "Failed to change working directory to %s: %m",
nsm_base_dirname);
return false;
}
+ if (st.st_uid == 0) {
+ xlog_warn("Running as root. "
+ "chown %s to choose different user", nsm_base_dirname);
+ return true;
+ }
+
/*
* If the pidfile happens to reside on NFS, dropping privileges
* will probably cause us to lose access, even though we are
--
1.7.3.4

52
addmntent.fix
View File

@ -1,52 +0,0 @@
From a47739bf3b89432e112d1d2ed9bbdaf1e09d450a Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Tue, 17 May 2011 14:36:21 +1000
Subject: [PATCH] Remove risk of nfs_addmntent corrupting mtab
nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.
See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Signed-off-by: NeilBrown <neilb@suse.de>
---
support/nfs/nfs_mntent.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- nfs-utils-1.2.1.orig/support/nfs/nfs_mntent.c
+++ nfs-utils-1.2.1/support/nfs/nfs_mntent.c
@@ -12,6 +12,7 @@
#include <string.h> /* for index */
#include <ctype.h> /* for isdigit */
#include <sys/stat.h> /* for umask */
+#include <unistd.h> /* for ftruncate */
#include "nfs_mntent.h"
#include "nls.h"
@@ -127,9 +128,11 @@ int
nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
char *m1, *m2, *m3, *m4;
int res;
+ off_t length;
if (fseek (mfp->mntent_fp, 0, SEEK_END))
return 1; /* failure */
+ length = ftell(mfp->mntent_fp);
m1 = mangle(mnt->mnt_fsname);
m2 = mangle(mnt->mnt_dir);
@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mnte
free(m2);
free(m3);
free(m4);
+ if (res >= 0)
+ res = fflush(mfp->mntent_fp);
+ if (res < 0)
+ /* Avoid leaving a corrupt mtab file */
+ ftruncate(fileno(mfp->mntent_fp), length);
+
return (res < 0) ? 1 : 0;
}

38
do-not-error-when-address-family-not-supported
View File

@ -1,38 +0,0 @@
From: Suresh Jayaraman <sjayaraman@suse.de>
Subject: [PATCH] supress socket error when address family is not supported
Patch-mainline: No
References: bnc#670449
It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
when starting NFS server, the following error occurs:
"rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
family not supported by protocol)"
This is obviously a true message, but does not represent an "error" when ipv6
is not enabled. Rather, it is an expected condition. As such, it can be
confusing / misleading / distracting to display it in this scenario.
This patch instead of throwing error when a socket call fails with
EAFNOSUPPORT, makes it as a NOTICE.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
---
utils/nfsd/nfssvc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- nfs-utils-1.2.1.orig/utils/nfsd/nfssvc.c
+++ nfs-utils-1.2.1/utils/nfsd/nfssvc.c
@@ -137,7 +137,12 @@ nfssvc_setfds(const struct addrinfo *hin
sockfd = socket(addr->ai_family, addr->ai_socktype,
addr->ai_protocol);
if (sockfd < 0) {
- xlog(L_ERROR, "unable to create %s %s socket: "
+ if (errno == EAFNOSUPPORT)
+ xlog(L_NOTICE, "address family %s not "
+ "supported by protocol %s",
+ family, proto);
+ else
+ xlog(L_ERROR, "unable to create %s %s socket: "
"errno %d (%m)", family, proto, errno);
rc = errno;
goto error;

34
exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch Normal file
View File

@ -0,0 +1,34 @@
From c4c6126f05713afe46c0e99647d7a07dd1fc2ebb Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Tue, 12 Jul 2011 10:00:01 -0400
Subject: [PATCH] exportfs: closing fd associated with /proc/fs/nfsd/export_features
The fd associated with /proc/fs/nfsd/export_features opened in
get_export_features is not closed.
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/nfs/exports.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index c250383..c96500f 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -784,8 +784,9 @@ struct export_features *get_export_features(void)
fd = open(path, O_RDONLY);
if (fd == -1)
goto good;
- fd = read(fd, buf, 50);
- if (fd == -1)
+ c = read(fd, buf, 50);
+ close(fd);
+ if (c == -1)
goto err;
c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags);
if (c != 2)
--
1.7.3.4

83
mount-catch-signals
View File

@ -1,83 +0,0 @@
Subject: [PATCH] mount: improve signal management when locking mtab.
References: bnc#689799
As mount.nfs can run setuid it must be careful about how the user can
interact with in. In particular it needs to ensure it does not
respond badly to any signals that the user might be able to generate.
This is particularly an issue while updating /etc/mtab (when that is
not linked to /proc/mounts). If the user can generate a signal which
kills mount.nfs while /etc/mtab is locked, then it will leave the file
locked, and could possibly corrupt mtab (particularly if 'ulimit 1'
was previously issued).
Currently lock_mtab does set some handlers for signals, but not
enough. It arranges for every signal up to (but not including)
SIGCHLD to cause mount.nfs to unlock mdadm promptly exit ... even if
the default behaviour would be to ignore the signal. SIGALRM is
handled specially, and signals after SIGCHLD are left with their
default behaviour. This includes for example SIGXFSZ which can be
generated by the user running "ulimit 1".
So: change this so that some signals are left unchanged, SIGALRM is
handled as required, and all signals that the user can generate are
explicitly ignored.
The remainder still cause mount.nfs to print a message, unlock mtab, and exit.
Signed-off-by: NeilBrown <neilb@suse.de>
---
utils/mount/fstab.c | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
--- nfs-utils-1.2.1.orig/utils/mount/fstab.c
+++ nfs-utils-1.2.1/utils/mount/fstab.c
@@ -331,16 +331,43 @@ lock_mtab (void) {
int sig = 0;
struct sigaction sa;
- sa.sa_handler = handler;
sa.sa_flags = 0;
sigfillset (&sa.sa_mask);
- while (sigismember (&sa.sa_mask, ++sig) != -1
- && sig != SIGCHLD) {
- if (sig == SIGALRM)
+ while (sigismember (&sa.sa_mask, ++sig) != -1) {
+ switch(sig) {
+ case SIGCHLD:
+ case SIGKILL:
+ case SIGCONT:
+ case SIGSTOP:
+ /* These cannot be caught, or should not,
+ * so don't even try.
+ */
+ continue;
+ case SIGALRM:
sa.sa_handler = setlkw_timeout;
- else
+ break;
+ case SIGHUP:
+ case SIGINT:
+ case SIGQUIT:
+ case SIGWINCH:
+ case SIGTSTP:
+ case SIGTTIN:
+ case SIGTTOU:
+ case SIGPIPE:
+ case SIGXFSZ:
+ case SIGXCPU:
+ /* non-priv user can cause these to be
+ * generated, so ignore them.
+ */
+ sa.sa_handler = SIG_IGN;
+ break;
+ default:
+ /* The rest should not be possible, so just
+ * print a message and unlock mtab.
+ */
sa.sa_handler = handler;
+ }
sigaction (sig, &sa, (struct sigaction *) 0);
}
signals_have_been_setup = 1;

44
mount-fix-for-libmount-from-util-linux-2.20.patch Normal file
View File

@ -0,0 +1,44 @@
From 151a82d9c80315caff7081f16916d1913a67033a Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 3 Aug 2011 15:12:53 -0400
Subject: [PATCH] mount: fix for libmount from util-linux >= 2.20
The function mnt_fs_set_fs_options() has been removed from the final
version of the libmount API.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/mount/mount_libmount.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
index 6dd6484..cf6e58c 100644
--- a/utils/mount/mount_libmount.c
+++ b/utils/mount/mount_libmount.c
@@ -61,10 +61,19 @@ int nomtab;
* managed by libmount at all. We have to use "mount attributes" that are
* private for mount.<type> helpers.
*/
-static void store_mount_options(struct libmnt_fs *fs, const char *opts)
+static void store_mount_options(struct libmnt_fs *fs, const char *nfs_opts)
{
- mnt_fs_set_fs_options(fs, opts); /* for mtab */
- mnt_fs_set_attributes(fs, opts); /* for non-mtab systems */
+ char *o = NULL;
+
+ mnt_fs_set_attributes(fs, nfs_opts); /* for non-mtab systems */
+
+ /* for mtab create a new options list */
+ mnt_optstr_append_option(&o, mnt_fs_get_vfs_options(fs), NULL);
+ mnt_optstr_append_option(&o, nfs_opts, NULL);
+ mnt_optstr_append_option(&o, mnt_fs_get_user_options(fs), NULL);
+
+ mnt_fs_set_options(fs, o);
+ free(o);
}
/*
--
1.7.3.4

31
mountd-Fixed-strcmp-usage-in-in-insert-groups.patch Normal file
View File

@ -0,0 +1,31 @@
From 64a21e6c9dd29416fcd903a3f0eaf18d717907dc Mon Sep 17 00:00:00 2001
From: Matthew Treinish <treinish@linux.vnet.ibm.com>
Date: Wed, 3 Aug 2011 13:10:14 -0400
Subject: [PATCH] mountd: Fixed strcmp usage in in insert groups.
Fixed the usage of strcmp in the duplicate check in insert groups.
Fixes an issue with showmount and other commands that required
the group information.
Signed-off-by: Matthew Treinish <treinish@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/mountd/mountd.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 035624c..bcf5080 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -633,7 +633,7 @@ static void insert_group(struct exportnode *e, char *newname)
struct groupnode *g;
for (g = e->ex_groups; g; g = g->gr_next)
- if (strcmp(g->gr_name, newname))
+ if (!strcmp(g->gr_name, newname))
return;
g = xmalloc(sizeof(*g));
--
1.7.3.4

110
mountd-auth-fix
View File

@ -1,110 +0,0 @@
From b50ad13298b3e9519a9bdecb8c146c9ecf39cef8 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@redhat.com>
Date: Wed, 22 Jun 2011 14:51:38 -0400
Subject: [PATCH] nfs: fix host_reliable_addrinfo
References: bnc#701702
According to Neil Brown:
The point of the word 'reliable' is to check that the name we get
really does belong to the host in question - ie that both the
forward and reverse maps agree.
But the new code doesn't do that check at all. Rather it simply
maps the address to a name, then discards the address and maps the
name back to a list of addresses and uses that list of addresses as
"where the request came from" for permission checking.
This bug is exploitable via the following scenario and could allow an
attacker access to data that they shouldn't be able to access.
Suppose you export a filesystem to some subnet or FQDN and also to a
wildcard or netgroup, and I know the details of this (maybe
showmount -e tells me) Suppose further that I can get IP packets to
your server..
Then I create a reverse mapping for my ipaddress to a domain that I
own, say "black.hat.org", and a forward mapping from that domain to
my IP address, and one of your IP addresses.
Then I try to mount your filesystem. The IP address gets correctly
mapped to "black.hat.org" and then mapped to both my IP address and
your IP address.
Then you search through all of your exports and find that one of the
addresses: yours - is allowed to access the filesystem.
So you create an export based on the addrinfo you have which allows
my IP address the same access as your IP address.
Fix this by instead using the forward lookup of the hostname just to
verify that the original address is in the list. Then do a numeric
lookup using the address and stick the hostname in the ai_canonname.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/export/hostname.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
--- nfs-utils-1.2.3.orig/support/export/hostname.c
+++ nfs-utils-1.2.3/support/export/hostname.c
@@ -262,17 +262,19 @@ host_canonname(const struct sockaddr *sa
* @sap: pointer to socket address to look up
*
* Reverse and forward lookups are performed to ensure the address has
- * proper forward and reverse mappings.
+ * matching forward and reverse mappings.
*
- * Returns address info structure with ai_canonname filled in, or NULL
- * if no information is available for @sap. Caller must free the returned
- * structure with freeaddrinfo(3).
+ * Returns addrinfo structure with just the provided address with
+ * ai_canonname filled in. If there is a problem with resolution or
+ * the resolved records don't match up properly then it returns NULL
+ *
+ * Caller must free the returned structure with freeaddrinfo(3).
*/
__attribute_malloc__
struct addrinfo *
host_reliable_addrinfo(const struct sockaddr *sap)
{
- struct addrinfo *ai;
+ struct addrinfo *ai, *a;
char *hostname;
hostname = host_canonname(sap);
@@ -280,9 +282,31 @@ host_reliable_addrinfo(const struct sock
return NULL;
ai = host_addrinfo(hostname);
+ if (!ai)
+ goto out_free_hostname;
- free(hostname);
+ /* make sure there's a matching address in the list */
+ for (a = ai; a; a = a->ai_next)
+ if (nfs_compare_sockaddr(a->ai_addr, sap))
+ break;
+
+ freeaddrinfo(ai);
+ if (!a)
+ goto out_free_hostname;
+
+ /* get addrinfo with just the original address */
+ ai = host_numeric_addrinfo(sap);
+ if (!ai)
+ goto out_free_hostname;
+
+ /* and populate its ai_canonname field */
+ free(ai->ai_canonname);
+ ai->ai_canonname = hostname;
return ai;
+
+out_free_hostname:
+ free(hostname);
+ return NULL;
}
/**

3
nfs-utils-1.2.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5575ece941097cbfa67fbe0d220dfa11b73f5e6d991e7939c9339bd72259ff19
size 672759

3
nfs-utils-1.2.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6ff1c702b1d61dc6e8c69cd977f79ab7d662dc870337ef89ca6d1b41bad026c0
size 664358

3
nfs-utils-allow-port-number-sharing
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:677e5240198d3a25ca727e7cb2e60d04e2c3abb45fd5f928375d3c9070e372b1
size 14343

106
nfs-utils-clear-mountd-reg
View File

@ -1,106 +0,0 @@
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from imap.suse.de ([unix socket])
by imap-int (Cyrus v2.2.12) with LMTPA;
Mon, 11 Oct 2010 02:04:17 +0200
X-Sieve: CMU Sieve 2.2
Received: from relay1.suse.de (relay1.suse.de [149.44.160.133])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "relay.suse.de", Issuer "CAcert Class 3 Root" (verified OK))
by imap.suse.de (Postfix) with ESMTP id 0A65F3C416B3
for <nfbrown@imap.suse.de>; Mon, 11 Oct 2010 02:04:17 +0200 (CEST)
Received: by relay1.suse.de (Postfix)
id 01A90344BA64; Mon, 11 Oct 2010 02:04:17 +0200 (CEST)
Received: from relay1.suse.de (localhost [127.0.0.1])
by relay1.suse.de (Postfix) with ESMTP id EAE7C344BA63
for <neilb@suse.de>; Mon, 11 Oct 2010 02:04:16 +0200 (CEST)
Received: from relay1.suse.de ([127.0.0.1])
by relay1.suse.de (relay1.suse.de [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id 06582-10 for <neilb@suse.de>;
Mon, 11 Oct 2010 02:04:16 +0200 (CEST)
Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15])
by relay1.suse.de (Postfix) with ESMTP id A9C85344BA61
for <neilb@suse.de>; Mon, 11 Oct 2010 02:04:16 +0200 (CEST)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mx2.suse.de (Postfix) with ESMTP id 48FDA8738D
for <neilb@suse.de>; Mon, 11 Oct 2010 02:04:16 +0200 (CEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1752517Ab0JKAEP (ORCPT <rfc822;neilb@suse.de>);
Sun, 10 Oct 2010 20:04:15 -0400
Received: from mail-iw0-f174.google.com ([209.85.214.174]:38170 "EHLO
mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1752478Ab0JKAEO (ORCPT
<rfc822;linux-nfs@vger.kernel.org>); Sun, 10 Oct 2010 20:04:14 -0400
Received: by mail-iw0-f174.google.com with SMTP id 6so2668490iwn.19
for <linux-nfs@vger.kernel.org>; Sun, 10 Oct 2010 17:04:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:sender:from:subject:to:cc
:date:message-id:in-reply-to:references:user-agent:mime-version
:content-type:content-transfer-encoding;
bh=t0jGXR6R6oFSOiIUs0mhcgc6DxuwAvaQUeA4K9C6P84=;
b=a4iSPFd5eQ0w0uyOCzEw0E44Ud/KpIE0iyhwHFBL7/yElckfZuR+8EbyeT2DdjMz/U
CBTTU+1m2Rl7Jgo+SvQqsYi84y86JzTzF70Yxyz9t3JlR5M1L4lnJpRqLQDQKBeFZcBF
xK7+GTLWxsMes1kGvXF9hP8wvMrtwDG+e2TQk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=sender:from:subject:to:cc:date:message-id:in-reply-to:references
:user-agent:mime-version:content-type:content-transfer-encoding;
b=lTAr0b38PPzxyY95nnjiEMYRgiHw+BGTRAesblo6IygAHrBDQcd/2a0cCFPkxC0QH/
eGi1Nko+PqLCE197Av+G4OFIvf4TD6fePOfXcVcTy201y0Xv5keebgt1Qb+TBkFK/U3I
yQi/JS9/L3l9sZBfqmB6rvmqLodMbYhu87BQk=
Received: by 10.42.211.140 with SMTP id go12mr1536860icb.320.1286755454106;
Sun, 10 Oct 2010 17:04:14 -0700 (PDT)
Received: from ellison.1015granger.net (adsl-76-241-169-38.dsl.sfldmi.sbcglobal.net [76.241.169.38])
by mx.google.com with ESMTPS id gy41sm6556180ibb.23.2010.10.10.17.04.12
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Sun, 10 Oct 2010 17:04:13 -0700 (PDT)
From: Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH 01/15] mountd: Clear mountd registrations at start up
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Date: Sun, 10 Oct 2010 20:04:11 -0400
Message-ID: <20101011000411.6667.17979.stgit@ellison.1015granger.net>
In-Reply-To: <20101010234836.6667.4057.stgit@ellison.1015granger.net>
References: <20101010234836.6667.4057.stgit@ellison.1015granger.net>
User-Agent: StGIT/0.14.3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: by amavisd-new at relay1.suse.de
X-Spam-Status: No, score=-4.999 tagged_above=-20 required=5
tests=[BAYES_50=0.001, MY_LINUX=-1, RCVD_IN_DNSWL_MED=-4]
X-Spam-Score: -4.999
X-Spam-Level:
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2
Clear stale MNT registrations before mountd tries to create fresh
listeners, to ensure that mountd starts. This is also what statd
does.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
utils/mountd/mountd.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index d309950..7e0cf6a 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -840,6 +840,7 @@ main(int argc, char **argv)
if (new_cache)
cache_open();
+ unregister_services();
if (version2()) {
listeners += nfs_svc_create("mountd", MOUNTPROG,
MOUNTVERS, mount_dispatch, port);
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

130
nfs-utils-fix-remount
View File

@ -1,130 +0,0 @@
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from imap.suse.de ([unix socket])
by imap-int (Cyrus v2.2.12) with LMTPA;
Mon, 11 Oct 2010 02:06:35 +0200
X-Sieve: CMU Sieve 2.2
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "relay.suse.de", Issuer "CAcert Class 3 Root" (verified OK))
by imap.suse.de (Postfix) with ESMTP id BE1103C416B3
for <nfbrown@imap.suse.de>; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: by relay2.suse.de (Postfix)
id B466A18552E3; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by relay2.suse.de (Postfix) with ESMTP id A9D7618552E2
for <neilb@suse.de>; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: from relay2.suse.de ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10026) with ESMTP
id 29122-13 for <neilb@suse.de>; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15])
by relay2.suse.de (Postfix) with ESMTP id 6B65518552E1
for <neilb@suse.de>; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mx2.suse.de (Postfix) with ESMTP id 14B278738D
for <neilb@suse.de>; Mon, 11 Oct 2010 02:06:35 +0200 (CEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1752634Ab0JKAGe (ORCPT <rfc822;neilb@suse.de>);
Sun, 10 Oct 2010 20:06:34 -0400
Received: from mail-iw0-f174.google.com ([209.85.214.174]:38170 "EHLO
mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1752630Ab0JKAGe (ORCPT
<rfc822;linux-nfs@vger.kernel.org>); Sun, 10 Oct 2010 20:06:34 -0400
Received: by mail-iw0-f174.google.com with SMTP id 6so2668490iwn.19
for <linux-nfs@vger.kernel.org>; Sun, 10 Oct 2010 17:06:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:sender:from:subject:to:cc
:date:message-id:in-reply-to:references:user-agent:mime-version
:content-type:content-transfer-encoding;
bh=UJO3paHucq6OlKM06UEb1TVN7QqzkPyXWN7fNztk7mQ=;
b=WGeehh2PC4rE1yirLXFQQ14UxrmfbbOCNqK2L2tESAaywDxoDSFRMJzdR885ARlMC9
GZwggetqRpo+LU2m36u2ZeE3gtOIFCZ23GClQbdRUiKKMwzRpWbP3vfEt7adJIV2RjsW
thMkV1EOnxeJMpP4IJdRRXxJ8tXkCaHjwzj38=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=sender:from:subject:to:cc:date:message-id:in-reply-to:references
:user-agent:mime-version:content-type:content-transfer-encoding;
b=kL7dvDU66o7mLvoqMOG0Xw/RxY3rj5LA9DjPUc79e+XB9OxHuwVhwbzwL0dCaBmD16
VhumTwhcPLN/wEkiuSMe/Tsu3di038gQL/nz6zBeszxC3JVrDO5aGw/DAsT0fcipVNyg
sJR3xvqRVFuH7VtO1a/HugVzTwMiCt+EBcvRY=
Received: by 10.231.12.133 with SMTP id x5mr2060586ibx.131.1286755593267;
Sun, 10 Oct 2010 17:06:33 -0700 (PDT)
Received: from ellison.1015granger.net (adsl-76-241-169-38.dsl.sfldmi.sbcglobal.net [76.241.169.38])
by mx.google.com with ESMTPS id gy41sm6552605ibb.11.2010.10.10.17.06.31
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Sun, 10 Oct 2010 17:06:32 -0700 (PDT)
From: Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH 15/15] mount.nfs: don't show "remount" flag in /etc/mtab
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Date: Sun, 10 Oct 2010 20:06:30 -0400
Message-ID: <20101011000630.6667.13971.stgit@ellison.1015granger.net>
In-Reply-To: <20101010234836.6667.4057.stgit@ellison.1015granger.net>
References: <20101010234836.6667.4057.stgit@ellison.1015granger.net>
User-Agent: StGIT/0.14.3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: by amavisd-new at localhost
X-Spam-Status: No, score=-4.999 tagged_above=-20 required=5
tests=[BAYES_50=0.001, MY_LINUX=-1, RCVD_IN_DNSWL_MED=-4]
X-Spam-Score: -4.999
X-Spam-Level:
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2
Don't add the 'remount' option to /etc/mtab. This is the same
behavior as file systems that use the monolithic /sbin/mount command.
See the MS_NOMTAB macro in utils-linux-ng/mount/mount.c.
Note that mount(8) has MS_USERS and MS_USER in the "nomtab" category
as well, but mount.nfs needs to record those values so that unmounting
a user-mounted NFS file system can work.
While we're here, fix some white space damage in fix_opts_string().
This is a partial fix for:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=188
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
utils/mount/mount.c | 4 ++--
utils/mount/mount_constants.h | 4 ++++
2 files changed, 6 insertions(+), 2 deletions(-)
--- nfs-utils-1.2.3.orig/utils/mount/mount.c
+++ nfs-utils-1.2.3/utils/mount/mount.c
@@ -209,7 +209,7 @@ static char *fix_opts_string(int flags,
}
if (flags & MS_USERS)
new_opts = xstrconcat3(new_opts, ",users", "");
-
+
for (om = opt_map; om->opt != NULL; om++) {
if (om->skip)
continue;
@@ -281,7 +281,7 @@ static int add_mtab(char *spec, char *mo
ment.mnt_fsname = spec;
ment.mnt_dir = mount_point;
ment.mnt_type = fstype;
- ment.mnt_opts = fix_opts_string(flags, opts);
+ ment.mnt_opts = fix_opts_string(flags & ~MS_NOMTAB, opts);
ment.mnt_freq = freq;
ment.mnt_passno = pass;
--- nfs-utils-1.2.3.orig/utils/mount/mount_constants.h
+++ nfs-utils-1.2.3/utils/mount/mount_constants.h
@@ -64,4 +64,8 @@ if we have a stack or plain mount - moun
#define MS_MGC_MSK 0xffff0000 /* magic flag number mask */
#endif
+/* Generic options that are prevented from appearing
+ * in the options field in /etc/mtab. */
+#define MS_NOMTAB (MS_REMOUNT)
+
#endif /* _NFS_UTILS_MOUNT_CONSTANTS_H */

3
nfs-utils-improve-v4-umount
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0419dfd7ed1949e77e3051cc8b923a8737ec6c4379c18cd08c79a4499aa612cf
size 8486

9
nfs-utils.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Aug 18 07:48:27 UTC 2011 - nfbrown@novell.com
- New upstream version 1.2.4 - plus a few important
patches from git. This adds a new binary nfsidmap,
with man page. Also: build with libmount enabled
to correctly handle /etc/mtab being linked to
/proc/self/mounts. (bnc#681106)
-------------------------------------------------------------------
Thu Jun 23 05:41:25 UTC 2011 - nfbrown@novell.com

26
nfs-utils.spec
View File

@ -19,6 +19,7 @@
Name: nfs-utils
BuildRequires: e2fsprogs-devel gcc-c++ krb5-devel libgssglue-devel librpcsecgss libtirpc-devel nfsidmap-devel pkgconfig tcpd-devel
BuildRequires: libmount-devel
%if 0%{?suse_version} > 1100
BuildRequires: libevent-devel
%else
@ -26,8 +27,8 @@ BuildRequires: libevent
%endif
Url: http://nfs.sourceforge.net
Summary: Support Utilities for Kernel nfsd
Version: 1.2.3
Release: 25
Version: 1.2.4
Release: 1
Group: Productivity/Networking/NFS
License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -52,15 +53,11 @@ Source12: start-statd
Source13: nfs-utils.rpmlintrc
Patch0: nfs-utils-1.0.7-bind-syntax.patch
Patch1: warn-nfs-udp.patch
Patch2: nfs-utils-clear-mountd-reg
Patch3: nfs-utils-allow-port-number-sharing
Patch4: nfs-utils-improve-v4-umount
Patch5: nfs-utils-fix-remount
Patch6: rpc.mountd-segfault-fix
Patch7: do-not-error-when-address-family-not-supported
Patch8: addmntent.fix
Patch9: mount-catch-signals
Patch10: mountd-auth-fix
Patch2: exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch
Patch3: mountd-Fixed-strcmp-usage-in-in-insert-groups.patch
Patch4: mount-fix-for-libmount-from-util-linux-2.20.patch
Patch5: rpc.statd-Bind-downcall-socket-to-loopback-address.patch
Patch6: Statd-should-always-chdir-to-its-state-directory.patch
Suggests: python-base
%description
@ -145,10 +142,6 @@ Authors:
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
cp %{S:6} .
%build
@ -161,6 +154,7 @@ CFLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing" LDFLAGS="-pie" ./configure \
--enable-gss \
--enable-ipv6 \
--enable-mount \
--enable-libmount-mount \
--enable-mountconfig \
--with-krb5=/usr/lib/mit
make
@ -278,6 +272,7 @@ fi
/usr/sbin/gss_destroy_creds
%attr(0755,root,root) /usr/sbin/mountstats
%attr(0755,root,root) /usr/sbin/nfsiostat
/usr/sbin/nfsidmap
/usr/sbin/nfsstat
/usr/sbin/rcnfs
/usr/sbin/rpc.gssd
@ -290,6 +285,7 @@ fi
%{_mandir}/man5/nfsmount.conf.5.gz
%{_mandir}/man5/nfs.5.gz
%{_mandir}/man8/mount.nfs.8.gz
%{_mandir}/man8/nfsidmap.8.gz
%{_mandir}/man8/nfsstat.8.gz
%{_mandir}/man8/rpc.sm-notify.8.gz
%{_mandir}/man8/showmount.8.gz

30
rpc.mountd-segfault-fix
View File

@ -1,30 +0,0 @@
From 730f6986f86873513fa021a450eb55ccd0f2fbff Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Wed, 26 Jan 2011 07:49:19 -0500
Subject: [PATCH] Fixed segfault in rpc.mountd
A unallocated piece of memory, instead of a NULL point, was being
used to initialize a ->next point in the mount link list which
caused a segfault after a few remote accesses via the showmount
command.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/mountd/rmtab.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
index d339296..527377f 100644
--- a/utils/mountd/rmtab.c
+++ b/utils/mountd/rmtab.c
@@ -205,6 +205,7 @@ mountlist_list(void)
}
if (stb.st_mtime != last_mtime) {
mountlist_freeall(mlist);
+ mlist = NULL;
last_mtime = stb.st_mtime;
setrmtabent("r");
--
1.7.3.4

50
rpc.statd-Bind-downcall-socket-to-loopback-address.patch Normal file
View File

@ -0,0 +1,50 @@
From c7e224a75f480f955532c96937a5d58cc6e10272 Mon Sep 17 00:00:00 2001
From: Chuck Lever <chuck.lever@oracle.com>
Date: Wed, 3 Aug 2011 13:22:52 -0400
Subject: [PATCH] rpc.statd: Bind downcall socket to loopback address
In the past, rpc.statd posted SM_NOTIFY requests using the same socket
it used for sending downcalls to the kernel. To receive replies from
remote hosts, the socket was bound to INADDR_ANY.
With commit f113db52 "Remove notify functionality from statd in
favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer
used for sending requests to remote hosts. However, the downcall
socket is still bound to INADDR_ANY.
Thus a remote host can inject data on this socket since it is an
unconnected UDP socket listening for RPC replies. Thanks to f113db52,
the port number of this socket is no longer controlled by a command
line option, making it difficult to firewall.
We have demonstrated that data injection on this socket can result in
a DoS by causing rpc.statd to consume CPU and log bandwidth, but so
far we have not found a breach.
To prevent unwanted data injection, bind this socket to the loopback
address.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/statd/rmtcall.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
index 0e52fe2..4ecb03c 100644
--- a/utils/statd/rmtcall.c
+++ b/utils/statd/rmtcall.c
@@ -85,7 +85,7 @@ statd_get_socket(void)
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = INADDR_ANY;
+ sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
if (bindresvport(sockfd, &sin) < 0) {
xlog(D_GENERAL, "%s: can't bind to reserved port",
--
1.7.3.4

36
warn-nfs-udp.patch
View File

@ -4,9 +4,9 @@
utils/mount/stropts.c | 13 +++++++
3 files changed, 99 insertions(+)
--- nfs-utils-1.2.3.orig/utils/mount/nfs.man
+++ nfs-utils-1.2.3/utils/mount/nfs.man
@@ -504,6 +504,8 @@ Specifying a netid that uses TCP forces
--- nfs-utils-1.2.4.orig/utils/mount/nfs.man
+++ nfs-utils-1.2.4/utils/mount/nfs.man
@@ -503,6 +503,8 @@ Specifying a netid that uses TCP forces
command and the NFS client to use TCP.
Specifying a netid that uses UDP forces all traffic types to use UDP.
.IP
@ -15,7 +15,7 @@
If the
.B proto
mount option is not specified, the
@@ -518,6 +520,8 @@ The
@@ -517,6 +519,8 @@ The
option is an alternative to specifying
.BR proto=udp.
It is included for compatibility with other operating systems.
@ -24,7 +24,7 @@
.TP 1.5i
.B tcp
The
@@ -932,6 +936,8 @@ in a single frame) is advised. This r
@@ -975,6 +979,8 @@ in a single frame) is advised. This r
the loss of a single MTU-sized network frame results in the loss of
an entire large read or write request.
.P
@ -33,10 +33,10 @@
TCP is the default transport protocol used for all modern NFS
implementations. It performs well in almost every conceivable
network environment and provides excellent guarantees against data
@@ -1480,6 +1486,83 @@ of Access Control Lists that are semanti
NFS version 4 ACLs are not fully compatible with POSIX ACLs; as such,
some translation between the two is required
in an environment that mixes POSIX ACLs and NFS version 4.
@@ -1566,6 +1572,83 @@ export pathname, but not both, during a
merges the mount option
.B ro
with the mount options already saved on disk for the NFS server mounted at /mnt.
+.SH WARNINGS
+Using NFS over UDP on high-speed links such as Gigabit
+.BR "can cause silent data corruption" .
@ -117,8 +117,8 @@
.SH FILES
.TP 1.5i
.I /etc/fstab
--- nfs-utils-1.2.3.orig/utils/mount/nfsmount.c
+++ nfs-utils-1.2.3/utils/mount/nfsmount.c
--- nfs-utils-1.2.4.orig/utils/mount/nfsmount.c
+++ nfs-utils-1.2.4/utils/mount/nfsmount.c
@@ -264,6 +264,9 @@ parse_options(char *old_opts, struct nfs
if (!strcmp(opteq+1, "udp")) {
nfs_pmap->pm_prot = IPPROTO_UDP;
@ -129,16 +129,18 @@
#if NFS_MOUNT_VERSION >= 2
data->flags &= ~NFS_MOUNT_TCP;
} else if (!strcmp(opteq+1, "tcp") &&
--- nfs-utils-1.2.3.orig/utils/mount/stropts.c
+++ nfs-utils-1.2.3/utils/mount/stropts.c
@@ -569,11 +569,24 @@ static int nfs_sys_mount(struct nfsmount
--- nfs-utils-1.2.4.orig/utils/mount/stropts.c
+++ nfs-utils-1.2.4/utils/mount/stropts.c
@@ -567,6 +567,8 @@ static int nfs_sys_mount(struct nfsmount
{
char *options = NULL;
int result;
+ char *proto;
+ static int once = 0;
if (po_join(opts, &options) == PO_FAILED) {
if (mi->fake)
return 1;
@@ -575,6 +577,17 @@ static int nfs_sys_mount(struct nfsmount
errno = EIO;
return 0;
}
@ -154,5 +156,5 @@
+ }
+
if (mi->fake)
return 1;
result = mount(mi->spec, mi->node, mi->type,
mi->flags & ~(MS_USER|MS_USERS), options);