pool/nfs-utils
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1220464 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1220464
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nfs-utils?expand=0&rev=183
This commit is contained in:
Ana Guerrero 2024-11-05 14:40:26 +00:00 committed by Git OBS Bridge
commit 27cc9be039
15 changed files with 47 additions and 1078 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
View File

@ -1,167 +0,0 @@
From 40d6d58ee6e58f50d5f1aaf8c1253b2338bd7d06 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:12:19 -0500
Subject: [PATCH] exportfs: remove warning if neither subtree_check or
no_subtree_check is given
This warning was only ever intended as a transitional aid.
It doesn't serve any purpose any longer. Let's remove it.
Also clean up some white-space issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/export/export.c | 2 +-
support/export/xtab.c | 2 +-
support/include/nfslib.h | 2 +-
support/nfs/exports.c | 43 +++++++++++++++++-----------------------
4 files changed, 21 insertions(+), 28 deletions(-)
diff --git a/support/export/export.c b/support/export/export.c
index 3e48c42def19..100912cb29c3 100644
--- a/support/export/export.c
+++ b/support/export/export.c
@@ -119,7 +119,7 @@ export_read(char *fname, int ignore_hosts)
int reexport_found = 0;
setexportent(fname, "r");
- while ((eep = getexportent(0,1)) != NULL) {
+ while ((eep = getexportent(0)) != NULL) {
exp = export_lookup(eep->e_hostname, eep->e_path, ignore_hosts);
if (!exp) {
if (export_create(eep, 0))
diff --git a/support/export/xtab.c b/support/export/xtab.c
index e210ca99d574..282f15bc79cd 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -47,7 +47,7 @@ xtab_read(char *xtab, char *lockfn, int is_export)
setexportent(xtab, "r");
if (is_export == 1)
v4root_needed = 1;
- while ((xp = getexportent(is_export==0, 0)) != NULL) {
+ while ((xp = getexportent(is_export==0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
if(xp->e_hostname) {
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
index bdbde78d9ebd..eff2a486307f 100644
--- a/support/include/nfslib.h
+++ b/support/include/nfslib.h
@@ -111,7 +111,7 @@ struct rmtabent {
* configuration file parsing
*/
void setexportent(char *fname, char *type);
-struct exportent * getexportent(int,int);
+struct exportent * getexportent(int);
void secinfo_show(FILE *fp, struct exportent *ep);
void xprtsecinfo_show(FILE *fp, struct exportent *ep);
void putexportent(struct exportent *xep);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 15dc574cc21a..a6816e60d62e 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -59,7 +59,7 @@ static int *squids = NULL, nsquids = 0,
static int getexport(char *exp, int len);
static int getpath(char *path, int len);
-static int parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr);
+static int parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr);
static int parsesquash(char *list, int **idp, int *lenp, char **ep);
static int parsenum(char **cpp);
static void freesquash(void);
@@ -109,7 +109,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
}
struct exportent *
-getexportent(int fromkernel, int fromexports)
+getexportent(int fromkernel)
{
static struct exportent ee, def_ee;
char exp[512], *hostname;
@@ -147,7 +147,7 @@ getexportent(int fromkernel, int fromexports)
* we're not reading from the kernel.
*/
if (exp[0] == '-' && !fromkernel) {
- if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0)
+ if (parseopts(exp + 1, &def_ee, &has_default_subtree_opts) < 0)
return NULL;
has_default_opts = 1;
@@ -185,20 +185,20 @@ getexportent(int fromkernel, int fromexports)
}
ee.e_hostname = xstrdup(hostname);
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
- if(ee.e_hostname)
- {
- xfree(ee.e_hostname);
- ee.e_hostname=NULL;
- }
- if(ee.e_uuid)
- {
- xfree(ee.e_uuid);
- ee.e_uuid=NULL;
- }
+ if (parseopts(opt, &ee, NULL) < 0) {
+ if(ee.e_hostname)
+ {
+ xfree(ee.e_hostname);
+ ee.e_hostname=NULL;
+ }
+ if(ee.e_uuid)
+ {
+ xfree(ee.e_uuid);
+ ee.e_uuid=NULL;
+ }
return NULL;
- }
+ }
/* resolve symlinks */
if (realpath(ee.e_path, rpath) != NULL) {
rpath[sizeof (rpath) - 1] = '\0';
@@ -433,7 +433,7 @@ mkexportent(char *hname, char *path, char *options)
}
strncpy(ee.e_path, path, sizeof (ee.e_path));
ee.e_path[sizeof (ee.e_path) - 1] = '\0';
- if (parseopts(options, &ee, 0, NULL) < 0)
+ if (parseopts(options, &ee, NULL) < 0)
return NULL;
return &ee;
}
@@ -441,7 +441,7 @@ mkexportent(char *hname, char *path, char *options)
int
updateexportent(struct exportent *eep, char *options)
{
- if (parseopts(options, eep, 0, NULL) < 0)
+ if (parseopts(options, eep, NULL) < 0)
return 0;
return 1;
}
@@ -632,7 +632,7 @@ void fix_pseudoflavor_flags(struct exportent *ep)
* Parse option string pointed to by cp and set mount options accordingly.
*/
static int
-parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
+parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr)
{
int had_subtree_opt = 0;
char *flname = efname?efname:"command line";
@@ -852,13 +852,6 @@ bad_option:
ep->e_nsqgids = nsqgids;
out:
- if (warn && !had_subtree_opt)
- xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n"
- " Assuming default behaviour ('no_subtree_check').\n"
- " NOTE: this default has changed since nfs-utils version 1.0.x\n",
-
- flname, flline,
- ep->e_hostname, ep->e_path);
if (had_subtree_opt_ptr)
*had_subtree_opt_ptr = had_subtree_opt;
--
2.43.0

99
0001-gssd-revert-commit-a5f3b7ccb01c.patch
View File

@ -1,99 +0,0 @@
From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:46:35 -0500
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
In preparation for using rpc_gss_seccreate() function, revert commit
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials"
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 2 --
utils/gssd/krb5_util.c | 42 ------------------------------------------
utils/gssd/krb5_util.h | 1 -
3 files changed, 45 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index a96647df..e5cc1d98 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
- else
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = authgss_create_default(rpc_clnt, tgtname,
&sec);
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4f..f6ce1fec 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
-/* Removed a service ticket for nfs/<name> from the ticket cache
- */
-int
-gssd_k5_remove_bad_service_cred(char *name)
-{
- krb5_creds in_creds, out_creds;
- krb5_error_code ret;
- krb5_context context;
- krb5_ccache cache;
- krb5_principal principal;
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
- char srvname[1024];
-
- ret = krb5_init_context(&context);
- if (ret)
- goto out_cred;
- ret = krb5_cc_default(context, &cache);
- if (ret)
- goto out_free_context;
- ret = krb5_cc_get_principal(context, cache, &principal);
- if (ret)
- goto out_close_cache;
- memset(&in_creds, 0, sizeof(in_creds));
- in_creds.client = principal;
- sprintf(srvname, "nfs/%s", name);
- ret = krb5_parse_name(context, srvname, &in_creds.server);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
-out_free_principal:
- krb5_free_principal(context, principal);
-out_close_cache:
- krb5_cc_close(context, cache);
-out_free_context:
- krb5_free_context(context);
-out_cred:
- return ret;
-}
-
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef87018..62c91a0e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
-int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.46.0

179
0002-conffile-don-t-report-error-from-conf_init_file.patch
View File

@ -1,179 +0,0 @@
From ed4dc834e1722b9217fae27da1adf29ab21d6a93 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:30:43 -0500
Subject: [PATCH] conffile: don't report error from conf_init_file()
conf_init_file() currently reports an error if the main config file
doesn't exist - even if there are conf files in the conf.d directory.
This is only used by nfsconfcli.c. However this is not needed. If
there is a real error, and error message is already logged.
If it is simply that the file doesn't exist, that isn't really an error.
So remove the error messages and change conf_init_file() to not return
any status.
Also fix up assorted nearby white-space issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/include/conffile.h | 2 +-
support/nfs/conffile.c | 32 ++++++++++++++------------------
tools/nfsconf/nfsconfcli.c | 15 ++-------------
3 files changed, 17 insertions(+), 32 deletions(-)
diff --git a/support/include/conffile.h b/support/include/conffile.h
index c4a3ca62860e..c04cd1ec5c0c 100644
--- a/support/include/conffile.h
+++ b/support/include/conffile.h
@@ -62,7 +62,7 @@ extern char *conf_get_str(const char *, const char *);
extern char *conf_get_str_with_def(const char *, const char *, char *);
extern char *conf_get_section(const char *, const char *, const char *);
extern char *conf_get_entry(const char *, const char *, const char *);
-extern int conf_init_file(const char *);
+extern void conf_init_file(const char *);
extern void conf_cleanup(void);
extern int conf_match_num(const char *, const char *, int);
extern int conf_remove(int, const char *, const char *);
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
index fd4a17ad4293..6b813dd95147 100644
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -658,7 +658,7 @@ conf_load_file(const char *conf_file)
return 0;
}
-static void
+static void
conf_init_dir(const char *conf_file)
{
struct dirent **namelist = NULL;
@@ -669,14 +669,14 @@ conf_init_dir(const char *conf_file)
dname = malloc(strlen(conf_file) + 3);
if (dname == NULL) {
xlog(L_WARNING, "conf_init_dir: malloc: %s", strerror(errno));
- return;
+ return;
}
sprintf(dname, "%s.d", conf_file);
n = scandir(dname, &namelist, NULL, versionsort);
if (n < 0) {
if (errno != ENOENT) {
- xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
+ xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
dname, strerror(errno));
}
free(dname);
@@ -691,7 +691,7 @@ conf_init_dir(const char *conf_file)
for (i = 0; i < n; i++ ) {
struct dirent *d = namelist[i];
- switch (d->d_type) {
+ switch (d->d_type) {
case DT_UNKNOWN:
case DT_REG:
case DT_LNK:
@@ -701,13 +701,13 @@ conf_init_dir(const char *conf_file)
}
if (*d->d_name == '.')
continue;
-
+
fname_len = strlen(d->d_name);
path_len = (fname_len + dname_len);
if (!fname_len || path_len > PATH_MAX) {
xlog(L_WARNING, "conf_init_dir: Too long file name: %s in %s",
d->d_name, dname);
- continue;
+ continue;
}
/*
@@ -715,7 +715,7 @@ conf_init_dir(const char *conf_file)
* that end with CONF_FILE_EXT
*/
if (fname_len <= CONF_FILE_EXT_LEN) {
- xlog(D_GENERAL, "conf_init_dir: %s: name too short",
+ xlog(D_GENERAL, "conf_init_dir: %s: name too short",
d->d_name);
continue;
}
@@ -746,31 +746,29 @@ conf_init_dir(const char *conf_file)
free(namelist[i]);
free(namelist);
free(dname);
-
+
return;
}
-int
+void
conf_init_file(const char *conf_file)
{
unsigned int i;
- int ret;
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++)
LIST_INIT (&conf_bindings[i]);
TAILQ_INIT (&conf_trans_queue);
- if (conf_file == NULL)
- conf_file=NFS_CONFFILE;
+ if (conf_file == NULL)
+ conf_file = NFS_CONFFILE;
/*
- * First parse the give config file
- * then parse the config.conf.d directory
+ * First parse the give config file
+ * then parse the config.conf.d directory
* (if it exists)
- *
*/
- ret = conf_load_file(conf_file);
+ conf_load_file(conf_file);
/*
* When the same variable is set in both files
@@ -779,8 +777,6 @@ conf_init_file(const char *conf_file)
* have the final say.
*/
conf_init_dir(conf_file);
-
- return ret;
}
/*
diff --git a/tools/nfsconf/nfsconfcli.c b/tools/nfsconf/nfsconfcli.c
index b2ef96d1c600..bd9d52701aa6 100644
--- a/tools/nfsconf/nfsconfcli.c
+++ b/tools/nfsconf/nfsconfcli.c
@@ -135,19 +135,8 @@ int main(int argc, char **argv)
return 1;
}
- if (mode != MODE_SET && mode != MODE_UNSET) {
- if (conf_init_file(confpath)) {
- /* config file was missing or had an error, warn about it */
- if (verbose || mode != MODE_ISSET) {
- fprintf(stderr, "Error loading config file %s\n",
- confpath);
- }
-
- /* this isnt fatal for --isset */
- if (mode != MODE_ISSET)
- return 1;
- }
- }
+ if (mode != MODE_SET && mode != MODE_UNSET)
+ conf_init_file(confpath);
/* --dump mode, output the current configuration */
if (mode == MODE_DUMP) {
--
2.43.0

51
0002-gssd-revert-commit-513630d720bd.patch
View File

@ -1,51 +0,0 @@
From f05af7d9924b5e455f4e750c1e8985c560784fce Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:50:57 -0500
Subject: [PATCH 2/6] gssd: revert commit 513630d720bd
In preparation for using rpc_gss_seccreate(), revert commit 513630d720bd
"gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials"
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 16 +---------------
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e5cc1d98..4fb6b72d 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -412,27 +412,13 @@ create_auth_rpc_client(struct clnt_info *clp,
tid, tgtname);
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
- if (sec.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
- printerr(2, "WARNING: server=%s failed context "
- "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
- clp->servername);
- if (cred == GSS_C_NO_CREDENTIAL)
- retval = gssd_refresh_krb5_machine_credential(clp->servername,
- "*", NULL, 1);
- if (!retval) {
- auth = authgss_create_default(rpc_clnt, tgtname,
- &sec);
- if (auth)
- goto success;
- }
- }
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
-success:
+
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
--
2.46.0

188
0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
View File

@ -1,188 +0,0 @@
From 6a714409b17ad2cca99d497129fc944a808eb446 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:35:56 -0500
Subject: [PATCH] conffile: allow /usr/etc to provide any config files expected
in /etc
If any config file is configured to be in /etc, also read from /usr/etc.
This followed a growing trend of moving as much as possible out of /
and into /usr.
See https://en.opensuse.org/openSUSE:Packaging_UsrEtc
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/nfs/conffile.c | 26 +++++++++++++++-----------
support/nfsidmap/idmapd.conf.5 | 15 ++++++++++++++-
systemd/nfs.conf.man | 23 ++++++++++++++---------
systemd/nfs.systemd.man | 10 +++++++++-
utils/mount/nfsmount.conf.man | 19 ++++++++++---------
5 files changed, 62 insertions(+), 31 deletions(-)
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -763,19 +763,23 @@ conf_init_file(const char *conf_file)
if (conf_file == NULL)
conf_file = NFS_CONFFILE;
- /*
- * First parse the give config file
- * then parse the config.conf.d directory
- * (if it exists)
+ /* If the config file is in /etc (normal) then check
+ * /usr/etc first. Also check config.conf.d for files
+ * names *.conf.
+ *
+ * Content or later files always over-rides earlier
+ * files.
*/
- conf_load_file(conf_file);
+ if (strncmp(conf_file, "/etc/", 5) == 0) {
+ char *usrconf = NULL;
- /*
- * When the same variable is set in both files
- * the conf.d file will override the config file.
- * This allows automated admin systems to
- * have the final say.
- */
+ if (asprintf(&usrconf, "/usr%s", conf_file) > 0 && usrconf) {
+ conf_load_file(usrconf);
+ conf_init_dir(usrconf);
+ free(usrconf);
+ }
+ }
+ conf_load_file(conf_file);
conf_init_dir(conf_file);
}
--- a/support/nfsidmap/idmapd.conf.5
+++ b/support/nfsidmap/idmapd.conf.5
@@ -37,7 +37,7 @@ Configuration file for libnfsidmap. Use
.SH DESCRIPTION
The
.B idmapd.conf
-configuration file consists of several sections, initiated by strings of the
+configuration files consists of several sections, initiated by strings of the
form [General] and [Mapping]. Each section may contain lines of the form
.nf
variable = value
@@ -398,6 +398,19 @@ LDAP_base = dc=org,dc=domain
.\" Additional sections
.\" -------------------------------------------------------------------
.\"
+.SH FILES
+.I /usr/etc/idmapd.conf
+.br
+.I /usr/etc/idmapd.conf.d/*.conf
+.br
+.I /etc/idmapd.conf
+.br
+.I /etc/idmapd.conf.d/*.conf
+.br
+.IP
+Files are read in the order listed. Later settings override earlier
+settings.
+
.SH SEE ALSO
.BR idmapd (8)
.BR svcgssd (8)
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -2,10 +2,13 @@
.SH NAME
nfs.conf \- general configuration for NFS daemons and tools
.SH SYNOPSIS
+.I /usr/etc/nfs.conf
+.I /usr/etc/nfs.conf.d/
.I /etc/nfs.conf
+.I /etc/nfs.conf.d/
.SH DESCRIPTION
.PP
-This file contains site-specific configuration for various NFS daemons
+These files contain site-specific configuration for various NFS daemons
and other processes. Most configuration can also be passed to
processes via command line arguments, but it can be more convenient to
have a central file. In particular, this encourages consistent
@@ -314,15 +317,17 @@ See
for deatils.
.SH FILES
-.TP 10n
+.I /usr/etc/nfs.conf
+.br
+.I /usr/etc/nfs.conf.d/*.conf
+.br
.I /etc/nfs.conf
-Default NFS client configuration file
-.TP 10n
-.I /etc/nfs.conf.d
-When this directory exists and files ending
-with ".conf" exist, those files will be
-used to set configuration variables. These
-files will override variables set in /etc/nfs.conf
+.br
+.I /etc/nfs.conf.d/*.conf
+.br
+.IP
+Various configuration files read in order. Later settings override
+earlier settings.
.SH SEE ALSO
.BR nfsdcltrack (8),
.BR rpc.nfsd (8),
--- a/systemd/nfs.systemd.man
+++ b/systemd/nfs.systemd.man
@@ -27,7 +27,9 @@ any command line arguments to daemons so
behavior. In many case such configuration can be performed by making
changes to
.I /etc/nfs.conf
-or other configuration files. When that is not convenient, a
+or other configuration files (see
+.BR nfs.conf (5)).
+When that is not convenient, a
distribution might provide systemd "drop-in" files which replace the
.B ExecStart=
setting to start the program with different arguments. For example a
@@ -171,6 +173,12 @@ running, it can be masked with
/etc/nfsmount.conf
.br
/etc/idmapd.conf
+.P
+Also similar files in
+.B /usr/etc
+and in related
+.I conf.d
+drop-in directories.
.SH SEE ALSO
.BR systemd.unit (5),
.BR nfs.conf (5),
--- a/utils/mount/nfsmount.conf.man
+++ b/utils/mount/nfsmount.conf.man
@@ -115,16 +115,17 @@ All mounts to the '/export/home' export
the background (i.e. done asynchronously).
.RE
.SH FILES
-.TP 10n
+.I /usr/etc/nfsmount.conf
+.br
+.I /usr/etc/nfsmount.conf.d/*.conf
+.br
.I /etc/nfsmount.conf
-Default NFS mount configuration file
-.TP 10n
-.I /etc/nfsmount.conf.d
-When this directory exists and files ending
-with ".conf" exist, those files will be
-used to set configuration variables. These
-files will override variables set
-in /etc/nfsmount.conf
+.br
+.I /etc/nfsmount.conf.d/*.conf
+.br
+.IP
+Default NFS mount configuration files, variables set in the later file
+over-ride those in the earlier file.
.PD
.SH SEE ALSO
.BR nfs (5),

60
0003-gssd-switch-to-using-rpc_gss_seccreate.patch
View File

@ -1,60 +0,0 @@
From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:52:47 -0500
Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate()
If available from the libtirpc library, switch to using
rpc_gss_seccreate() instead of authgss_create_default() which does not
expose gss error codes.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 4fb6b72d..99761157 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -70,6 +70,9 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <syscall.h>
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+#include <rpc/rpcsec_gss.h>
+#endif
#include "gssd.h"
#include "err_util.h"
@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
struct timeval timeout;
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
socklen_t salen;
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ rpc_gss_options_req_t req;
+ rpc_gss_options_ret_t ret;
+ char mechanism[] = "kerberos_v5";
+#endif
pthread_t tid = pthread_self();
sec.qop = GSS_C_QOP_DEFAULT;
@@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp,
printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
tid, tgtname);
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ memset(&req, 0, sizeof(req));
+ req.my_cred = sec.cred;
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
+ rpcsec_gss_svc_none, NULL, &req, &ret);
+#else
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+#endif
if (!auth) {
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
--
2.46.0

115
0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
View File

@ -1,115 +0,0 @@
From 46f91dc8f0d9aa31e18327cf3ad61c27551c4cfc Mon Sep 17 00:00:00 2001
From: Ahelenia Ziemiaska <nabijaczleweli@nabijaczleweli.xyz>
Date: Mon, 27 Nov 2023 10:41:04 -0500
Subject: [PATCH] fsidd: call anonymous sockets by their name only, don't fill
with NULs to 108 bytes
Since e00ab3c0616fe6d83ab0710d9e7d989c299088f7, ss -l looks like this:
u_seq LISTEN 0 5 @/run/fsid.sock@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26989379 * 0
with fsidd pushing all the addresses to 108 bytes wide, which is deeply
egregious if you don't filter it out and recolumnate.
This is because, naturally (unix(7)), "Null bytes in the name have
no special significance": abstract addresses are binary blobs, but
paths automatically terminate at the first NUL byte, since paths
can't contain those.
So just specify the correct address length when we're using the abstract domain:
unix(7) recommends "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1"
for paths, but we don't want to include the terminating NUL, so it's just
"offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)".
This brings the width back to order:
-- >8 --
$ ss -la | grep @
u_str ESTAB 0 0 @45208536ec96909a/bus/systemd-timesyn/bus-api-timesync 18500238 * 18501249
u_str ESTAB 0 0 @fecc9657d2315eb7/bus/systemd-network/bus-api-network 18495452 * 18494406
u_seq LISTEN 0 5 @/run/fsid.sock 27168796 * 0
u_str ESTAB 0 0 @ac308f35f50797a2/bus/systemd-logind/system 19406 * 15153
u_str ESTAB 0 0 @b6606e0dfacbae75/bus/systemd/bus-api-system 18494353 * 18495334
u_str ESTAB 0 0 @5880653d215718a7/bus/systemd/bus-system 26930876 * 26930003
-- >8 --
Fixes: e00ab3c0616fe6d83ab0710d9e7d989c299088f7 ("fsidd: provide
better default socket name.")
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Ahelenia Ziemia?ska <nabijaczleweli@nabijaczleweli.xyz>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/reexport/fsidd.c | 9 ++++++---
support/reexport/reexport.c | 8 ++++++--
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c
index 3e62b3fc1370..8a70b78f6362 100644
--- a/support/reexport/fsidd.c
+++ b/support/reexport/fsidd.c
@@ -147,6 +147,7 @@ int main(void)
{
struct event *srv_ev;
struct sockaddr_un addr;
+ socklen_t addr_len;
char *sock_file;
int srv;
@@ -161,10 +162,12 @@ int main(void)
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
- if (addr.sun_path[0] == '@')
+ addr_len = sizeof(struct sockaddr_un);
+ if (addr.sun_path[0] == '@') {
/* "abstract" socket namespace */
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
addr.sun_path[0] = 0;
- else
+ } else
unlink(sock_file);
srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0);
@@ -173,7 +176,7 @@ int main(void)
return 1;
}
- if (bind(srv, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) {
+ if (bind(srv, (const struct sockaddr *)&addr, addr_len) == -1) {
xlog(L_WARNING, "Unable to bind %s: %m\n", sock_file);
return 1;
}
diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c
index 78516586b98e..0fb49a46723c 100644
--- a/support/reexport/reexport.c
+++ b/support/reexport/reexport.c
@@ -21,6 +21,7 @@ static int fsidd_srv = -1;
static bool connect_fsid_service(void)
{
struct sockaddr_un addr;
+ socklen_t addr_len;
char *sock_file;
int ret;
int s;
@@ -33,9 +34,12 @@ static bool connect_fsid_service(void)
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
- if (addr.sun_path[0] == '@')
+ addr_len = sizeof(struct sockaddr_un);
+ if (addr.sun_path[0] == '@') {
/* "abstract" socket namespace */
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
addr.sun_path[0] = 0;
+ }
s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
if (s == -1) {
@@ -43,7 +47,7 @@ static bool connect_fsid_service(void)
return false;
}
- ret = connect(s, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un));
+ ret = connect(s, (const struct sockaddr *)&addr, addr_len);
if (ret == -1) {
xlog(L_WARNING, "Unable to connect %s: %m, is fsidd running?\n", sock_file);
return false;
--
2.43.0

62
0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
View File

@ -1,62 +0,0 @@
From 2bfb59c6f50eb86c21f8e0c33bbf32ec53480fb8 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:55:35 -0500
Subject: [PATCH 4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine
credentials
During context establishment, when the client received
KRB5_AP_ERR_BAD_INTEGRITY error, it might be due to the server
updating its key material. To handle such error, get a new
service ticket and re-try the AP_REQ.
This functionality relies on the new API in libtirpc that
exposes the gss errors.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 99761157..29600a3f 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -427,13 +427,32 @@ create_auth_rpc_client(struct clnt_info *clp,
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
#endif
if (!auth) {
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ printerr(2, "WARNING: server=%s failed context "
+ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
+ clp->servername);
+ if (cred == GSS_C_NO_CREDENTIAL)
+ retval = gssd_refresh_krb5_machine_credential(clp->servername,
+ "*", NULL, 1);
+ if (!retval) {
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname,
+ mechanism, rpcsec_gss_svc_none,
+ NULL, &req, &ret);
+ if (auth)
+ goto success;
+ }
+ }
+#endif
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
-
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+success:
+#endif
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
--
2.46.0

101
0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
View File

@ -1,101 +0,0 @@
From 15cd566633b1546f0808d0694ede094b4c99752d Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:57:28 -0500
Subject: [PATCH 5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials
Unlike the machine credential case, we can't throw away the ticket
cache and use the keytab to renew the credentials. Instead, we
need to remove the service ticket for the server that returned
KRB5_AP_ERR_BAD_INTEGRITY and try again.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 2 ++
utils/gssd/krb5_util.c | 42 ++++++++++++++++++++++++++++++++++++++++++
utils/gssd/krb5_util.h | 1 +
3 files changed, 45 insertions(+)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 29600a3f..7629de0b 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -435,6 +435,8 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
+ else
+ retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = rpc_gss_seccreate(rpc_clnt, tgtname,
mechanism, rpcsec_gss_svc_none,
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index f6ce1fec..6f66ef4f 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
+/* Removed a service ticket for nfs/<name> from the ticket cache
+ */
+int
+gssd_k5_remove_bad_service_cred(char *name)
+{
+ krb5_creds in_creds, out_creds;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache cache;
+ krb5_principal principal;
+ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+ char srvname[1024];
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ goto out_cred;
+ ret = krb5_cc_default(context, &cache);
+ if (ret)
+ goto out_free_context;
+ ret = krb5_cc_get_principal(context, cache, &principal);
+ if (ret)
+ goto out_close_cache;
+ memset(&in_creds, 0, sizeof(in_creds));
+ in_creds.client = principal;
+ sprintf(srvname, "nfs/%s", name);
+ ret = krb5_parse_name(context, srvname, &in_creds.server);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
+out_free_principal:
+ krb5_free_principal(context, principal);
+out_close_cache:
+ krb5_cc_close(context, cache);
+out_free_context:
+ krb5_free_context(context);
+out_cred:
+ return ret;
+}
+
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 62c91a0e..7ef87018 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,6 +22,7 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
+int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.46.0

35
0006-configure-check-for-rpc_gss_seccreate.patch
View File

@ -1,35 +0,0 @@
From 49567e7d03a5605c590be2135a24d4de8345fa3c Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:59:43 -0500
Subject: [PATCH 6/6] configure: check for rpc_gss_seccreate
If we have rpc_gss_sccreate in tirpc library define
HAVE_TIRPC_GSS_SECCREATE, which would allow us to handle bad_integrity
errors.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
aclocal/libtirpc.m4 | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
index bddae022..ef48a2ae 100644
--- a/aclocal/libtirpc.m4
+++ b/aclocal/libtirpc.m4
@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
[Define to 1 if your tirpc library provides libtirpc_set_debug])],,
[${LIBS}])])
+ AS_IF([test -n "${LIBTIRPC}"],
+ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
+ [${LIBS}])])
AC_SUBST([AM_CPPFLAGS])
AC_SUBST(LIBTIRPC)
--
2.46.0

22
nfs-utils-1.0.7-bind-syntax.patch
View File

@ -1,14 +1,21 @@
support/export/export.c | 2
support/include/misc.h | 3
support/include/nfslib.h | 1
================================================================================
From 374a756bc6d372d242dbcc1178f9ac2f34e0ab32 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 29 Oct 2024 11:10:37 +0100
Subject: [PATCH] exports: Ignore mount --bind
References: bcs#229583, https://bugzilla.suse.com/attachment.cgi?id=110519&action=diff
Upstream-status: SUSE specific workaround for nfs-utils 1.0.7 (SLES10-SP1), still needed?
Signed-off-by: Olaf Kirch <okir@suse.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
support/nfs/exports.c | 2 ++
support/nfs/exports.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index a6816e60..b9143718 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -684,6 +684,8 @@ bad_option:
@@ -792,6 +792,8 @@ bad_option:
} else if (strncmp(opt, "replicas=", 9) == 0) {
ep->e_fslocmethod = FSLOC_REPLICA;
ep->e_fslocdata = strdup(opt+9);
@ -17,3 +24,6 @@
} else if (strncmp(opt, "sec=", 4) == 0) {
active = parse_flavors(opt+4, ep);
if (!active)
--
2.45.2

3
nfs-utils-2.6.4.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d
size 728280

3
nfs-utils-2.8.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a0be95b08396908048583fcf6b34a7c1ab49d53e8a12eb28673ccfd2eff0c505
size 739048

23
nfs-utils.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Oct 29 10:05:55 UTC 2024 - Petr Vorel <pvorel@suse.cz>
- Update to version 2.8.1
- https://lore.kernel.org/linux-nfs/4a86eea3-973e-4535-8aa5-f3b8b5f7934d@redhat.com/
- https://kernel.org/pub/linux/utils/nfs-utils/2.8.1/2.8.1-Changelog
- Add new binary nfsdctl
- The default number of nfsd threads is now 16 instead of 8
- Removed patchs from previous releases
- 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
- 0002-conffile-don-t-report-error-from-conf_init_file.patch
- 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
- 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
- 0001-gssd-revert-commit-a5f3b7ccb01c.patch
- 0002-gssd-revert-commit-513630d720bd.patch
- 0003-gssd-switch-to-using-rpc_gss_seccreate.patch
- 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
- 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
- 0006-configure-check-for-rpc_gss_seccreate.patch
- Turn nfs-utils-1.0.7-bind-syntax.patch to git patch (bug reference,
easier to refresh via git, likely it can be now removed)
- Add BuildRequires libnl-3.0, readline
-------------------------------------------------------------------
Tue Aug 20 20:21:14 UTC 2024 - Dirk Müller <dmueller@suse.com>

17
nfs-utils.spec
View File

@ -22,7 +22,7 @@
%endif
Name: nfs-utils
Version: 2.6.4
Version: 2.8.1
Release: 0
Summary: Support Utilities for Kernel nfsd
License: GPL-2.0-or-later
@ -42,17 +42,6 @@ Source25: rpc-svcgssd.options.conf
Source26: nfs.conf
Source27: nfs-kernel-server.tmpfiles.conf
Patch0: nfs-utils-1.0.7-bind-syntax.patch
Patch1: 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
Patch2: 0002-conffile-don-t-report-error-from-conf_init_file.patch
Patch3: 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
Patch4: 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
# PATCH-FIX-UPSTREAM: fix build against libtirpc 1.3.5
Patch5: 0001-gssd-revert-commit-a5f3b7ccb01c.patch
Patch6: 0002-gssd-revert-commit-513630d720bd.patch
Patch7: 0003-gssd-switch-to-using-rpc_gss_seccreate.patch
Patch8: 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
Patch9: 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
Patch10: 0006-configure-check-for-rpc_gss_seccreate.patch
BuildRequires: e2fsprogs-devel
BuildRequires: gcc-c++
BuildRequires: libtool
@ -66,9 +55,11 @@ BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libevent)
BuildRequires: pkgconfig(libkeyutils)
BuildRequires: pkgconfig(libnl-3.0)
BuildRequires: pkgconfig(libtirpc)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(mount)
BuildRequires: pkgconfig(readline)
BuildRequires: pkgconfig(sqlite3)
Suggests: python-base
%{?systemd_ordering}
@ -375,6 +366,7 @@ fi
%{_sbindir}/rpc.mountd
%{_sbindir}/rpc.nfsd
%{_sbindir}/nfsdcltrack
%{_sbindir}/nfsdctl
%{_sbindir}/nfsref
%attr(0755,root,root) %{_sbindir}/nfsdclddb
%attr(0755,root,root) %{_sbindir}/nfsdclnts
@ -386,6 +378,7 @@ fi
%{_mandir}/man8/nfsref.8%{ext_man}
%{_mandir}/man8/rpc.mountd.8%{ext_man}
%{_mandir}/man8/rpc.nfsd.8%{ext_man}
%{_mandir}/man8/nfsdctl.8%{ext_man}
%{_mandir}/man8/nfsdcltrack.8%{ext_man}
%config(noreplace) %{_localstatedir}/lib/nfs/etab
%config(noreplace) %{_localstatedir}/lib/nfs/rmtab