| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf AC_SYS_LARGEFILE is used by configure to add needed defines
when needed for enabling 64bit off_t, therefore replacing statfs64 with
statfs should be functionally same. Additionally this helps compiling
with latest musl where 64bit LFS functions like statfs64 and friends are
now moved under _LARGEFILE64_SOURCE feature test macro, this works on
glibc systems because _GNU_SOURCE macros also enables
_LARGEFILE64_SOURCE indirectly. This is not case with musl and this
latest issue is exposed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ever since commit 76c21e3f (mountd: Check the stat() return values in
match_fsid(), 2020-05-08), it wasn't possible to export filesystems
on my musl based system anymore.
The root cause of this is the innocuous-looking change to decide based
on `errno` whether `is_mountpoint()` raised a real error or whether it
simply didn't match. The issue is that `is_mountpoint()` transitively
calls into our `xlstat()` wrapper, which either executes `statx()` if
the system supports it or otherwise falls back to `fstatat()`. But if
`statx()` is not supported, then we'll always first set `errno = ENOSYS`
before calling `fstatat()`. So effectively, all systems which do not
have `statx()` and whose `fstatat()` doesn't reset `errno` will cause us
to end up with errno set to `ENOSYS`.
Fix the issue by resetting `errno` before calling `fstatat()` in both
`xlstat()` and `xstat()`.
Fixes: 76c21e3f (mountd: Check the stat() return values in match_fsid(), 2020-05-08)
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
After updating to nfs-utils-2.5.2 I noticed extra output on the console
when exporting mounts. Apparently commit 482e72ba04 forgot to remove some
debugging messages and accidentally committed them.
Signed-off-by: Holger Hoffst?tte <holger@applied-asynchrony.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Return ENOENT if the UID/GID attributes are not found in ldap response.
Signed-off-by: Srikrishan Malik <srikrishanmalik@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
When running nfsd_name_to_handle_at(), we usually want to see the same
namespace as knfsd, so add helpers.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Ensure uuid_by_path() works correctly when 'rootdir'
is set in the [exports] section of nfs.conf.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
On older kernels without statx, glibc with statx support will attempt
to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and
will return EINVAL. This causes all xstat/xlstat calls to fail.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Although 2fbc62e2a13fc ("Fix include order between config.h and stat.h")
reorganized those files that were already including config.h, not all
files were including config.h.
Fixes at least stack smashing crashes in mountd on 32-bit systems.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
There are some parameters that may be potentially unused. Add the UNUSED
macro to avoid any warnings.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least on Arch linux ARM, the definition of struct stat in stat.h depends
on __USE_FILE_OFFSET64. This symbol comes from config.h when defined,
therefore config.h must always be included before stat.h. Fix all
occurrences where the order is wrong by moving config.h to the top.
This fixes the client side error "Stale file handle" when mounting from
a server running Arch Linux ARM.
Signed-off-by: Zoltan Karcagi <zkr7432@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
When chroot() in xthread_workqueue_do_chroot
fails show both the error and the path
in the error message.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
When attempting to strip the root path, we should first canonicalise
the root pathname.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Add a helper to resolve symlinked nfsd paths when the user has set the
"[exports] rootdir" nfs.conf option.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Add a helper that can prepend the nfsd root directory path in order
to allow mountd to perform its comparisons with mtab etc.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add helper functions to do synchronous I/O to a nfsd filesystem pseudofile
from inside the chrooted environment. This ensures that calls to kern_path()
in knfsd resolves to paths that are relative to the nfsd root directory.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
We normally expect the exported system to be stable, so don't
revalidate attributes.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add helper functions that can resolve nfsd paths by prepending the
necessary prefix if the admin has specified a root path in the
nfs.conf file.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Add a simple workqueue mechanism to allow us to run threads that are
subject to chroot(), and have them operate on the knfsd kernel daemon.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
While making use of the PATH_MAX constant, "file.c" does not include the
"limits.h" header. While it is being transitively included via other
headers on most platforms, it is not on e.g. musl-based systems.
Add the include to fix compilation.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client.c:486:3: warning: ‘strncpy’ destination unchanged after
copying no bytes [-Wstringop-truncation]
file.c:99:2: warning: ‘strncpy’ specified bound 4096
equals destination size [-Wstringop-truncation]
v4root.c:95:2: warning: ‘strncpy’ specified bound 1025
equals destination size [-Wstringop-truncation]
sm-notify.c:572:3: warning: ‘strncpy’ specified bound 1025
equals destination size [-Wstringop-truncation]
nfs4mount.c:221:3: warning: ‘strncpy’ specified bound 1024
equals destination size [-Wstringop-truncation]
nfsmount.c:831:2: warning: ‘strncpy’ specified bound 256
equals destination size [-Wstringop-truncation]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Added the -Werror=missing-prototypes warning flag
then cleaned up the mess.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
When inet_ntop fails do not fall into the AF_INET6
case, instead break out and take the error path out.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Move the logic in nsm_setup_pathnames() and nsm_make_pathname() to
similar generic functions in libmisc.a so that the exportfs and
rpc.mountd programs can make use of them later.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Assuming the tcp_wrappers library can actually support IPv6 addresses,
here's a crack at IPv6 support in nfs-utils' TCP wrapper shim.
Some reorganization is done to limit the number of times that @sap
is converted to a presentation address string.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: the use of identifiers called "access" and "daemon" shadow
function declarations in unistd.h. Seen with "-Wextra -pedantic".
tcpwrapper.c: In function haccess_add:
tcpwrapper.c:112: warning: declaration of access shadows a global
declaration /usr/include/unistd.h:288: warning: shadowed declaration is here
tcpwrapper.c: In function good_client:
tcpwrapper.c:161: warning: declaration of daemon shadows a global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
tcpwrapper.c: In function check_default:
tcpwrapper.c:212: warning: declaration of daemon shadows a
global declaration
/usr/include/unistd.h:953: warning: shadowed declaration is here
good_client() is used only in support/misc/tcpwrapper.c, so make it
static (and update its prototype to c99 standard form).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate the following compiler warnings:
tcpwrapper.c:78: warning: no previous prototype for strtoint
tcpwrapper.c: In function strtoint
tcpwrapper.c:81: warning: conversion to int size_t may change the
sign of the result
tcpwrapper.c:85: warning: conversion to unsigned int from int may
change the sign of the result
tcpwrapper.c: In function hashint:
tcpwrapper.c:91: warning: conversion to int from unsigned int may
change the sign of the result
The hash value is probably computed consistently even with
unexpected sign inversions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate these compiler warnings:
tcpwrapper.c: In function logit
tcpwrapper.c:225: warning: unused parameter procnum
tcpwrapper.c:225: warning: unused parameter prognum
Actually, @procnum is not used anywhere in our tcpwrapper.c, so
let's just get rid of it.
Since there is only one logit() call site in tcpwrapper.c, the macro
wrapper just adds needless clutter. Let's get rid of that too.
Finally, both mountd and statd now use xlog(), which adds an
appropriate program name prefix to every message. Replace the
open-coded syslog(2) call with an xlog() call in order to
consistently identify the RPC service reporting the intrusion.
Since logit() no longer references "deny_severity" and no nfs-utils
caller sets either allow_severity or deny_severity, we remove them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After glibc 2.3.3, getifaddrs(3) can return AF_INET6 addresses for
local network interfaces. Using the library call is easier than
trying to update the open code in from_local(), and means we have
less to maintain in nfs-utils going forward.
And, since from_local() can now support IPv6, change its synopsis to
take a "struct sockaddr *" .
Note that the original code discovers local addresses once. These
days, with wifi, DHCP, and NetworkManager, the local network
configuration can change dynamically over time. So, call getifaddrs()
more often to ensure from_local() has up-to-date network configuration
information.
This implementation refreshes the list if from_local() has not been
called in the last second. This is actually not terribly honerous.
check_default() invokes from_local() only when the remote host is not
in its access cache, or the access/deny files have changed.
So new hosts will cause a refresh, but previously seen hosts
(including localhost) should not.
On the other hand, it still may not be often enough. After the first
call, if only previously seen hosts attempt to access our daemons,
from_local() would never be called, and the local list would never be
updated. This might be possible during steady-state operation with
a small number of servers and clients.
It would also be nice if we could free the local interface address
list at shutdown time, but that would be a lot of trouble for little
gain.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Replace calls to syslog(2) and perror(3) in from_local.c
with calls to xlog(). The problems displayed by the perror(3) calls
especially should be reported. Currently they are never seen in the
system log.
As part of a build test, I defined TEST, and found a couple of
problems with main(), which are also addressed in this patch.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
with the explicit permission of Sun Microsystems
Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
longer used but, unfortunately, they are extern-ed by
public headers files which are not under the control
of this package.
Spotted-by: Juergen Daubert <jue@jue.li>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
message to (hopefully) make it more sensible. Move
"#ifdef HAVE_LIBWRAP" around so nothing will be defined
when tcp wrapper is not configured.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
interface and added a note to the mountd man page saying
hostnames will be ignored when they can not be looked up.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
number only creates needles extra hash entries.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were some problems with exportfs and rpc.mountd for long export
lists - see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76643
I do optimalization as my bachelors thesis (Facuulty of informatics,
Masaryk's university Brno, Czech Republic), under lead of Yenya
Kasprzak.
Both exportfs and rpc.mount build linked list of exports (shared
functions in export.c). Every time they are inserting new export into
list, they search for same export in list.
I replaced linked list by hash table and functions export_add and
export_lookup by functions hash_export_add and hash_export_lookup
(export.c).
Because some other functions required exportlist as linked list, hash
table has some implementation modification im comparison with ordinary
hash table. It also keeps exports in linked list and has pointer to
head of the list. So there's no need of implementation function
<for_all_in_hash_table>.
Signed-off-by: Tomas Richter <krik3t@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
be denied with misconfigured DNS configurations. Warnings
will be logged when these types of configurations are
detected.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
access rights, check the modification times on
both access files. If one of them have change,
update the hash entry instead of creating a
new entry.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
every RPC request, to both mountd and statd
when TCP wrappers are enabled. To help this
process scale better the access rights are stored
in a hash table, which are hashed per IP address,
RPC program and procudure numbers.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
access is allow due to misinterpreting the return value of
hosts_ctl(). This patch reworks that logic which closes
that hole.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
used in the tcpwrapper support.
Signe-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Greg Banks suggested some variations, particularly improved
use of xmalloc/xstrdup functions. Thanks.
|
| |
| |
| |
| | |
Thanks to Michael Halcrow for finding them.
|
|/
|
|
|
|
| |
distribution. They cause compile warnings, there is no longer any
reason to try to build them into the binaries, and gcc seems to be
eliding some of them anyway.
|
|
|
|
|
|
| |
support/include/config.h.in from source control
These are auto autogenerated by
aclocal -I aclocal ; autoheader ; automake ; autoconf
|
|
|
|
|
| |
Check for sufficient version of librpcsecgss and libgssapi
in configure.in
|
|
|
|
|
| |
Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
HAVE_TCP_WRAPPERS as appropriate.
|