[nfs-utils/f19] Update to latest upstream RC release: nfs-utils.1.2.9-rc1 Added GSS_USE_PROXY variable to nfs.syscon
Steve Dickson
steved at fedoraproject.org
Fri May 31 14:27:00 UTC 2013
commit 957af4826023718c3509da85ebc321cee5c53c55
Author: Steve Dickson <steved at redhat.com>
Date: Fri May 31 10:25:02 2013 -0400
Update to latest upstream RC release: nfs-utils.1.2.9-rc1
Added GSS_USE_PROXY variable to nfs.sysconfig (bz 967112)
Signed-off-by: Steve Dickson <steved at redhat.com>
nfs-utils-1-2-9-rc2.patch | 441 +++++++++++++++++++++++++++++++++++++++++++++
nfs-utils.spec | 8 +-
nfs.sysconfig | 2 +
3 files changed, 449 insertions(+), 2 deletions(-)
---
diff --git a/nfs-utils-1-2-9-rc2.patch b/nfs-utils-1-2-9-rc2.patch
new file mode 100644
index 0000000..d82630f
--- /dev/null
+++ b/nfs-utils-1-2-9-rc2.patch
@@ -0,0 +1,441 @@
+diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
+index a0b80e1..1bfae7a 100644
+--- a/support/include/nfsrpc.h
++++ b/support/include/nfsrpc.h
+@@ -156,6 +156,11 @@ extern unsigned long nfs_pmap_getport(const struct sockaddr_in *,
+ const struct timeval *);
+
+ /*
++ * Use nfs_pmap_getport to see if statd is running locally
++ */
++extern int nfs_probe_statd(void);
++
++/*
+ * Contact a remote RPC service to discover whether it is responding
+ * to requests.
+ */
+diff --git a/support/nfs/getport.c b/support/nfs/getport.c
+index 3331ad4..081594c 100644
+--- a/support/nfs/getport.c
++++ b/support/nfs/getport.c
+@@ -1102,3 +1102,25 @@ unsigned long nfs_pmap_getport(const struct sockaddr_in *sin,
+
+ return port;
+ }
++
++static const char *nfs_ns_pgmtbl[] = {
++ "status",
++ NULL,
++};
++
++/*
++ * nfs_probe_statd - use nfs_pmap_getport to see if statd is running locally
++ *
++ * Returns non-zero if statd is running locally.
++ */
++int nfs_probe_statd(void)
++{
++ struct sockaddr_in addr = {
++ .sin_family = AF_INET,
++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
++ };
++ rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl);
++
++ return nfs_getport_ping((struct sockaddr *)(char *)&addr, sizeof(addr),
++ program, (rpcvers_t)1, IPPROTO_UDP);
++}
+diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
+index 1df75c5..ac13fd4 100644
+--- a/utils/gssd/gssd.man
++++ b/utils/gssd/gssd.man
+@@ -195,11 +195,28 @@ option when starting
+ .BR rpc.gssd .
+ .SH OPTIONS
+ .TP
+-.B -D
+-DNS Reverse lookups are not used for determining the
+-server names pass to GSSAPI. This option will reverses that and forces
+-the use of DNS Reverse resolution of the server's IP address to
+-retrieve the server name to use in GSAPI authentication.
++.B \-D
++The server name passed to GSSAPI for authentication is normally the
++name exactly as requested. e.g. for NFS
++it is the server name in the "servername:/path" mount request. Only if this
++servername appears to be an IP address (IPv4 or IPv6) or an
++unqualified name (no dots) will a reverse DNS lookup
++will be performed to get the canoncial server name.
++
++If
++.B \-D
++is present, a reverse DNS lookup will
++.I always
++be used, even if the server name looks like a canonical name. So it
++is needed if partially qualified, or non canonical names are regularly
++used.
++
++Using
++.B \-D
++can introduce a security vulnerability, so it is recommended that
++.B \-D
++not be used, and that canonical names always be used when requesting
++services.
+ .TP
+ .B -f
+ Runs
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index af1844c..b7e2bbb 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -67,7 +67,6 @@
+ #include <errno.h>
+ #include <gssapi/gssapi.h>
+ #include <netdb.h>
+-#include <ctype.h>
+
+ #include "gssd.h"
+ #include "err_util.h"
+@@ -176,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
+ char *hostname;
+ char hbuf[NI_MAXHOST];
+ unsigned char buf[sizeof(struct in6_addr)];
+- int servername = 0;
+
+ if (avoid_dns) {
+ /*
+@@ -184,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr)
+ * If it is an IP address, do the DNS lookup otherwise
+ * skip the DNS lookup.
+ */
+- servername = 0;
+- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
+- servername = 1; /* IPv4 */
+- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
+- servername = 1; /* or IPv6 */
+-
+- if (servername) {
++ int is_fqdn = 1;
++ if (strchr(name, '.') == NULL)
++ is_fqdn = 0; /* local name */
++ else if (inet_pton(AF_INET, name, buf) == 1)
++ is_fqdn = 0; /* IPv4 address */
++ else if (inet_pton(AF_INET6, name, buf) == 1)
++ is_fqdn = 0; /* IPv6 addrss */
++
++ if (is_fqdn) {
+ return strdup(name);
+ }
++ /* Sorry, cannot avoid dns after all */
+ }
+
+ switch (sa->sa_family) {
+diff --git a/utils/mount/network.c b/utils/mount/network.c
+index 4be48cd..e2cdcaf 100644
+--- a/utils/mount/network.c
++++ b/utils/mount/network.c
+@@ -65,11 +65,6 @@ extern int nfs_mount_data_version;
+ extern char *progname;
+ extern int verbose;
+
+-static const char *nfs_ns_pgmtbl[] = {
+- "status",
+- NULL,
+-};
+-
+ static const char *nfs_mnt_pgmtbl[] = {
+ "mount",
+ "mountd",
+@@ -761,18 +756,6 @@ int probe_bothports(clnt_addr_t *mnt_server, clnt_addr_t *nfs_server)
+ &nfs_server->pmap);
+ }
+
+-static int nfs_probe_statd(void)
+-{
+- struct sockaddr_in addr = {
+- .sin_family = AF_INET,
+- .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
+- };
+- rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl);
+-
+- return nfs_getport_ping(SAFE_SOCKADDR(&addr), sizeof(addr),
+- program, (rpcvers_t)1, IPPROTO_UDP);
+-}
+-
+ /**
+ * start_statd - attempt to start rpc.statd
+ *
+diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
+index a8ec46c..2a42b93 100644
+--- a/utils/mount/nfs.man
++++ b/utils/mount/nfs.man
+@@ -84,6 +84,20 @@ in
+ .SS "Options supported by all versions"
+ These options are valid to use with any NFS version.
+ .TP 1.5i
++.BI nfsvers= n
++The NFS protocol version number used to contact the server's NFS service.
++If the server does not support the requested version, the mount request
++fails.
++If this option is not specified, the client negotiates a suitable version
++with
++the server, trying version 4 first, version 3 second, and version 2 last.
++.TP 1.5i
++.BI vers= n
++This option is an alternative to the
++.B nfsvers
++option.
++It is included for compatibility with other operating systems
++.TP 1.5i
+ .BR soft " / " hard
+ Determines the recovery behavior of the NFS client
+ after an NFS request times out.
+@@ -621,18 +635,6 @@ Using this option ensures that
+ reports the proper maximum component length to applications
+ in such cases.
+ .TP 1.5i
+-.BI nfsvers= n
+-The NFS protocol version number used to contact the server's NFS service.
+-If the server does not support the requested version, the mount request fails.
+-If this option is not specified, the client negotiates a suitable version with
+-the server, trying version 4 first, version 3 second, and version 2 last.
+-.TP 1.5i
+-.BI vers= n
+-This option is an alternative to the
+-.B nfsvers
+-option.
+-It is included for compatibility with other operating systems.
+-.TP 1.5i
+ .BR lock " / " nolock
+ Selects whether to use the NLM sideband protocol to lock files on the server.
+ If neither option is specified (or if
+diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
+index 737927c..517aa62 100644
+--- a/utils/mountd/cache.c
++++ b/utils/mountd/cache.c
+@@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p)
+
+ static int is_subdirectory(char *child, char *parent)
+ {
++ /* Check is child is strictly a subdirectory of
++ * parent or a more distant descendant.
++ */
+ size_t l = strlen(parent);
+
+- if (strcmp(parent, "/") == 0)
++ if (strcmp(parent, "/") == 0 && child[1] != 0)
+ return 1;
+
+- return strcmp(child, parent) == 0
+- || (strncmp(child, parent, l) == 0 && child[l] == '/');
++ return (strncmp(child, parent, l) == 0 && child[l] == '/');
+ }
+
+ static int path_matches(nfs_export *exp, char *path)
+ {
+- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+- return is_subdirectory(path, exp->m_export.e_path);
+- return strcmp(path, exp->m_export.e_path) == 0;
++ /* Does the path match the export? I.e. is it an
++ * exact match, or does the export have CROSSMOUNT, and path
++ * is a descendant?
++ */
++ return strcmp(path, exp->m_export.e_path) == 0
++ || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
++ && is_subdirectory(path, exp->m_export.e_path));
+ }
+
+ static int
+@@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
+ return path_matches(exp, path) && client_matches(exp, dom, ai);
+ }
+
+-/* True iff e1 is a child of e2 and e2 has crossmnt set: */
++/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */
+ static bool subexport(struct exportent *e1, struct exportent *e2)
+ {
+ char *p1 = e1->e_path, *p2 = e2->e_path;
+- size_t l2 = strlen(p2);
+
+ return e2->e_flags & NFSEXP_CROSSMOUNT
+- && strncmp(p1, p2, l2) == 0
+- && p1[l2] == '/';
++ && is_subdirectory(p1, p2);
+ }
+
+ struct parsed_fsid {
+diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man
+index 47007df..6940788 100644
+--- a/utils/nfsdcltrack/nfsdcltrack.man
++++ b/utils/nfsdcltrack/nfsdcltrack.man
+@@ -1,53 +1,3 @@
+-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
+-.\"
+-.\" Standard preamble:
+-.\" ========================================================================
+-.de Sp \" Vertical space (when we can't use .PP)
+-.if t .sp .5v
+-.if n .sp
+-..
+-.de Vb \" Begin verbatim text
+-.ft CW
+-.nf
+-.ne \\$1
+-..
+-.de Ve \" End verbatim text
+-.ft R
+-.fi
+-..
+-.\" Set up some character translations and predefined strings. \*(-- will
+-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+-.\" nothing in troff, for use with C<>.
+-.tr \(*W-
+-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+-.ie n \{\
+-. ds -- \(*W-
+-. ds PI pi
+-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+-. ds L" ""
+-. ds R" ""
+-. ds C` ""
+-. ds C' ""
+-'br\}
+-.el\{\
+-. ds -- \|\(em\|
+-. ds PI \(*p
+-. ds L" ``
+-. ds R" ''
+-'br\}
+-.\"
+-.\" Escape single quotes in literal strings from groff's Unicode transform.
+-.ie \n(.g .ds Aq \(aq
+-.el .ds Aq '
+-.\"
+-.\" If the F register is turned on, we'll generate index entries on stderr for
+-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+-.\" entries marked with X<> in POD. Of course, you'll have to process the
+-.\" output yourself in some meaningful fashion.
+ .ie \nF \{\
+ . de IX
+ . tm Index:\\$1\t\\n%\t"\\$2"
+@@ -59,70 +9,6 @@
+ . de IX
+ ..
+ .\}
+-.\"
+-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+-.\" Fear. Run. Save yourself. No user-serviceable parts.
+-. \" fudge factors for nroff and troff
+-.if n \{\
+-. ds #H 0
+-. ds #V .8m
+-. ds #F .3m
+-. ds #[ \f1
+-. ds #] \fP
+-.\}
+-.if t \{\
+-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+-. ds #V .6m
+-. ds #F 0
+-. ds #[ \&
+-. ds #] \&
+-.\}
+-. \" simple accents for nroff and troff
+-.if n \{\
+-. ds ' \&
+-. ds ` \&
+-. ds ^ \&
+-. ds , \&
+-. ds ~ ~
+-. ds /
+-.\}
+-.if t \{\
+-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+-.\}
+-. \" troff and (daisy-wheel) nroff accents
+-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+-.ds ae a\h'-(\w'a'u*4/10)'e
+-.ds Ae A\h'-(\w'A'u*4/10)'E
+-. \" corrections for vroff
+-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+-. \" for low resolution devices (crt and lpr)
+-.if \n(.H>23 .if \n(.V>19 \
+-\{\
+-. ds : e
+-. ds 8 ss
+-. ds o a
+-. ds d- d\h'-1'\(ga
+-. ds D- D\h'-1'\(hy
+-. ds th \o'bp'
+-. ds Th \o'LP'
+-. ds ae ae
+-. ds Ae AE
+-.\}
+-.rm #[ #] #H #V #F C
+-.\" ========================================================================
+-.\"
+ .IX Title "NFSDCLTRACK 8"
+ .TH NFSDCLTRACK 8 "2012-10-24" "" ""
+ .\" For nroff, turn off justification. Always turn off hyphenation; it makes
+diff --git a/utils/nfsidmap/Makefile.am b/utils/nfsidmap/Makefile.am
+index c0675c4..737a219 100644
+--- a/utils/nfsidmap/Makefile.am
++++ b/utils/nfsidmap/Makefile.am
+@@ -1,9 +1,10 @@
+ ## Process this file with automake to produce Makefile.in
+
+ man8_MANS = nfsidmap.man
+-
+ sbin_PROGRAMS = nfsidmap
++
+ nfsidmap_SOURCES = nfsidmap.c
+ nfsidmap_LDADD = $(LIBNFSIDMAP) -lkeyutils ../../support/nfs/libnfs.a
+
+ MAINTAINERCLEANFILES = Makefile.in
++EXTRA_DIST = id_resolver.conf
+diff --git a/utils/nfsidmap/id_resolver.conf b/utils/nfsidmap/id_resolver.conf
+new file mode 100644
+index 0000000..2c156c6
+--- /dev/null
++++ b/utils/nfsidmap/id_resolver.conf
+@@ -0,0 +1 @@
++create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
+diff --git a/utils/statd/statd.c b/utils/statd/statd.c
+index 652546c..8c51bcc 100644
+--- a/utils/statd/statd.c
++++ b/utils/statd/statd.c
+@@ -28,6 +28,7 @@
+
+ #include "statd.h"
+ #include "nfslib.h"
++#include "nfsrpc.h"
+ #include "nsm.h"
+
+ /* Socket operations */
+@@ -237,6 +238,12 @@ int main (int argc, char **argv)
+ /* Set hostname */
+ MY_NAME = NULL;
+
++ /* Refuse to start if another statd is running */
++ if (nfs_probe_statd()) {
++ fprintf(stderr, "Statd service already running!\n");
++ exit(1);
++ }
++
+ /* Process command line switches */
+ while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:L", longopts, NULL)) != EOF) {
+ switch (arg) {
diff --git a/nfs-utils.spec b/nfs-utils.spec
index 820c06a..53c1122 100644
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
Name: nfs-utils
URL: http://sourceforge.net/projects/nfs
Version: 1.2.8
-Release: 1.1%{?dist}
+Release: 2.0%{?dist}
Epoch: 1
# group all 32bit related archs
@@ -36,7 +36,7 @@ Source51: nfs-server.preconfig
Source52: nfs-server.postconfig
%define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52}
-Patch001: nfs-utils-1-2-9-rc1.patch
+Patch001: nfs-utils-1-2-9-rc2.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@@ -298,6 +298,10 @@ fi
%attr(4755,root,root) /sbin/umount.nfs4
%changelog
+* Fri May 31 2013 Steve Dickson <steved at redhat.com> 1.2.8-2.0
+- Update to latest upstream RC release: nfs-utils.1.2.9-rc1
+- Added GSS_USE_PROXY variable to nfs.sysconfig (bz 967112)
+
* Tue May 7 2013 Steve Dickson <steved at redhat.com> 1.2.8-1.1
systemd: nfs-server.service needs to be split up (bz 769879)
diff --git a/nfs.sysconfig b/nfs.sysconfig
index 2d33cf3..d908a8f 100644
--- a/nfs.sysconfig
+++ b/nfs.sysconfig
@@ -28,6 +28,8 @@ RPCIDMAPDARGS=""
#
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
RPCGSSDARGS=""
+# Enable usage of gssproxy. See gssproxy-mech(8).
+GSS_USE_PROXY="no"
#
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
RPCSVCGSSDARGS=""
More information about the scm-commits
mailing list