pool/nfs-utils
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- New upstream version 1.3.0.

Browse Source 
Includes all our bugfix patches except 1.
  Adds assorted other bugfixes and improvements including
  initial support for NFSv4.2
  Prepares the way for better systemd integration.
  Discards useless programs gss_clnt_send_err and gss_destroy_creds
- Removes: 0001-mountd-Fix-is_subdirectory-again.patch
- Removes: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch
- Removes: 0003-Fix-handling-of-preferred-realm-command-line-option.patch
- Removes: 0004-nfsiostat-restore-output-format.patch
- Removes: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch
- Removes: 0006-gssd-fixed-typo-in-machine-cred-name.patch
- Removes: skip-on-ENOENT.patch
- Removes: mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch
- Removes: exportfs-exit-with-error-code-if-there-was-any-error.patch
- Removes: exportfs-report-failure-if-asked-to-unexport-somethi.patch
- Removes: gssd-mount-hang-fix.patch
- Removes: udp-fallback-fix.patch
- Removes: fedfs-lib-name.patch
- 0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch
 This upstream patch is currently reverted until we get a newer version
 of keyutils.

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=119
This commit is contained in:
Neil Brown 2014-05-14 02:46:47 +00:00 committed by Git OBS Bridge
parent 224b6cdc64
commit eb9980846b
18 changed files with 103 additions and 909 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
0001-mountd-Fix-is_subdirectory-again.patch
View File

@ -1,81 +0,0 @@
From 23d3980b6cfea4e9056d9b7b81e48b4fefc645e0 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Tue, 7 May 2013 11:46:18 -0400
Subject: [PATCH] mountd: Fix is_subdirectory again
The problem was that is_subdirectory() would also succeed if the two
directories were the same. This is needed for path_matches() which
needs to see if the child is same-or-descendant.
So this patch rearranges path_matches() to do the "are they the same"
test itself and only bother with is_subdirectory() if it they are not
the same.
So now is_subdirectory() can be strict, and so can be usable for
subexport(), which needs a strong 'in subdirectory - not the same' test.
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/mountd/cache.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 737927c..517aa62 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p)
static int is_subdirectory(char *child, char *parent)
{
+ /* Check is child is strictly a subdirectory of
+ * parent or a more distant descendant.
+ */
size_t l = strlen(parent);
- if (strcmp(parent, "/") == 0)
+ if (strcmp(parent, "/") == 0 && child[1] != 0)
return 1;
- return strcmp(child, parent) == 0
- || (strncmp(child, parent, l) == 0 && child[l] == '/');
+ return (strncmp(child, parent, l) == 0 && child[l] == '/');
}
static int path_matches(nfs_export *exp, char *path)
{
- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
- return is_subdirectory(path, exp->m_export.e_path);
- return strcmp(path, exp->m_export.e_path) == 0;
+ /* Does the path match the export? I.e. is it an
+ * exact match, or does the export have CROSSMOUNT, and path
+ * is a descendant?
+ */
+ return strcmp(path, exp->m_export.e_path) == 0
+ || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+ && is_subdirectory(path, exp->m_export.e_path));
}
static int
@@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
return path_matches(exp, path) && client_matches(exp, dom, ai);
}
-/* True iff e1 is a child of e2 and e2 has crossmnt set: */
+/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */
static bool subexport(struct exportent *e1, struct exportent *e2)
{
char *p1 = e1->e_path, *p2 = e2->e_path;
- size_t l2 = strlen(p2);
return e2->e_flags & NFSEXP_CROSSMOUNT
- && strncmp(p1, p2, l2) == 0
- && p1[l2] == '/';
+ && is_subdirectory(p1, p2);
}
struct parsed_fsid {
--
1.8.3.1.487.g3e7a5b4

68
0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch Normal file
View File

@ -0,0 +1,68 @@
From 2ae0763a618d30037ebb2520f6292f80d838a440 Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Tue, 25 Mar 2014 10:56:58 -0400
Subject: [PATCH] nfsidmap: Keys need to be invalidated instead of revoked
With some recent kernel changes to the key ring
for a key to be removed they need to be invalidated
instead of revoked.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/nfsidmap/nfsidmap.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
index 2518ed6b022b..3f51b4d4ca1b 100644
--- a/utils/nfsidmap/nfsidmap.c
+++ b/utils/nfsidmap/nfsidmap.c
@@ -166,7 +166,7 @@ static int keyring_clear(char *keyring)
/*
* Revoke a key
*/
-static int key_revoke(char *keystr, int keymask)
+static int key_invalidate(char *keystr, int keymask)
{
FILE *fp;
char buf[BUFSIZ], *ptr;
@@ -200,7 +200,7 @@ static int key_revoke(char *keystr, int keymask)
if (verbose) {
*(strchr(buf, '\n')) = '\0';
- xlog_warn("revoking '%s'", buf);
+ xlog_warn("invalidating '%s'", buf);
}
/*
* The key is the first arugment in the string
@@ -208,8 +208,8 @@ static int key_revoke(char *keystr, int keymask)
*(strchr(buf, ' ')) = '\0';
sscanf(buf, "%x", &key);
- if (keyctl_revoke(key) < 0) {
- xlog_err("keyctl_revoke(0x%x) failed: %m", key);
+ if (keyctl_invalidate(key) < 0) {
+ xlog_err("keyctl_invalidate(0x%x) failed: %m", key);
fclose(fp);
return 1;
}
@@ -273,7 +273,7 @@ int main(int argc, char **argv)
}
}
- if (rc = nfs4_init_name_mapping(PATH_IDMAPDCONF)) {
+ if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF))) {
xlog_errno(rc, "Unable to create name to user id mappings.");
return 1;
}
@@ -281,7 +281,7 @@ int main(int argc, char **argv)
verbose = conf_get_num("General", "Verbosity", 0);
if (keystr) {
- rc = key_revoke(keystr, keymask);
+ rc = key_invalidate(keystr, keymask);
return rc;
}
if (clearing) {
--
1.8.3.1.487.g3e7a5b4

102
0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch
View File

@ -1,102 +0,0 @@
From c93e8d8eeafec3e3228e24dfebef113e0a79a788 Mon Sep 17 00:00:00 2001
From: "Signed-off-by: NeilBrown" <neilb@suse.de>
Date: Tue, 28 May 2013 12:59:22 -0400
Subject: [PATCH] gssd: Fix recent fix to Avoid DNS reverse resolution in gssd.
The final version for this fix that was committed inverted the test
so makes no change in the important cases.
The documentation didn't really help a naive user know when the new -D
flag should be used.
And the code (once fixed) avoided DNS resolution on non-qualified names too,
which probably isn't a good idea.
This patch fixes all three issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd.man | 27 ++++++++++++++++++++++-----
utils/gssd/gssd_proc.c | 18 ++++++++++--------
2 files changed, 32 insertions(+), 13 deletions(-)
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 1df75c5..ac13fd4 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -195,11 +195,28 @@ option when starting
.BR rpc.gssd .
.SH OPTIONS
.TP
-.B -D
-DNS Reverse lookups are not used for determining the
-server names pass to GSSAPI. This option will reverses that and forces
-the use of DNS Reverse resolution of the server's IP address to
-retrieve the server name to use in GSAPI authentication.
+.B \-D
+The server name passed to GSSAPI for authentication is normally the
+name exactly as requested. e.g. for NFS
+it is the server name in the "servername:/path" mount request. Only if this
+servername appears to be an IP address (IPv4 or IPv6) or an
+unqualified name (no dots) will a reverse DNS lookup
+will be performed to get the canoncial server name.
+
+If
+.B \-D
+is present, a reverse DNS lookup will
+.I always
+be used, even if the server name looks like a canonical name. So it
+is needed if partially qualified, or non canonical names are regularly
+used.
+
+Using
+.B \-D
+can introduce a security vulnerability, so it is recommended that
+.B \-D
+not be used, and that canonical names always be used when requesting
+services.
.TP
.B -f
Runs
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 6cd4276..b7e2bbb 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -175,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
char *hostname;
char hbuf[NI_MAXHOST];
unsigned char buf[sizeof(struct in6_addr)];
- int servername = 0;
if (avoid_dns) {
/*
@@ -183,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
- servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
- servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
- servername = 1; /* or IPv6 */
-
- if (servername) {
+ int is_fqdn = 1;
+ if (strchr(name, '.') == NULL)
+ is_fqdn = 0; /* local name */
+ else if (inet_pton(AF_INET, name, buf) == 1)
+ is_fqdn = 0; /* IPv4 address */
+ else if (inet_pton(AF_INET6, name, buf) == 1)
+ is_fqdn = 0; /* IPv6 addrss */
+
+ if (is_fqdn) {
return strdup(name);
}
+ /* Sorry, cannot avoid dns after all */
}
switch (sa->sa_family) {
--
1.8.3.1.487.g3e7a5b4

45
0003-Fix-handling-of-preferred-realm-command-line-option.patch
View File

@ -1,45 +0,0 @@
From a402f768db1dc6497cf7f592b33e142936897de2 Mon Sep 17 00:00:00 2001
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Mon, 1 Jul 2013 11:58:13 -0400
Subject: [PATCH] Fix handling of preferred realm command line option.
The current implementation ignores any preferred realm specified on the
command line. Fix this behaviour and make sure the preferred realm is
used as first realm when trying to acquire a keytab entry
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 9ef80f0..abebdcd 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -852,11 +852,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
}
/*
- * Try the "appropriate" realm first, and if nothing found for that
- * realm, try the default realm (if it hasn't already been tried).
+ * Make sure the preferred_realm, which may have been explicitly set
+ * on the command line, is tried first. If nothing is found go on with
+ * the host and local default realm (if that hasn't already been tried).
*/
i = 0;
realm = realmnames[i];
+
+ if (strcmp (realm, preferred_realm) != 0) {
+ realm = preferred_realm;
+ /* resetting the realmnames index */
+ i = -1;
+ }
+
while (1) {
if (realm == NULL) {
tried_all = 1;
--
1.8.3.1.487.g3e7a5b4

69
0004-nfsiostat-restore-output-format.patch
View File

@ -1,69 +0,0 @@
From 94642a397d27ea0cfc6d798bc505482023eb5ec1 Mon Sep 17 00:00:00 2001
From: Weston Andros Adamson <dros@netapp.com>
Date: Mon, 1 Jul 2013 12:00:51 -0400
Subject: [PATCH] nfsiostat: restore output format
Recent changes to support python 3 changed the output of nfsiostat from:
read: ops/s kB/s kB/op retrans
avg RTT (ms) avg exe (ms)
48.094 2889.133 60.072 0 (0.0%)
177.160 184.833
...
to:
read:
ops/s kB/s kB/op retrans avg RTT (ms) avg exe
(ms)
0.000
0.000
0.000
0 (0.0%)
0.000
0.000
...
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
tools/nfs-iostat/nfs-iostat.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py
index dfbef87..c035537 100644
--- a/tools/nfs-iostat/nfs-iostat.py
+++ b/tools/nfs-iostat/nfs-iostat.py
@@ -353,14 +353,14 @@ class DeviceData:
exe_per_op = 0.0
op += ':'
- print('%s' % op.lower().ljust(15))
+ print('%s' % op.lower().ljust(15), end='')
print(' ops/s\t\t kB/s\t\t kB/op\t\tretrans\t\tavg RTT (ms)\tavg exe (ms)')
- print('\t\t%7.3f' % (ops / sample_time))
- print('\t%7.3f' % (kilobytes / sample_time))
- print('\t%7.3f' % kb_per_op)
- print(' %7d (%3.1f%%)' % (retrans, retrans_percent))
- print('\t%7.3f' % rtt_per_op)
+ print('\t\t%7.3f' % (ops / sample_time), end='')
+ print('\t%7.3f' % (kilobytes / sample_time), end='')
+ print('\t%7.3f' % kb_per_op, end='')
+ print(' %7d (%3.1f%%)' % (retrans, retrans_percent), end='')
+ print('\t%7.3f' % rtt_per_op, end='')
print('\t%7.3f' % exe_per_op)
def ops(self, sample_time):
@@ -392,7 +392,7 @@ class DeviceData:
print()
print(' op/s\t\trpc bklog')
- print('%7.2f' % (sends / sample_time))
+ print('%7.2f' % (sends / sample_time), end='')
print('\t%7.2f' % backlog)
if which == 0:
--
1.8.3.1.487.g3e7a5b4

48
0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch
View File

@ -1,48 +0,0 @@
From 05e6d39a988e76d5803f79018a9e40d435f6d2f7 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Tue, 2 Jul 2013 08:27:41 -0400
Subject: [PATCH] gssd: don't give up on machine credential if hostname not
available.
krb5_util tries various different credential names in order to find
the machine credential, not all of them use the full host name of the
current host.
So if getting the full host name fails, don't give up completely,
still try the other options.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index abebdcd..a6c7eb0 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -825,8 +825,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
myhostad[i+1] = 0;
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
- if (retval)
- goto out;
+ if (retval) {
+ /* Don't use myhostname */
+ myhostname[0] = 0;
+ }
code = krb5_get_default_realm(context, &default_realm);
if (code) {
@@ -891,6 +893,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
myhostad,
NULL);
} else {
+ if (!myhostname[0])
+ continue;
snprintf(spn, sizeof(spn), "%s/%s@%s",
svcnames[j], myhostname, realm);
code = krb5_build_principal_ext(context, &princ,
--
1.8.3.1.487.g3e7a5b4

31
0006-gssd-fixed-typo-in-machine-cred-name.patch
View File

@ -1,31 +0,0 @@
From da05b199a60e8a8fa91d4d3734cbbe84b23cff69 Mon Sep 17 00:00:00 2001
From: Doug Nazar <nazard.michi@gmail.com>
Date: Tue, 2 Jul 2013 08:45:31 -0400
Subject: [PATCH] gssd: fixed typo in machine cred name.
Commit 1c787f14 [gssd: scan for DIR: ccaches, too] changed the default
prefix for the credential cache files. Update the check to ignore the
machine credential file when running with -n (root ignores machine
credentials).
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/krb5_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index a6c7eb0..83b9651 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -231,7 +231,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
continue;
}
if (uid == 0 && !root_uses_machine_creds &&
- strstr(namelist[i]->d_name, "_machine_")) {
+ strstr(namelist[i]->d_name, "machine_")) {
printerr(3, "CC '%s' not available to root\n",
statname);
free(namelist[i]);
--
1.8.3.1.487.g3e7a5b4

121
exportfs-exit-with-error-code-if-there-was-any-error.patch
View File

@ -1,121 +0,0 @@
From e10ddcb9d913f7938fc37c72568eea4e8287ade4 Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Mon, 21 Oct 2013 17:40:55 +1100
Subject: [PATCH] exportfs: exit with error code if there was any error.
Reference: bnc#846064
exportfs currently exits with a non-zero error for some errors,
but not for others.
It does this by having various support routines set the global
variable "export_errno".
Change this to have 'xlog' set export_errno if an ERROR is
reported. That way all errors will be caught.
Note that the exit error code is changed from 22 (EINVAL)
to the more traditional '1'.
Signed-off-by: NeilBrown <neilb@suse.de>
---
support/include/exportfs.h | 3 ---
support/include/xlog.h | 1 +
support/nfs/exports.c | 6 ------
support/nfs/xlog.c | 4 ++++
utils/exportfs/exportfs.c | 2 --
5 files changed, 5 insertions(+), 11 deletions(-)
--- nfs-utils-1.2.8.orig/support/include/exportfs.h
+++ nfs-utils-1.2.8/support/include/exportfs.h
@@ -179,7 +179,4 @@ struct export_features {
struct export_features *get_export_features(void);
void fix_pseudoflavor_flags(struct exportent *ep);
-/* Record export error. */
-extern int export_errno;
-
#endif /* EXPORTFS_H */
--- nfs-utils-1.2.8.orig/support/include/xlog.h
+++ nfs-utils-1.2.8/support/include/xlog.h
@@ -35,6 +35,7 @@ struct xlog_debugfac {
int df_fac;
};
+extern int export_errno;
void xlog_open(char *progname);
void xlog_stderr(int on);
void xlog_syslog(int on);
--- nfs-utils-1.2.8.orig/support/nfs/exports.c
+++ nfs-utils-1.2.8/support/nfs/exports.c
@@ -47,8 +47,6 @@ struct flav_info flav_map[] = {
const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
-int export_errno;
-
static char *efname = NULL;
static XFILE *efp = NULL;
static int first;
@@ -132,7 +130,6 @@ getexportent(int fromkernel, int fromexp
}
if (ok < 0) {
xlog(L_ERROR, "expected client(options...)");
- export_errno = EINVAL;
return NULL;
}
first = 0;
@@ -152,7 +149,6 @@ getexportent(int fromkernel, int fromexp
ok = getexport(exp, sizeof(exp));
if (ok < 0) {
xlog(L_ERROR, "expected client(options...)");
- export_errno = EINVAL;
return NULL;
}
}
@@ -172,7 +168,6 @@ getexportent(int fromkernel, int fromexp
*opt++ = '\0';
if (!(sp = strchr(opt, ')')) || sp[1] != '\0') {
syntaxerr("bad option list");
- export_errno = EINVAL;
return NULL;
}
*sp = '\0';
@@ -567,7 +562,6 @@ parseopts(char *cp, struct exportent *ep
flname, flline, opt);
bad_option:
free(opt);
- export_errno = EINVAL;
return -1;
}
} else if (strncmp(opt, "anongid=", 8) == 0) {
--- nfs-utils-1.2.8.orig/support/nfs/xlog.c
+++ nfs-utils-1.2.8/support/nfs/xlog.c
@@ -38,6 +38,8 @@ static int logmask = 0; /* What will b
static char log_name[256]; /* name of this program */
static int log_pid = -1; /* PID of this program */
+int export_errno = 0;
+
static void xlog_toggle(int sig);
static struct xlog_debugfac debugnames[] = {
{ "general", D_GENERAL, },
@@ -189,6 +191,8 @@ void
xlog(int kind, const char* fmt, ...)
{
va_list args;
+ if (kind & (L_ERROR|D_GENERAL))
+ export_errno = 1;
va_start(args, fmt);
xlog_backend(kind, fmt, args);
--- nfs-utils-1.2.8.orig/utils/exportfs/exportfs.c
+++ nfs-utils-1.2.8/utils/exportfs/exportfs.c
@@ -103,8 +103,6 @@ main(int argc, char **argv)
xlog_stderr(1);
xlog_syslog(0);
- export_errno = 0;
-
while ((c = getopt(argc, argv, "afhio:ruv")) != EOF) {
switch(c) {
case 'a':

40
exportfs-report-failure-if-asked-to-unexport-somethi.patch
View File

@ -1,40 +0,0 @@
From 609bce0c7efde1875d1477d96fe1f359b6403005 Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Mon, 28 Oct 2013 14:40:15 +1100
Subject: [PATCH] exportfs: report failure if asked to unexport something not
exported.
Reference: bnc#846064
Currently if exportfs is asked to unexport something that is not
exported it silently succeeds. This is not ideal, particularly for
scripting situations.
So report an error unless the unexport was successful.
Reported-by: Tony Asleson <tasleson@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
---
utils/exportfs/exportfs.c | 4 ++++
1 file changed, 4 insertions(+)
--- nfs-utils-1.2.8.orig/utils/exportfs/exportfs.c
+++ nfs-utils-1.2.8/utils/exportfs/exportfs.c
@@ -345,6 +345,7 @@ unexportfs(char *arg, int verbose)
char *path;
char *hname = arg;
int htype;
+ int success = 0;
if ((path = strchr(arg, ':')) != NULL)
*path++ = '\0';
@@ -391,7 +392,10 @@ unexportfs(char *arg, int verbose)
#endif
exp->m_xtabent = 0;
exp->m_mayexport = 0;
+ success = 1;
}
+ if (!success)
+ xlog(L_ERROR, "Could not find %s to unexport.\n", arg);
freeaddrinfo(ai);
}

59
fedfs-lib-name.patch
View File

@ -1,59 +0,0 @@
From 878972d60cb55f2bc6e04a0937f81407fbc308fe Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Wed, 5 Mar 2014 14:55:46 +1100
Subject: [PATCH] mountd: use SONAME fir libnfsjunct when loading with dlopen.
The standard for loading shared libraries is to identify them by their
"soname" (Which "objdump -x $BINARY | grep SONAME" will report).
However mountd currently loads using the "linker name" which should only
be used when building new code.
Future releases of fedfs-utils will define the soname in the include
file, so if that is defined, use it. If not, use the soname of the
first version: "libnfsjunct.so.0".
This is a slight behavioural change. However all distros known to
package fedfs-utils will install "libnfsjunct.so.0" whenever they
install the old name of "libnfsjunct.so", and "make install" will
install both. So it should not be a noticeable change.
Also only test the JP_API_VERSION if it is defined. As the version is
embedded in the soname, a secondary test is not needed.
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: NeilBrown <neilb@suse.de>
---
utils/mountd/cache.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- nfs-utils-1.2.8.orig/utils/mountd/cache.c
+++ nfs-utils-1.2.8/utils/mountd/cache.c
@@ -1055,12 +1055,13 @@ static struct exportent *invoke_junction
__func__, error);
return NULL;
}
+#ifdef JP_API_VERSION
if (ops->jp_api_version != JP_API_VERSION) {
xlog(D_GENERAL, "%s: unrecognized junction API version: %u",
__func__, ops->jp_api_version);
return NULL;
}
-
+#endif
status = ops->jp_init(false);
if (status != JP_OK) {
xlog(D_GENERAL, "%s: failed to resolve %s: %s",
@@ -1107,7 +1108,11 @@ static struct exportent *lookup_junction
struct link_map *map;
void *handle;
- handle = dlopen("libnfsjunct.so", RTLD_NOW);
+#ifdef JP_NFSPLUGIN_SONAME
+ handle = dlopen(JP_NFSPLUGIN_SONAME, RTLD_NOW);
+#else
+ handle = dlopen("libnfsjunct.so.0", RTLD_NOW);
+#endif
if (handle == NULL) {
xlog(D_GENERAL, "%s: dlopen: %s", __func__, dlerror());
return NULL;

88
gssd-mount-hang-fix.patch
View File

@ -1,88 +0,0 @@
From: Neil Brown <neilb@suse.de>
Date: Thu, 14 Nov 2013 11:50:38 +1100
Subject: [PATCH] gssd: always reply to rpc-pipe requests from kernel.
References: bnc#833543
Sometimes gssd will open a new rpc-pipe but never read requests from it
or reply to them. This causes the kernel to wait forever for a reply.
In particular, if a filesystem is mounted by IP, and the IP has no
hostname recorded in /etc/hosts or DNS, then gssd will not listen to
requests and the mount will hang indefinitely.
The comment in process_clnt_dir() for the "fail_keep_client:" branch
suggests that it is for the case where we couldn't open some
subdirectories. However it is currently also taken if reverse DNS
lookup fails (as well as some other lookup failures). Those failures
should not be treated the same as failure-to-open directories.
So this patch causes a failure from read_service_info() to *not* be
reported by process_clnt_dir_files. This ensures that insert_clnt_poll()
will be called and requests will be handled.
In handle_gssd_upcall, the current error path (taken when the mech is
not "krb5") does not reply to the upcall. This is wrong. A reply is
always appropriate. The only replies which aren't treated as
transient errors are EACCES and EKEYEXPIRED, so we return the former.
If read_service_info() fails then ->servicename will be NULL which will
cause process_krb5_upcall() (quite reasonably) to become confused. So
in that case we don't even try to process the up-call but just reply
with EACCES.
As clp->servicename==NULL is no longer treated as fatal, it is not
appropraite to use it to test if read_service_info() has been already
called on a client. Instread test clp->prog.
Finally, the error path of read_service_info() will close 'fd' if it
isn't -1, so when we close it, we should set fd to -1.
Signed-off-by: NeilBrown <neilb@suse.de>
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index b48d1637cd36..00b4bc779b7c 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -256,6 +256,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
goto fail;
close(fd);
+ fd = -1;
buf[nbytes] = '\0';
numfields = sscanf(buf,"RPC server: %127s\n"
@@ -403,11 +404,10 @@ process_clnt_dir_files(struct clnt_info * clp)
return -1;
snprintf(info_file_name, sizeof(info_file_name), "%s/info",
clp->dirname);
- if ((clp->servicename == NULL) &&
- read_service_info(info_file_name, &clp->servicename,
- &clp->servername, &clp->prog, &clp->vers,
- &clp->protocol, (struct sockaddr *) &clp->addr))
- return -1;
+ if (clp->prog == 0)
+ read_service_info(info_file_name, &clp->servicename,
+ &clp->servername, &clp->prog, &clp->vers,
+ &clp->protocol, (struct sockaddr *) &clp->addr);
return 0;
}
@@ -1320,11 +1320,14 @@ handle_gssd_upcall(struct clnt_info *clp)
}
}
- if (strcmp(mech, "krb5") == 0)
+ if (strcmp(mech, "krb5") == 0 && clp->servername)
process_krb5_upcall(clp, uid, clp->gssd_fd, target, service);
- else
- printerr(0, "WARNING: handle_gssd_upcall: "
- "received unknown gss mech '%s'\n", mech);
+ else {
+ if (clp->servername)
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "received unknown gss mech '%s'\n", mech);
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
+ }
out:
free(lbuf);

105
mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch
View File

@ -1,105 +0,0 @@
Git-commit: b3a156fe96c6645ca5dbf4b75e9cff710218d920
From: Neil Brown <neilb@suse.de>
Date: Mon, 21 Oct 2013 16:27:32 +1100
Subject: [PATCH 1/2] mountd: fix bug affecting exports of dirs with 64bit
inode number.
References: bnc:841971
parse_fsid is currently truncating all inode numbers to
32bits, and assumes that 'int' is 32 bits (which it probably is,
but we shouldn't assume).
So make the 'inode' field in 'struct parsed_fsid' a 64 bit field.
and only memcpy into variables or fields that have been declared
to a specific bit size.
Signed-off-by: NeilBrown <neilb@suse.de>
---
utils/mountd/cache.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
--- nfs-utils-1.2.8.orig/utils/mountd/cache.c
+++ nfs-utils-1.2.8/utils/mountd/cache.c
@@ -388,10 +388,10 @@ struct parsed_fsid {
int fsidtype;
/* We could use a union for this, but it would be more
* complicated; why bother? */
- unsigned int inode;
+ uint64_t inode;
unsigned int minor;
unsigned int major;
- unsigned int fsidnum;
+ uint32_t fsidnum;
size_t uuidlen;
char *fhuuid;
};
@@ -399,8 +399,8 @@ struct parsed_fsid {
static int parse_fsid(int fsidtype, int fsidlen, char *fsid,
struct parsed_fsid *parsed)
{
- unsigned int dev;
- unsigned long long inode64;
+ uint32_t dev;
+ uint32_t inode32;
memset(parsed, 0, sizeof(*parsed));
parsed->fsidtype = fsidtype;
@@ -409,7 +409,8 @@ static int parse_fsid(int fsidtype, int
if (fsidlen != 8)
return -1;
memcpy(&dev, fsid, 4);
- memcpy(&parsed->inode, fsid+4, 4);
+ memcpy(&inode32, fsid+4, 4);
+ parsed->inode = inode32;
parsed->major = ntohl(dev)>>16;
parsed->minor = ntohl(dev) & 0xFFFF;
break;
@@ -420,7 +421,7 @@ static int parse_fsid(int fsidtype, int
memcpy(&parsed->fsidnum, fsid, 4);
break;
- case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode
+ case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode
* This format is never actually used but was
* an historical accident
*/
@@ -430,7 +431,8 @@ static int parse_fsid(int fsidtype, int
parsed->major = ntohl(dev);
memcpy(&dev, fsid+4, 4);
parsed->minor = ntohl(dev);
- memcpy(&parsed->inode, fsid+8, 4);
+ memcpy(&inode32, fsid+8, 4);
+ parsed->inode = inode32;
break;
case FSID_ENCODE_DEV: /* 8 bytes: 4 byte packed device number, 4 inode */
@@ -440,7 +442,8 @@ static int parse_fsid(int fsidtype, int
if (fsidlen != 8)
return -1;
memcpy(&dev, fsid, 4);
- memcpy(&parsed->inode, fsid+4, 4);
+ memcpy(&inode32, fsid+4, 4);
+ parsed->inode = inode32;
parsed->major = (dev & 0xfff00) >> 8;
parsed->minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
break;
@@ -448,7 +451,8 @@ static int parse_fsid(int fsidtype, int
case FSID_UUID4_INUM: /* 4 byte inode number and 4 byte uuid */
if (fsidlen != 8)
return -1;
- memcpy(&parsed->inode, fsid, 4);
+ memcpy(&inode32, fsid, 4);
+ parsed->inode = inode32;
parsed->uuidlen = 4;
parsed->fhuuid = fsid+4;
break;
@@ -467,8 +471,7 @@ static int parse_fsid(int fsidtype, int
case FSID_UUID16_INUM: /* 8 byte inode number and 16 byte uuid */
if (fsidlen != 24)
return -1;
- memcpy(&inode64, fsid, 8);
- parsed->inode = inode64;
+ memcpy(&parsed->inode, fsid, 8);
parsed->uuidlen = 16;
parsed->fhuuid = fsid+8;
break;

3
nfs-utils-1.2.8.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1cc8f02a633eddbf0a1d93421f331479c4cdab4c5ab33b8bf8c7c369f9156ac6
size 2747577

3
nfs-utils-1.3.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:25f1c974018c944347d74eebe89643e1004c822a6145153136b192d1acfaf60d
size 780749

28
nfs-utils.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed May 14 02:40:01 UTC 2014 - nfbrown@suse.com
- New upstream version 1.3.0.
Includes all our bugfix patches except 1.
Adds assorted other bugfixes and improvements including
initial support for NFSv4.2
Prepares the way for better systemd integration.
Discards useless programs gss_clnt_send_err and gss_destroy_creds
- Removes: 0001-mountd-Fix-is_subdirectory-again.patch
- Removes: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch
- Removes: 0003-Fix-handling-of-preferred-realm-command-line-option.patch
- Removes: 0004-nfsiostat-restore-output-format.patch
- Removes: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch
- Removes: 0006-gssd-fixed-typo-in-machine-cred-name.patch
- Removes: skip-on-ENOENT.patch
- Removes: mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch
- Removes: exportfs-exit-with-error-code-if-there-was-any-error.patch
- Removes: exportfs-report-failure-if-asked-to-unexport-somethi.patch
- Removes: gssd-mount-hang-fix.patch
- Removes: udp-fallback-fix.patch
- Removes: fedfs-lib-name.patch
- 0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch
This upstream patch is currently reverted until we get a newer version
of keyutils.
-------------------------------------------------------------------
Tue May 6 00:51:39 UTC 2014 - nfbrown@suse.com

47
nfs-utils.spec
View File

@ -41,7 +41,7 @@ Url: http://kernel.org/pub/linux/utils/nfs-utils/
Summary: Support Utilities for Kernel nfsd
License: GPL-2.0+
Group: Productivity/Networking/NFS
Version: 1.2.8
Version: 1.3.0
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq %insserv_prereq
@ -62,34 +62,9 @@ Source11: idmapd.conf
Source12: start-statd
Source13: nfs-utils.rpmlintrc
Patch0: nfs-utils-1.0.7-bind-syntax.patch
# PATCH-FIX-UPSTREAM 0001-mountd-Fix-is_subdirectory-again.patch upstream-bugfix nfbrown@suse.de
Patch1: 0001-mountd-Fix-is_subdirectory-again.patch
# PATCH-FIX-UPSTREAM 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch upstream-bugfix nfbrown@suse.de
Patch2: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch
# PATCH-FIX-UPSTREAM 0003-Fix-handling-of-preferred-realm-command-line-option.patch upstream-bugfix nfbrown@suse.de
Patch3: 0003-Fix-handling-of-preferred-realm-command-line-option.patch
# PATCH-FIX-UPSTREAM 0004-nfsiostat-restore-output-format.patch upstream-bugfix nfbrown@suse.de
Patch4: 0004-nfsiostat-restore-output-format.patch
# PATCH-FIX-UPSTREAM 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch upstream-bugfix nfbrown@suse.de
Patch5: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch
# PATCH-FIX-UPSTREAM 0006-gssd-fixed-typo-in-machine-cred-name.patch upstream-bugfix nfbrown@suse.de
Patch6: 0006-gssd-fixed-typo-in-machine-cred-name.patch
# PATCH-FIX-UPSTREAM skip-on-ENOENT.patch nfbrown@suse.de
Patch7: skip-on-ENOENT.patch
# PATCH-FIX-UPSTREAM mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch nfbrown@suse.de
Patch8: mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch
# PATCH-FIX-UPSTREAM exportfs-exit-with-error-code-if-there-was-any-error.patch nfbrown@suse.de
Patch9: exportfs-exit-with-error-code-if-there-was-any-error.patch
# PATCH-FIX_UPSTREAM exportfs-report-failure-if-asked-to-unexport-somethi.patch nfbrown@suse.de
Patch10: exportfs-report-failure-if-asked-to-unexport-somethi.patch
# PATCH-FIX-UPSTREAM gssd-mount-hang-fix.patch bnc#833543 nfbrown@suse.de
Patch11: gssd-mount-hang-fix.patch
# PATCH-FIX-UPSTREAM udp-fallback-fix.patch bnc#863749 nfbrown@suse.de
Patch12: udp-fallback-fix.patch
# PATCH-FIX-UPSTREAM fedfs-lib-name.patch nfbrown@suse.de
Patch13: fedfs-lib-name.patch
# PATCH-FIX-UPSTREAM nfsdcltrack.sbin.patch nfbrown@suse.de
Patch14: nfsdcltrack.sbin.patch
Patch1: nfsdcltrack.sbin.patch
Patch2: 0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch
Suggests: python-base
@ -143,19 +118,7 @@ This package contains additional NFS documentation.
%setup -q -n nfs-utils-%{version} -a 1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch2 -p1 -R
cp %{S:6} .
%build
@ -282,8 +245,6 @@ fi
/sbin/umount.nfs
/sbin/umount.nfs4
/sbin/osd_login
/usr/sbin/gss_clnt_send_err
/usr/sbin/gss_destroy_creds
%attr(0755,root,root) /usr/sbin/mountstats
%attr(0755,root,root) /usr/sbin/nfsiostat
/usr/sbin/nfsidmap

38
skip-on-ENOENT.patch
View File

@ -1,38 +0,0 @@
From 8becedab3982d4780dbc010decc1ac7eb9ce914f Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Mon, 2 Sep 2013 14:54:16 +1000
Subject: [PATCH] gssd: support error message if rpc_pipefs dir disappears.
It is possible for a race to cause a name to appear when an rpc_pipefs
dir is scanned but to no longer be present when we try to open it.
So if the error is ENOENT, don't complain.
This is similar to
commit 5ac9bcfd820f09af4d3f87f1f7346d896f70bc9a
Author: David Jeffery <djeffery@redhat.com>
Date: Wed Jan 16 15:21:55 2013 -0500
rpc.idmapd: Ignore open failures in dirscancb()
which addressed a similar issue in idmapd.
Signed-off-by: NeilBrown <neilb@suse.de>
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index b7e2bbb..2d3dbec 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -467,8 +467,9 @@ process_clnt_dir(char *dir, char *pdir)
}
sprintf(clp->dirname, "%s/%s", pdir, dir);
if ((clp->dir_fd = open(clp->dirname, O_RDONLY)) == -1) {
- printerr(0, "ERROR: can't open %s: %s\n",
- clp->dirname, strerror(errno));
+ if (errno != ENOENT)
+ printerr(0, "ERROR: can't open %s: %s\n",
+ clp->dirname, strerror(errno));
goto fail_destroy_client;
}
fcntl(clp->dir_fd, F_SETSIG, DNOTIFY_SIGNAL);

36
udp-fallback-fix.patch
View File

@ -1,36 +0,0 @@
From: NeilBrown <neilb@suse.de>
Subject: Fix fallback from tcp to udp
References: bnc#863749
Protocol negotiation in mount.nfs does not correctly negotiate with a
server which only support NFSv3 and UDP.
When mount.nfs attempts an NFSv4 mount and fails with ECONNREFUSED
it does not fall back to NFSv3, as this is not recognised as a
"does not support NFSv4" error.
However ECONNREFUSED is a clear indication that the server doesn't
support TCP, and ipso facto does not support NFSv4.
So ECONNREFUSED should trigger a fallback from v4 to v2/3.
Once we allow that error, NFSv3 is attempted and mount.nfs talks to
rpcbind and discovers that UDP should be used for v3 and the mount
succeeds.
Signed-off-by: NeilBrown <neilb@suse.de>
Reported-by: Carsten Ziepke <kieltux@gmail.com>
---
utils/mount/stropts.c | 3 +++
1 file changed, 3 insertions(+)
--- nfs-utils-1.2.8.orig/utils/mount/stropts.c
+++ nfs-utils-1.2.8/utils/mount/stropts.c
@@ -807,6 +807,9 @@ static int nfs_autonegotiate(struct nfsm
/* Linux servers prior to 2.6.25 may return
* EPERM when NFS version 4 is not supported. */
goto fall_back;
+ case ECONNREFUSED:
+ /* UDP-Only server won't support v4 */
+ goto fall_back;
default:
return result;
}