diff --git a/nfs-utils-1.2.7-rc2.patch b/nfs-utils-1.2.7-rc2.patch deleted file mode 100644 index 6b71867..0000000 --- a/nfs-utils-1.2.7-rc2.patch +++ /dev/null @@ -1,361 +0,0 @@ -diff -up nfs-utils-1.2.6/aclocal/libcap.m4.orig nfs-utils-1.2.6/aclocal/libcap.m4 ---- nfs-utils-1.2.6/aclocal/libcap.m4.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/aclocal/libcap.m4 2012-06-19 14:59:06.669623204 -0400 -@@ -3,7 +3,7 @@ dnl - AC_DEFUN([AC_LIBCAP], [ - - dnl look for prctl -- AC_CHECK_FUNC([prctl], , ) -+ AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) - - AC_ARG_ENABLE([caps], - [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) -diff -up nfs-utils-1.2.6/aclocal/libsqlite3.m4.orig nfs-utils-1.2.6/aclocal/libsqlite3.m4 ---- nfs-utils-1.2.6/aclocal/libsqlite3.m4.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/aclocal/libsqlite3.m4 2012-06-19 14:59:06.668623223 -0400 -@@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ - LIBS="$saved_LIBS"]) - - AC_MSG_RESULT($libsqlite3_cv_is_recent) -- AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) - ])dnl -diff -up nfs-utils-1.2.6/configure.ac.orig nfs-utils-1.2.6/configure.ac ---- nfs-utils-1.2.6/configure.ac.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/configure.ac 2012-06-19 14:59:06.668623223 -0400 -@@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then - fi - fi - -- AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) -- - dnl librpcsecgss already has a dependency on libgssapi, - dnl but we need to make sure we get the right version - if test "$enable_gss" = yes; then -@@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then - fi - - dnl enable nfsidmap when its support by libnfsidmap -+AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) - AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) - - -diff -up nfs-utils-1.2.6/README.orig nfs-utils-1.2.6/README ---- nfs-utils-1.2.6/README.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/README 2012-06-19 14:59:06.668623224 -0400 -@@ -1,4 +1,4 @@ --This is version 1.1.0 of nfs-utils, the Linux NFS utility package. -+This is version 1.2.6 of nfs-utils, the Linux NFS utility package. - - - 0. PROJECT RESOURCES -diff -up nfs-utils-1.2.6/support/include/nfs/debug.h.orig nfs-utils-1.2.6/support/include/nfs/debug.h ---- nfs-utils-1.2.6/support/include/nfs/debug.h.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/support/include/nfs/debug.h 2012-06-19 14:59:06.665623291 -0400 -@@ -79,6 +79,7 @@ enum { - #define NFSDBG_FSCACHE 0x0800 - #define NFSDBG_PNFS 0x1000 - #define NFSDBG_PNFS_LD 0x2000 -+#define NFSDBG_STATE 0x4000 - #define NFSDBG_ALL 0xFFFF - - #endif /* _NFS_DEBUG_H */ -diff -up nfs-utils-1.2.6/support/nsm/file.c.orig nfs-utils-1.2.6/support/nsm/file.c ---- nfs-utils-1.2.6/support/nsm/file.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/support/nsm/file.c 2012-06-19 15:00:50.667702768 -0400 -@@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) - * - * Returns true if successful, or false if some error occurred. - */ -+#ifdef HAVE_SYS_CAPABILITY_H - static _Bool - nsm_clear_capabilities(void) - { --#ifdef HAVE_SYS_CAPABILITY_H - cap_t caps; - - caps = cap_from_text("cap_net_bind_service=ep"); -@@ -357,10 +357,60 @@ nsm_clear_capabilities(void) - } - - (void)cap_free(caps); --#endif - return true; - } - -+#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" -+static _Bool -+prune_bounding_set(void) -+{ -+#ifdef PR_CAPBSET_DROP -+ int ret; -+ unsigned long i; -+ struct stat st; -+ -+ /* -+ * Prior to kernel 2.6.25, the capabilities bounding set was a global -+ * value. Check to see if /proc/sys/kernel/cap-bound exists and don't -+ * bother to clear the bounding set if it does. -+ */ -+ ret = stat(CAP_BOUND_PROCFILE, &st); -+ if (!ret) { -+ xlog(L_WARNING, "%s exists. Not attempting to clear " -+ "capabilities bounding set.", -+ CAP_BOUND_PROCFILE); -+ return true; -+ } else if (errno != ENOENT) { -+ /* Warn, but attempt to clear the bounding set anyway. */ -+ xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); -+ } -+ -+ /* prune the bounding set to nothing */ -+ for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >=0 ; ++i) { -+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); -+ if (ret) { -+ xlog(L_ERROR, "Unable to prune capability %lu from " -+ "bounding set: %m", i); -+ return false; -+ } -+ } -+#endif /* PR_CAPBSET_DROP */ -+ return true; -+} -+#else /* !HAVE_SYS_CAPABILITY_H */ -+static _Bool -+nsm_clear_capabilities(void) -+{ -+ return true; -+} -+ -+static _Bool -+prune_bounding_set(void) -+{ -+ return true; -+} -+#endif /* HAVE_SYS_CAPABILITY_H */ -+ - /** - * nsm_drop_privileges - drop root privileges - * @pidfd: file descriptor of a pid file -@@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) - return false; - } - -+ if (!prune_bounding_set()) -+ return false; -+ - if (st.st_uid == 0) { - xlog_warn("Running as root. " - "chown %s to choose different user", nsm_base_dirname); -diff -up nfs-utils-1.2.6/tests/nsm_client/Makefile.am.orig nfs-utils-1.2.6/tests/nsm_client/Makefile.am ---- nfs-utils-1.2.6/tests/nsm_client/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/tests/nsm_client/Makefile.am 2012-06-19 14:59:06.667623245 -0400 -@@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_cli - - BUILT_SOURCES = $(GENFILES) - nsm_client_LDADD = ../../support/nfs/libnfs.a \ -- ../../support/nsm/libnsm.a $(LIBCAP) -+ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) - - if CONFIG_RPCGEN - RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen -diff -up nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c.orig nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c ---- nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/tools/rpcdebug/rpcdebug.c 2012-06-19 14:59:06.667623245 -0400 -@@ -170,6 +170,7 @@ static struct flagmap { - FLAG(NFS, FSCACHE), - FLAG(NFS, PNFS), - FLAG(NFS, PNFS_LD), -+ FLAG(NFS, STATE), - FLAG(NFS, ALL), - - /* nfsd */ -diff -up nfs-utils-1.2.6/utils/blkmapd/device-process.c.orig nfs-utils-1.2.6/utils/blkmapd/device-process.c ---- nfs-utils-1.2.6/utils/blkmapd/device-process.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/blkmapd/device-process.c 2012-06-19 14:59:06.670623190 -0400 -@@ -49,28 +49,6 @@ - - #include "device-discovery.h" - --static char *pretty_sig(char *sig, uint32_t siglen) --{ -- static char rs[100]; -- uint64_t sigval; -- unsigned int i; -- -- if (siglen <= sizeof(sigval)) { -- sigval = 0; -- for (i = 0; i < siglen; i++) -- sigval |= ((unsigned char *)sig)[i] << (i * 8); -- sprintf(rs, "0x%0llx", (unsigned long long) sigval); -- } else { -- if (siglen > sizeof rs - 4) { -- siglen = sizeof rs - 4; -- sprintf(&rs[siglen], "..."); -- } else -- rs[siglen] = '\0'; -- memcpy(rs, sig, siglen); -- } -- return rs; --} -- - uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) - { - uint32_t *q = p + ((nbytes + 3) >> 2); -@@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t - * for mapping, then thrown away. - */ - comp->bs_string = (char *)p; -- BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", -- __func__, i, siglen, -- pretty_sig(comp->bs_string, siglen)); - p += ((siglen + 3) >> 2); - } - *pp = p; -@@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, i - } - - ret = memcmp(sig, comp->bs_string, siglen); -- if (!ret) -- BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, -- pretty_sig(sig, siglen), -- (long long)comp->bs_offset); - - out: - if (sig) -diff -up nfs-utils-1.2.6/utils/mountd/v4root.c.orig nfs-utils-1.2.6/utils/mountd/v4root.c ---- nfs-utils-1.2.6/utils/mountd/v4root.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/mountd/v4root.c 2012-06-19 14:59:06.667623245 -0400 -@@ -62,6 +62,8 @@ void set_pseudofs_security(struct export - - if (source->e_flags & NFSEXP_INSECURE_PORT) - pseudo->e_flags |= NFSEXP_INSECURE_PORT; -+ if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) -+ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; - for (se = source->e_secinfo; se->flav; se++) { - struct sec_entry *new; - -@@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *ex - exp = export_create(&eep, 0); - if (exp == NULL) - return NULL; -- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); -+ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", -+ exp->m_export.e_path, exp->m_export.e_flags); - return &exp->m_export; - } - -diff -up nfs-utils-1.2.6/utils/mount/Makefile.am.orig nfs-utils-1.2.6/utils/mount/Makefile.am ---- nfs-utils-1.2.6/utils/mount/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/mount/Makefile.am 2012-06-19 14:59:06.669623204 -0400 -@@ -1,7 +1,7 @@ - ## Process this file with automake to produce Makefile.in - - # These binaries go in /sbin (not /usr/sbin), and that cannot be --# overriden at config time. -+# overridden at config time. - sbindir = /sbin - - man8_MANS = mount.nfs.man umount.nfs.man -diff -up nfs-utils-1.2.6/utils/mount/stropts.c.orig nfs-utils-1.2.6/utils/mount/stropts.c ---- nfs-utils-1.2.6/utils/mount/stropts.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/mount/stropts.c 2012-06-19 14:59:06.664623305 -0400 -@@ -665,6 +665,7 @@ static int nfs_try_mount_v3v2(struct nfs - case ECONNREFUSED: - case EOPNOTSUPP: - case EHOSTUNREACH: -+ case ETIMEDOUT: - continue; - default: - goto out; -@@ -752,6 +753,7 @@ static int nfs_try_mount_v4(struct nfsmo - switch (errno) { - case ECONNREFUSED: - case EHOSTUNREACH: -+ case ETIMEDOUT: - continue; - default: - goto out; -diff -up nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c.orig nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c ---- nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/nfsdcld/nfsdcld.c 2012-06-19 14:59:06.665623291 -0400 -@@ -102,8 +102,8 @@ cld_set_caps(void) - } - - /* prune the bounding set to nothing */ -- for (i = 0; i <= CAP_LAST_CAP; ++i) { -- ret = prctl(PR_CAPBSET_DROP, i); -+ for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0 ; ++i) { -+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); - if (ret) { - xlog(L_ERROR, "Unable to prune capability %lu from " - "bounding set: %m", i); -diff -up nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c.orig nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c ---- nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/nfsidmap/nfsidmap.c 2012-06-19 14:59:06.668623224 -0400 -@@ -12,6 +12,7 @@ - - #include - #include "xlog.h" -+#include "conffile.h" - - int verbose = 0; - char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; -@@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|- - #define DEFAULT_KEYRING "id_resolver" - #endif - -+#ifndef PATH_IDMAPDCONF -+#define PATH_IDMAPDCONF "/etc/idmapd.conf" -+#endif -+ - static int keyring_clear(char *keyring); - - #define UIDKEYS 0x1 - #define GIDKEYS 0x2 - - /* -+ * Check to the config file for the verbosity level -+ */ -+int -+get_config_verbose(char *path) -+{ -+ conf_path = path; -+ conf_init(); -+ return conf_get_num("General", "Verbosity", 0); -+} -+ -+/* - * Find either a user or group id based on the name@domain string - */ - int id_lookup(char *name_at_domain, key_serial_t key, int type) -@@ -266,7 +282,9 @@ int main(int argc, char **argv) - break; - } - } -- -+ if (!verbose) { -+ verbose = get_config_verbose(PATH_IDMAPDCONF); -+ } - if (keystr) { - rc = key_revoke(keystr, keymask); - return rc; -diff -up nfs-utils-1.2.6/utils/osd_login/Makefile.am.orig nfs-utils-1.2.6/utils/osd_login/Makefile.am ---- nfs-utils-1.2.6/utils/osd_login/Makefile.am.orig 2012-05-14 10:40:52.000000000 -0400 -+++ nfs-utils-1.2.6/utils/osd_login/Makefile.am 2012-06-19 14:59:06.669623204 -0400 -@@ -1,12 +1,9 @@ - ## Process this file with automake to produce Makefile.in - --OSD_LOGIN_FILES= osd_login -+# These binaries go in /sbin (not /usr/sbin), and that cannot be -+# overridden at config time. -+sbindir = /sbin - --EXTRA_DIST= $(OSD_LOGIN_FILES) -- --all-local: $(OSD_LOGIN_FILES) -- --install-data-hook: -- $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login -+sbin_SCRIPTS = osd_login - - MAINTAINERCLEANFILES = Makefile.in diff --git a/nfs-utils-1.2.7-rc4.patch b/nfs-utils-1.2.7-rc4.patch new file mode 100644 index 0000000..9a5e8e7 --- /dev/null +++ b/nfs-utils-1.2.7-rc4.patch @@ -0,0 +1,720 @@ +diff --git a/README b/README +index 348f5d4..e55b2dd 100644 +--- a/README ++++ b/README +@@ -1,4 +1,4 @@ +-This is version 1.1.0 of nfs-utils, the Linux NFS utility package. ++This is version 1.2.6 of nfs-utils, the Linux NFS utility package. + + + 0. PROJECT RESOURCES +diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 +index 68a624c..f8a0ed1 100644 +--- a/aclocal/libcap.m4 ++++ b/aclocal/libcap.m4 +@@ -3,7 +3,7 @@ dnl + AC_DEFUN([AC_LIBCAP], [ + + dnl look for prctl +- AC_CHECK_FUNC([prctl], , ) ++ AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) + + AC_ARG_ENABLE([caps], + [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) +diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4 +index 73d1e46..8c38993 100644 +--- a/aclocal/libsqlite3.m4 ++++ b/aclocal/libsqlite3.m4 +@@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ + LIBS="$saved_LIBS"]) + + AC_MSG_RESULT($libsqlite3_cv_is_recent) +- AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) + ])dnl +diff --git a/configure.ac b/configure.ac +index 9ba53e2..18ee11a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then + fi + fi + +- AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) +- + dnl librpcsecgss already has a dependency on libgssapi, + dnl but we need to make sure we get the right version + if test "$enable_gss" = yes; then +@@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then + fi + + dnl enable nfsidmap when its support by libnfsidmap ++AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) + AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) + + +@@ -393,7 +392,7 @@ AC_CHECK_FUNCS([alarm atexit dup2 fdatasync ftruncate getcwd \ + gethostbyaddr gethostbyname gethostname getmntent \ + getnameinfo getrpcbyname getifaddrs \ + gettimeofday hasmntopt inet_ntoa innetgr memset mkdir pathconf \ +- realpath rmdir select socket strcasecmp strchr strdup \ ++ ppoll realpath rmdir select socket strcasecmp strchr strdup \ + strerror strrchr strtol strtoul sigprocmask]) + + +diff --git a/support/include/nfs/debug.h b/support/include/nfs/debug.h +index dbec5ba..80a1b1d 100644 +--- a/support/include/nfs/debug.h ++++ b/support/include/nfs/debug.h +@@ -79,6 +79,7 @@ enum { + #define NFSDBG_FSCACHE 0x0800 + #define NFSDBG_PNFS 0x1000 + #define NFSDBG_PNFS_LD 0x2000 ++#define NFSDBG_STATE 0x4000 + #define NFSDBG_ALL 0xFFFF + + #endif /* _NFS_DEBUG_H */ +diff --git a/support/nsm/file.c b/support/nsm/file.c +index 5dd52c1..4711c2c 100644 +--- a/support/nsm/file.c ++++ b/support/nsm/file.c +@@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) + * + * Returns true if successful, or false if some error occurred. + */ ++#ifdef HAVE_SYS_CAPABILITY_H + static _Bool + nsm_clear_capabilities(void) + { +-#ifdef HAVE_SYS_CAPABILITY_H + cap_t caps; + + caps = cap_from_text("cap_net_bind_service=ep"); +@@ -357,10 +357,60 @@ nsm_clear_capabilities(void) + } + + (void)cap_free(caps); +-#endif + return true; + } + ++#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" ++static _Bool ++prune_bounding_set(void) ++{ ++#ifdef PR_CAPBSET_DROP ++ int ret; ++ unsigned long i; ++ struct stat st; ++ ++ /* ++ * Prior to kernel 2.6.25, the capabilities bounding set was a global ++ * value. Check to see if /proc/sys/kernel/cap-bound exists and don't ++ * bother to clear the bounding set if it does. ++ */ ++ ret = stat(CAP_BOUND_PROCFILE, &st); ++ if (!ret) { ++ xlog(L_WARNING, "%s exists. Not attempting to clear " ++ "capabilities bounding set.", ++ CAP_BOUND_PROCFILE); ++ return true; ++ } else if (errno != ENOENT) { ++ /* Warn, but attempt to clear the bounding set anyway. */ ++ xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); ++ } ++ ++ /* prune the bounding set to nothing */ ++ for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >=0 ; ++i) { ++ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); ++ if (ret) { ++ xlog(L_ERROR, "Unable to prune capability %lu from " ++ "bounding set: %m", i); ++ return false; ++ } ++ } ++#endif /* PR_CAPBSET_DROP */ ++ return true; ++} ++#else /* !HAVE_SYS_CAPABILITY_H */ ++static _Bool ++nsm_clear_capabilities(void) ++{ ++ return true; ++} ++ ++static _Bool ++prune_bounding_set(void) ++{ ++ return true; ++} ++#endif /* HAVE_SYS_CAPABILITY_H */ ++ + /** + * nsm_drop_privileges - drop root privileges + * @pidfd: file descriptor of a pid file +@@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) + return false; + } + ++ if (!prune_bounding_set()) ++ return false; ++ + if (st.st_uid == 0) { + xlog_warn("Running as root. " + "chown %s to choose different user", nsm_base_dirname); +diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am +index 4bf0a45..4c15346 100644 +--- a/tests/nsm_client/Makefile.am ++++ b/tests/nsm_client/Makefile.am +@@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c + + BUILT_SOURCES = $(GENFILES) + nsm_client_LDADD = ../../support/nfs/libnfs.a \ +- ../../support/nsm/libnsm.a $(LIBCAP) ++ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) + + if CONFIG_RPCGEN + RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen +diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c +index 444616d..d6e10d3 100644 +--- a/tools/rpcdebug/rpcdebug.c ++++ b/tools/rpcdebug/rpcdebug.c +@@ -170,6 +170,7 @@ static struct flagmap { + FLAG(NFS, FSCACHE), + FLAG(NFS, PNFS), + FLAG(NFS, PNFS_LD), ++ FLAG(NFS, STATE), + FLAG(NFS, ALL), + + /* nfsd */ +diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c +index 652a7a8..5fe3dff 100644 +--- a/utils/blkmapd/device-process.c ++++ b/utils/blkmapd/device-process.c +@@ -49,28 +49,6 @@ + + #include "device-discovery.h" + +-static char *pretty_sig(char *sig, uint32_t siglen) +-{ +- static char rs[100]; +- uint64_t sigval; +- unsigned int i; +- +- if (siglen <= sizeof(sigval)) { +- sigval = 0; +- for (i = 0; i < siglen; i++) +- sigval |= ((unsigned char *)sig)[i] << (i * 8); +- sprintf(rs, "0x%0llx", (unsigned long long) sigval); +- } else { +- if (siglen > sizeof rs - 4) { +- siglen = sizeof rs - 4; +- sprintf(&rs[siglen], "..."); +- } else +- rs[siglen] = '\0'; +- memcpy(rs, sig, siglen); +- } +- return rs; +-} +- + uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) + { + uint32_t *q = p + ((nbytes + 3) >> 2); +@@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end, + * for mapping, then thrown away. + */ + comp->bs_string = (char *)p; +- BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", +- __func__, i, siglen, +- pretty_sig(comp->bs_string, siglen)); + p += ((siglen + 3) >> 2); + } + *pp = p; +@@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp) + } + + ret = memcmp(sig, comp->bs_string, siglen); +- if (!ret) +- BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, +- pretty_sig(sig, siglen), +- (long long)comp->bs_offset); + + out: + if (sig) +diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c +index a3323d7..9f79541 100644 +--- a/utils/exportfs/exportfs.c ++++ b/utils/exportfs/exportfs.c +@@ -40,7 +40,7 @@ static void unexportfs(char *arg, int verbose); + static void exports_update(int verbose); + static void dump(int verbose); + static void error(nfs_export *exp, int err); +-static void usage(const char *progname); ++static void usage(const char *progname, int n); + static void validate_export(nfs_export *exp); + static int matchhostname(const char *hostname1, const char *hostname2); + static void export_d_read(const char *dname); +@@ -105,11 +105,17 @@ main(int argc, char **argv) + + export_errno = 0; + +- while ((c = getopt(argc, argv, "aio:ruvf")) != EOF) { ++ while ((c = getopt(argc, argv, "afhio:ruv")) != EOF) { + switch(c) { + case 'a': + f_all = 1; + break; ++ case 'f': ++ force_flush = 1; ++ break; ++ case 'h': ++ usage(progname, 0); ++ break; + case 'i': + f_ignore = 1; + break; +@@ -126,11 +132,8 @@ main(int argc, char **argv) + case 'v': + f_verbose = 1; + break; +- case 'f': +- force_flush = 1; +- break; + default: +- usage(progname); ++ usage(progname, 1); + break; + } + } +@@ -723,8 +726,8 @@ error(nfs_export *exp, int err) + } + + static void +-usage(const char *progname) ++usage(const char *progname, int n) + { +- fprintf(stderr, "usage: %s [-aruv] [host:/path]\n", progname); +- exit(1); ++ fprintf(stderr, "usage: %s [-afhioruv] [host:/path]\n", progname); ++ exit(n); + } +diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h +index 28a8206..71a140b 100644 +--- a/utils/gssd/gssd.h ++++ b/utils/gssd/gssd.h +@@ -81,8 +81,10 @@ struct clnt_info { + char *protocol; + int krb5_fd; + int krb5_poll_index; ++ int krb5_close_me; + int gssd_fd; + int gssd_poll_index; ++ int gssd_close_me; + struct sockaddr_storage addr; + }; + +diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c +index cec09ea..ccf7fe5 100644 +--- a/utils/gssd/gssd_main_loop.c ++++ b/utils/gssd/gssd_main_loop.c +@@ -55,16 +55,14 @@ + #include "err_util.h" + + extern struct pollfd *pollarray; +-extern int pollsize; ++extern unsigned long pollsize; + + #define POLL_MILLISECS 500 + + static volatile int dir_changed = 1; + +-static void dir_notify_handler(int sig, siginfo_t *si, void *data) ++static void dir_notify_handler(__attribute__((unused))int sig) + { +- printerr(2, "dir_notify_handler: sig %d si %p data %p\n", sig, si, data); +- + dir_changed = 1; + } + +@@ -78,8 +76,10 @@ scan_poll_results(int ret) + { + i = clp->gssd_poll_index; + if (i >= 0 && pollarray[i].revents) { +- if (pollarray[i].revents & POLLHUP) ++ if (pollarray[i].revents & POLLHUP) { ++ clp->gssd_close_me = 1; + dir_changed = 1; ++ } + if (pollarray[i].revents & POLLIN) + handle_gssd_upcall(clp); + pollarray[clp->gssd_poll_index].revents = 0; +@@ -89,8 +89,10 @@ scan_poll_results(int ret) + } + i = clp->krb5_poll_index; + if (i >= 0 && pollarray[i].revents) { +- if (pollarray[i].revents & POLLHUP) ++ if (pollarray[i].revents & POLLHUP) { ++ clp->krb5_close_me = 1; + dir_changed = 1; ++ } + if (pollarray[i].revents & POLLIN) + handle_krb5_upcall(clp); + pollarray[clp->krb5_poll_index].revents = 0; +@@ -99,7 +101,7 @@ scan_poll_results(int ret) + break; + } + } +-}; ++} + + static int + topdirs_add_entry(struct dirent *dent) +@@ -119,11 +121,13 @@ topdirs_add_entry(struct dirent *dent) + } + snprintf(tdi->dirname, PATH_MAX, "%s/%s", pipefs_dir, dent->d_name); + tdi->fd = open(tdi->dirname, O_RDONLY); +- if (tdi->fd != -1) { +- fcntl(tdi->fd, F_SETSIG, DNOTIFY_SIGNAL); +- fcntl(tdi->fd, F_NOTIFY, +- DN_CREATE|DN_DELETE|DN_MODIFY|DN_MULTISHOT); ++ if (tdi->fd == -1) { ++ printerr(0, "ERROR: failed to open %s\n", tdi->dirname); ++ free(tdi); ++ return -1; + } ++ fcntl(tdi->fd, F_SETSIG, DNOTIFY_SIGNAL); ++ fcntl(tdi->fd, F_NOTIFY, DN_CREATE|DN_DELETE|DN_MODIFY|DN_MULTISHOT); + + TAILQ_INSERT_HEAD(&topdirs_list, tdi, list); + return 0; +@@ -175,17 +179,52 @@ out_err: + return -1; + } + ++#ifdef HAVE_PPOLL ++static void gssd_poll(struct pollfd *fds, unsigned long nfds) ++{ ++ sigset_t emptyset; ++ int ret; ++ ++ sigemptyset(&emptyset); ++ ret = ppoll(fds, nfds, NULL, &emptyset); ++ if (ret < 0) { ++ if (errno != EINTR) ++ printerr(0, "WARNING: error return from poll\n"); ++ } else if (ret == 0) { ++ printerr(0, "WARNING: unexpected timeout\n"); ++ } else { ++ scan_poll_results(ret); ++ } ++} ++#else /* !HAVE_PPOLL */ ++static void gssd_poll(struct pollfd *fds, unsigned long nfds) ++{ ++ int ret; ++ ++ /* race condition here: dir_changed could be set before we ++ * enter the poll, and we'd never notice if it weren't for the ++ * timeout. */ ++ ret = poll(fds, nfds, POLL_MILLISECS); ++ if (ret < 0) { ++ if (errno != EINTR) ++ printerr(0, "WARNING: error return from poll\n"); ++ } else if (ret == 0) { ++ /* timeout */ ++ } else { /* ret > 0 */ ++ scan_poll_results(ret); ++ } ++} ++#endif /* !HAVE_PPOLL */ ++ + void + gssd_run() + { +- int ret; +- struct sigaction dn_act; ++ struct sigaction dn_act = { ++ .sa_handler = dir_notify_handler ++ }; + sigset_t set; + +- /* Taken from linux/Documentation/dnotify.txt: */ +- dn_act.sa_sigaction = dir_notify_handler; + sigemptyset(&dn_act.sa_mask); +- dn_act.sa_flags = SA_SIGINFO; + sigaction(DNOTIFY_SIGNAL, &dn_act, NULL); + + /* just in case the signal is blocked... */ +@@ -207,19 +246,7 @@ gssd_run() + exit(1); + } + } +- /* race condition here: dir_changed could be set before we +- * enter the poll, and we'd never notice if it weren't for the +- * timeout. */ +- ret = poll(pollarray, pollsize, POLL_MILLISECS); +- if (ret < 0) { +- if (errno != EINTR) +- printerr(0, +- "WARNING: error return from poll\n"); +- } else if (ret == 0) { +- /* timeout */ +- } else { /* ret > 0 */ +- scan_poll_results(ret); +- } ++ gssd_poll(pollarray, pollsize); + } + topdirs_free_list(); + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index aa39435..e393d59 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -104,7 +104,7 @@ + + struct pollfd * pollarray; + +-int pollsize; /* the size of pollaray (in pollfd's) */ ++unsigned long pollsize; /* the size of pollaray (in pollfd's) */ + + /* + * convert a presentation address string to a sockaddr_storage struct. Returns +@@ -340,6 +340,25 @@ process_clnt_dir_files(struct clnt_info * clp) + char gname[PATH_MAX]; + char info_file_name[PATH_MAX]; + ++ if (clp->gssd_close_me) { ++ printerr(2, "Closing 'gssd' pipe for %s\n", clp->dirname); ++ close(clp->gssd_fd); ++ memset(&pollarray[clp->gssd_poll_index], 0, ++ sizeof(struct pollfd)); ++ clp->gssd_fd = -1; ++ clp->gssd_poll_index = -1; ++ clp->gssd_close_me = 0; ++ } ++ if (clp->krb5_close_me) { ++ printerr(2, "Closing 'krb5' pipe for %s\n", clp->dirname); ++ close(clp->krb5_fd); ++ memset(&pollarray[clp->krb5_poll_index], 0, ++ sizeof(struct pollfd)); ++ clp->krb5_fd = -1; ++ clp->krb5_poll_index = -1; ++ clp->krb5_close_me = 0; ++ } ++ + if (clp->gssd_fd == -1) { + snprintf(gname, sizeof(gname), "%s/gssd", clp->dirname); + clp->gssd_fd = open(gname, O_RDWR); +diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am +index 7627854..5810936 100644 +--- a/utils/mount/Makefile.am ++++ b/utils/mount/Makefile.am +@@ -1,7 +1,7 @@ + ## Process this file with automake to produce Makefile.in + + # These binaries go in /sbin (not /usr/sbin), and that cannot be +-# overriden at config time. ++# overridden at config time. + sbindir = /sbin + + man8_MANS = mount.nfs.man umount.nfs.man +diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c +index e8f17a9..701d41e 100644 +--- a/utils/mount/mount_libmount.c ++++ b/utils/mount/mount_libmount.c +@@ -140,14 +140,14 @@ static int try_mount(struct libmnt_context *cxt, int bg) + return ret; + } + +-/* returns: error = -1, success = 0 , unknown = 1 */ ++/* returns: error = -1, success = 1 , not vers4 == 0 */ + static int is_vers4(struct libmnt_context *cxt) + { + struct libmnt_fs *fs = mnt_context_get_fs(cxt); + struct libmnt_table *tb = NULL; + const char *src = mnt_context_get_source(cxt), + *tgt = mnt_context_get_target(cxt); +- int rc = 1; ++ int rc = 0; + + if (!src || !tgt) + return -1; +@@ -163,7 +163,7 @@ static int is_vers4(struct libmnt_context *cxt) + if (fs) { + const char *type = mnt_fs_get_fstype(fs); + if (type && strcmp(type, "nfs4") == 0) +- rc = 0; ++ rc = 1; + } + mnt_free_table(tb); + return rc; +@@ -173,6 +173,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) + { + int rc, c; + char *spec = NULL, *opts = NULL; ++ int ret = EX_FAIL; + + static const struct option longopts[] = { + { "force", 0, 0, 'f' }, +@@ -209,8 +210,6 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) + + if (mnt_context_set_target(cxt, spec)) + goto err; +- if (mnt_context_set_fstype_pattern(cxt, "nfs,nfs4")) /* restrict filesystems */ +- goto err; + + /* read mtab/fstab, evaluate permissions, etc. */ + rc = mnt_context_prepare_umount(cxt); +@@ -220,6 +219,14 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) + goto err; + } + ++ if (mnt_context_get_fstype(cxt) && ++ !mnt_match_fstype(mnt_context_get_fstype(cxt), "nfs,nfs4")) { ++ ++ nfs_error(_("%s: %s: is not an NFS filesystem"), progname, spec); ++ ret = EX_USAGE; ++ goto err; ++ } ++ + opts = retrieve_mount_options(mnt_context_get_fs(cxt)); + + if (!mnt_context_is_lazy(cxt)) { +@@ -244,6 +251,7 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) + nfs_umount23(spec, "tcp,v3"); + } + ++ ret = EX_FILEIO; + rc = mnt_context_do_umount(cxt); /* call umount(2) syscall */ + mnt_context_finalize_mount(cxt); /* mtab update */ + +@@ -252,12 +260,10 @@ static int umount_main(struct libmnt_context *cxt, int argc, char **argv) + umount_error(rc, spec); + goto err; + } +- +- free(opts); +- return EX_SUCCESS; ++ ret = EX_SUCCESS; + err: + free(opts); +- return EX_FAIL; ++ return ret; + } + + static int mount_main(struct libmnt_context *cxt, int argc, char **argv) +diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c +index e09aa7c..0aa9a75 100644 +--- a/utils/mount/stropts.c ++++ b/utils/mount/stropts.c +@@ -665,6 +665,7 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi) + case ECONNREFUSED: + case EOPNOTSUPP: + case EHOSTUNREACH: ++ case ETIMEDOUT: + continue; + default: + goto out; +@@ -752,6 +753,7 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi) + switch (errno) { + case ECONNREFUSED: + case EHOSTUNREACH: ++ case ETIMEDOUT: + continue; + default: + goto out; +diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c +index 708eb61..726b50d 100644 +--- a/utils/mountd/v4root.c ++++ b/utils/mountd/v4root.c +@@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source) + + if (source->e_flags & NFSEXP_INSECURE_PORT) + pseudo->e_flags |= NFSEXP_INSECURE_PORT; ++ if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) ++ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; + for (se = source->e_secinfo; se->flav; se++) { + struct sec_entry *new; + +@@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export) + exp = export_create(&eep, 0); + if (exp == NULL) + return NULL; +- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); ++ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", ++ exp->m_export.e_path, exp->m_export.e_flags); + return &exp->m_export; + } + +diff --git a/utils/nfsdcld/nfsdcld.c b/utils/nfsdcld/nfsdcld.c +index e7af4e3..473d069 100644 +--- a/utils/nfsdcld/nfsdcld.c ++++ b/utils/nfsdcld/nfsdcld.c +@@ -102,8 +102,8 @@ cld_set_caps(void) + } + + /* prune the bounding set to nothing */ +- for (i = 0; i <= CAP_LAST_CAP; ++i) { +- ret = prctl(PR_CAPBSET_DROP, i); ++ for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0 ; ++i) { ++ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + if (ret) { + xlog(L_ERROR, "Unable to prune capability %lu from " + "bounding set: %m", i); +diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c +index cf11551..e14543c 100644 +--- a/utils/nfsidmap/nfsidmap.c ++++ b/utils/nfsidmap/nfsidmap.c +@@ -12,6 +12,7 @@ + + #include + #include "xlog.h" ++#include "conffile.h" + + int verbose = 0; + char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; +@@ -26,6 +27,10 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; + #define DEFAULT_KEYRING "id_resolver" + #endif + ++#ifndef PATH_IDMAPDCONF ++#define PATH_IDMAPDCONF "/etc/idmapd.conf" ++#endif ++ + static int keyring_clear(char *keyring); + + #define UIDKEYS 0x1 +@@ -267,6 +272,13 @@ int main(int argc, char **argv) + } + } + ++ if (nfs4_init_name_mapping(PATH_IDMAPDCONF)) { ++ xlog_err("Unable to create name to user id mappings."); ++ return 1; ++ } ++ if (!verbose) ++ verbose = conf_get_num("General", "Verbosity", 0); ++ + if (keystr) { + rc = key_revoke(keystr, keymask); + return rc; +diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am +index adc493a..20c2d8c 100644 +--- a/utils/osd_login/Makefile.am ++++ b/utils/osd_login/Makefile.am +@@ -1,12 +1,9 @@ + ## Process this file with automake to produce Makefile.in + +-OSD_LOGIN_FILES= osd_login ++# These binaries go in /sbin (not /usr/sbin), and that cannot be ++# overridden at config time. ++sbindir = /sbin + +-EXTRA_DIST= $(OSD_LOGIN_FILES) +- +-all-local: $(OSD_LOGIN_FILES) +- +-install-data-hook: +- $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login ++sbin_SCRIPTS = osd_login + + MAINTAINERCLEANFILES = Makefile.in diff --git a/nfs-utils.1.2.7-rc1.patch b/nfs-utils.1.2.7-rc1.patch deleted file mode 100644 index f0167d8..0000000 --- a/nfs-utils.1.2.7-rc1.patch +++ /dev/null @@ -1,478 +0,0 @@ -commit eae2fa997223ce0edb4218faf2ff67165535d21d -Author: J. Bruce Fields -Date: Tue May 29 14:40:38 2012 -0400 - - mountd: Honor the no_root_squash flag on pseudo roots - - From: "J. Bruce Fields" - - If root squashing is turned off on a export that - has multiple directories, the parent directories - of the pseudo exports that's built, also needs to - have root squashing turned off. - - Tested-by: Steve Dickson - Signed-off-by: Steve Dickson - -diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c -index 708eb61..726b50d 100644 ---- a/utils/mountd/v4root.c -+++ b/utils/mountd/v4root.c -@@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source) - - if (source->e_flags & NFSEXP_INSECURE_PORT) - pseudo->e_flags |= NFSEXP_INSECURE_PORT; -+ if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0) -+ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; - for (se = source->e_secinfo; se->flav; se++) { - struct sec_entry *new; - -@@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export) - exp = export_create(&eep, 0); - if (exp == NULL) - return NULL; -- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); -+ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", -+ exp->m_export.e_path, exp->m_export.e_flags); - return &exp->m_export; - } - - -commit b66c96de551b650680a65a732a1338c3ec25b436 -Author: Adam Sampson -Date: Tue May 29 14:37:22 2012 -0400 - - nsm_client: nsm_client needs to link with libtirpc - - nsm_client needs to link against libtirpc. - - Signed-off-by: Steve Dickson - -diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am -index 4bf0a45..4c15346 100644 ---- a/tests/nsm_client/Makefile.am -+++ b/tests/nsm_client/Makefile.am -@@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c - - BUILT_SOURCES = $(GENFILES) - nsm_client_LDADD = ../../support/nfs/libnfs.a \ -- ../../support/nsm/libnsm.a $(LIBCAP) -+ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) - - if CONFIG_RPCGEN - RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen - -commit 0781cf2a60dbb0d8997c4abef103d80f819cd16f -Author: Steve Dickson -Date: Tue May 29 14:31:57 2012 -0400 - - Updated the version number. - - Signed-off-by: Steve Dickson - -diff --git a/README b/README -index 348f5d4..e55b2dd 100644 ---- a/README -+++ b/README -@@ -1,4 +1,4 @@ --This is version 1.1.0 of nfs-utils, the Linux NFS utility package. -+This is version 1.2.6 of nfs-utils, the Linux NFS utility package. - - - 0. PROJECT RESOURCES - -commit 43537ecbc1ab3ae7cefe5d47e7e03b14bf428197 -Author: Steve Dickson -Date: Tue May 29 14:27:24 2012 -0400 - - nfsidmap: Allow verbosity level to be set in the config file - - To make it easier to enable ID mapping debugging, nfsidmap - should read /etc/idmap.conf to see if the verbosity level - is set, similar to what rpc.idmapd does - - Signed-off-by: Steve Dickson - -diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c -index cf11551..b767395 100644 ---- a/utils/nfsidmap/nfsidmap.c -+++ b/utils/nfsidmap/nfsidmap.c -@@ -12,6 +12,7 @@ - - #include - #include "xlog.h" -+#include "conffile.h" - - int verbose = 0; - char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; -@@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; - #define DEFAULT_KEYRING "id_resolver" - #endif - -+#ifndef PATH_IDMAPDCONF -+#define PATH_IDMAPDCONF "/etc/idmapd.conf" -+#endif -+ - static int keyring_clear(char *keyring); - - #define UIDKEYS 0x1 - #define GIDKEYS 0x2 - - /* -+ * Check to the config file for the verbosity level -+ */ -+int -+get_config_verbose(char *path) -+{ -+ conf_path = path; -+ conf_init(); -+ return conf_get_num("General", "Verbosity", 0); -+} -+ -+/* - * Find either a user or group id based on the name@domain string - */ - int id_lookup(char *name_at_domain, key_serial_t key, int type) -@@ -266,7 +282,9 @@ int main(int argc, char **argv) - break; - } - } -- -+ if (!verbose) { -+ verbose = get_config_verbose(PATH_IDMAPDCONF); -+ } - if (keystr) { - rc = key_revoke(keystr, keymask); - return rc; - -commit 1ca82a963ace17397bd7ec09f5e0707badd7c254 -Author: Jeff Layton -Date: Tue May 29 14:23:18 2012 -0400 - - statd: drop all capabilities from the bounding set as well - - statd drops all capabilities except for CAP_NET_BIND when it starts. - It's possible though that if it ever had a compromise that an attacker would - be able to invoke a setuid process (or something with file capabilities) in - order to reinstate some caps. - - This could happen as a result of the daemon becoming compromised, or - possibly as a result of the ha-callout program becoming compromised. - - In order to prevent that, have statd also prune the capability bounding - set to nothing prior to dropping capabilities. That ensures that the - process won't be able to reacquire capabilities via any means -- - including exec'ing a setuid program. - - We do however need to be cognizant of the fact that PR_CAPBSET_DROP was - only added in 2.6.25, so check to make sure that #define exists via - autoconf before we rely on it. In order to do that, we must add - ax_check_define.m4 from the GNU autoconf macro archive. - - Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound - exists before attempting to clear the bounding set. If it does, then - don't bother trying since it won't work. In that event though, do - throw a warning however since the presence of that file indicates that - there is a disconnect between the build and runtime environments. - - Acked-by: Chuck Lever - Signed-off-by: Jeff Layton - Signed-off-by: Steve Dickson - -diff --git a/support/nsm/file.c b/support/nsm/file.c -index 5dd52c1..5476446 100644 ---- a/support/nsm/file.c -+++ b/support/nsm/file.c -@@ -338,10 +338,10 @@ nsm_is_default_parentdir(void) - * - * Returns true if successful, or false if some error occurred. - */ -+#ifdef HAVE_SYS_CAPABILITY_H - static _Bool - nsm_clear_capabilities(void) - { --#ifdef HAVE_SYS_CAPABILITY_H - cap_t caps; - - caps = cap_from_text("cap_net_bind_service=ep"); -@@ -357,10 +357,60 @@ nsm_clear_capabilities(void) - } - - (void)cap_free(caps); --#endif - return true; - } - -+#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound" -+static _Bool -+prune_bounding_set(void) -+{ -+#ifdef PR_CAPBSET_DROP -+ int ret; -+ unsigned long i; -+ struct stat st; -+ -+ /* -+ * Prior to kernel 2.6.25, the capabilities bounding set was a global -+ * value. Check to see if /proc/sys/kernel/cap-bound exists and don't -+ * bother to clear the bounding set if it does. -+ */ -+ ret = stat(CAP_BOUND_PROCFILE, &st); -+ if (!ret) { -+ xlog(L_WARNING, "%s exists. Not attempting to clear " -+ "capabilities bounding set.", -+ CAP_BOUND_PROCFILE); -+ return true; -+ } else if (errno != ENOENT) { -+ /* Warn, but attempt to clear the bounding set anyway. */ -+ xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE); -+ } -+ -+ /* prune the bounding set to nothing */ -+ for (i = 0; i <= CAP_LAST_CAP; ++i) { -+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); -+ if (ret) { -+ xlog(L_ERROR, "Unable to prune capability %lu from " -+ "bounding set: %m", i); -+ return false; -+ } -+ } -+#endif /* PR_CAPBSET_DROP */ -+ return true; -+} -+#else /* !HAVE_SYS_CAPABILITY_H */ -+static _Bool -+nsm_clear_capabilities(void) -+{ -+ return true; -+} -+ -+static _Bool -+prune_bounding_set(void) -+{ -+ return true; -+} -+#endif /* HAVE_SYS_CAPABILITY_H */ -+ - /** - * nsm_drop_privileges - drop root privileges - * @pidfd: file descriptor of a pid file -@@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd) - return false; - } - -+ if (!prune_bounding_set()) -+ return false; -+ - if (st.st_uid == 0) { - xlog_warn("Running as root. " - "chown %s to choose different user", nsm_base_dirname); - -commit ddb095f82becc94c8e3a2429cc755dee5d1808c9 -Author: Diego Elio Pettenò -Date: Tue May 29 14:15:32 2012 -0400 - - build: avoid AM_CONDITIONAL in conditional execution. - - Automake does not support conditional AM_CONDITIONAL calls; what that - means is that you always have to execute AM_CONDITIONAL one way or the - other. Both the libsqlite3.m4 file and the nfsdcld conditionals are - executed only when NFSv4 is enabled, which breaks building with - --disable-nfsv4. - - Remove the SQLite3 conditional altogether as it's never used, and move - the nfsdcld conditional outside of the conditional code. - - Acked-by: Jeff Layton - Signed-off-by: Diego Elio Pettenò - Signed-off-by: Steve Dickson - -diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4 -index 73d1e46..8c38993 100644 ---- a/aclocal/libsqlite3.m4 -+++ b/aclocal/libsqlite3.m4 -@@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [ - LIBS="$saved_LIBS"]) - - AC_MSG_RESULT($libsqlite3_cv_is_recent) -- AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"]) - ])dnl -diff --git a/configure.ac b/configure.ac -index 9ba53e2..b408f1b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then - fi - fi - -- AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) -- - dnl librpcsecgss already has a dependency on libgssapi, - dnl but we need to make sure we get the right version - if test "$enable_gss" = yes; then -@@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then - fi - - dnl enable nfsidmap when its support by libnfsidmap -+AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ]) - AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) - - - -commit 7e9c0f760397d7e8fa78bdeefffc14eb8269925b -Author: Jeff Layton -Date: Tue May 29 13:53:09 2012 -0400 - - autoconf: make the test for prctl have an effect - - We currently test to ensure that prctl() is available, but the results - of that test are a no-op either way. statd calls prctl() - unconditionally, so make configure bail out if prctl() isn't available - since the build will fail in that event anyway. - - Cc: Chuck Lever - Signed-off-by: Jeff Layton - Signed-off-by: Steve Dickson - -diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 -index 68a624c..f8a0ed1 100644 ---- a/aclocal/libcap.m4 -+++ b/aclocal/libcap.m4 -@@ -3,7 +3,7 @@ dnl - AC_DEFUN([AC_LIBCAP], [ - - dnl look for prctl -- AC_CHECK_FUNC([prctl], , ) -+ AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available])) - - AC_ARG_ENABLE([caps], - [AS_HELP_STRING([--disable-caps], [Disable capabilities support])]) - -commit 646be42c84305d02dea06113cc9e6c9a7ab94f8a -Author: Steve Dickson -Date: Thu May 17 08:16:29 2012 -0400 - - Makefile.am: Corrected a misspelling of overridden - - Signed-off-by: Steve Dickson - -diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am -index 7627854..5810936 100644 ---- a/utils/mount/Makefile.am -+++ b/utils/mount/Makefile.am -@@ -1,7 +1,7 @@ - ## Process this file with automake to produce Makefile.in - - # These binaries go in /sbin (not /usr/sbin), and that cannot be --# overriden at config time. -+# overridden at config time. - sbindir = /sbin - - man8_MANS = mount.nfs.man umount.nfs.man - -commit d4d392087f8ee049ed8f476e5ae780cbc0d0012a -Author: NeilBrown -Date: Thu May 17 08:14:57 2012 -0400 - - osd_login - ensure /sbin is created before installation. - - If we use a more standard approach to describing the osd_login - script, the automake infrastructure will create /sbin before - attempting installation. - This is important for: make DESTDIR=/empty-dir install - - Signed-off-by: NeilBrown - Signed-off-by: Steve Dickson - -diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am -index adc493a..20c2d8c 100644 ---- a/utils/osd_login/Makefile.am -+++ b/utils/osd_login/Makefile.am -@@ -1,12 +1,9 @@ - ## Process this file with automake to produce Makefile.in - --OSD_LOGIN_FILES= osd_login -+# These binaries go in /sbin (not /usr/sbin), and that cannot be -+# overridden at config time. -+sbindir = /sbin - --EXTRA_DIST= $(OSD_LOGIN_FILES) -- --all-local: $(OSD_LOGIN_FILES) -- --install-data-hook: -- $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login -+sbin_SCRIPTS = osd_login - - MAINTAINERCLEANFILES = Makefile.in - -commit a69f6aeb19841f5a95c3eb4f4e5fe5ca0db247f4 -Author: Jim Rees -Date: Tue May 15 10:10:01 2012 -0400 - - blkmapd: remove pretty_sig() - - This really only works against EMC servers. There is at least one server - that returns unprintable signatures, which fill the log with garbage (the - spec does not mandate printable signatures). It could be made more generic, - for example by checking each byte for isprint(). But the signatures are - really only of interest to developers, not admins, so it seems better to - just remove it. - - Signed-off-by: Jim Rees - Signed-off-by: Steve Dickson - -diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c -index 652a7a8..5fe3dff 100644 ---- a/utils/blkmapd/device-process.c -+++ b/utils/blkmapd/device-process.c -@@ -49,28 +49,6 @@ - - #include "device-discovery.h" - --static char *pretty_sig(char *sig, uint32_t siglen) --{ -- static char rs[100]; -- uint64_t sigval; -- unsigned int i; -- -- if (siglen <= sizeof(sigval)) { -- sigval = 0; -- for (i = 0; i < siglen; i++) -- sigval |= ((unsigned char *)sig)[i] << (i * 8); -- sprintf(rs, "0x%0llx", (unsigned long long) sigval); -- } else { -- if (siglen > sizeof rs - 4) { -- siglen = sizeof rs - 4; -- sprintf(&rs[siglen], "..."); -- } else -- rs[siglen] = '\0'; -- memcpy(rs, sig, siglen); -- } -- return rs; --} -- - uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes) - { - uint32_t *q = p + ((nbytes + 3) >> 2); -@@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end, - * for mapping, then thrown away. - */ - comp->bs_string = (char *)p; -- BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n", -- __func__, i, siglen, -- pretty_sig(comp->bs_string, siglen)); - p += ((siglen + 3) >> 2); - } - *pp = p; -@@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp) - } - - ret = memcmp(sig, comp->bs_string, siglen); -- if (!ret) -- BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name, -- pretty_sig(sig, siglen), -- (long long)comp->bs_offset); - - out: - if (sig) diff --git a/nfs-utils.spec b/nfs-utils.spec index a20e07c..86c239c 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.2.6 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 1 # group all 32bit related archs @@ -36,7 +36,7 @@ Source51: nfs-server.preconfig Source52: nfs-server.postconfig %define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52} -Patch001: nfs-utils-1.2.7-rc3.patch +Patch001: nfs-utils-1.2.7-rc4.patch Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -301,6 +301,9 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Mon Aug 6 2012 Steve Dickson 1.2.6-11 +- Updated to latest upstream RC release: nfs-utils.1.2.7-rc4 + * Thu Aug 2 2012 Steve Dickson 1.2.6-10 - Removed modprobe.d/nfs.conf