commit eae2fa997223ce0edb4218faf2ff67165535d21d
Author: J. Bruce Fields <bfields@redhat.com>
Date: Tue May 29 14:40:38 2012 -0400
mountd: Honor the no_root_squash flag on pseudo roots
From: "J. Bruce Fields" <bfields@redhat.com>
If root squashing is turned off on a export that
has multiple directories, the parent directories
of the pseudo exports that's built, also needs to
have root squashing turned off.
Tested-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 708eb61..726b50d 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -62,6 +62,8 @@ void set_pseudofs_security(struct exportent *pseudo, struct exportent *source)
if (source->e_flags & NFSEXP_INSECURE_PORT)
pseudo->e_flags |= NFSEXP_INSECURE_PORT;
+ if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0)
+ pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (se = source->e_secinfo; se->flav; se++) {
struct sec_entry *new;
@@ -92,7 +94,8 @@ v4root_create(char *path, nfs_export *export)
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
- xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+ xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
+ exp->m_export.e_path, exp->m_export.e_flags);
return &exp->m_export;
}
commit b66c96de551b650680a65a732a1338c3ec25b436
Author: Adam Sampson <ats@offog.org>
Date: Tue May 29 14:37:22 2012 -0400
nsm_client: nsm_client needs to link with libtirpc
nsm_client needs to link against libtirpc.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am
index 4bf0a45..4c15346 100644
--- a/tests/nsm_client/Makefile.am
+++ b/tests/nsm_client/Makefile.am
@@ -13,7 +13,7 @@ nsm_client_SOURCES = $(GENFILES) nsm_client.c
BUILT_SOURCES = $(GENFILES)
nsm_client_LDADD = ../../support/nfs/libnfs.a \
- ../../support/nsm/libnsm.a $(LIBCAP)
+ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC)
if CONFIG_RPCGEN
RPCGEN = $(top_builddir)/tools/rpcgen/rpcgen
commit 0781cf2a60dbb0d8997c4abef103d80f819cd16f
Author: Steve Dickson <steved@redhat.com>
Date: Tue May 29 14:31:57 2012 -0400
Updated the version number.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/README b/README
index 348f5d4..e55b2dd 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This is version 1.1.0 of nfs-utils, the Linux NFS utility package.
+This is version 1.2.6 of nfs-utils, the Linux NFS utility package.
0. PROJECT RESOURCES
commit 43537ecbc1ab3ae7cefe5d47e7e03b14bf428197
Author: Steve Dickson <steved@redhat.com>
Date: Tue May 29 14:27:24 2012 -0400
nfsidmap: Allow verbosity level to be set in the config file
To make it easier to enable ID mapping debugging, nfsidmap
should read /etc/idmap.conf to see if the verbosity level
is set, similar to what rpc.idmapd does
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
index cf11551..b767395 100644
--- a/utils/nfsidmap/nfsidmap.c
+++ b/utils/nfsidmap/nfsidmap.c
@@ -12,6 +12,7 @@
#include <unistd.h>
#include "xlog.h"
+#include "conffile.h"
int verbose = 0;
char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
@@ -26,12 +27,27 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
#define DEFAULT_KEYRING "id_resolver"
#endif
+#ifndef PATH_IDMAPDCONF
+#define PATH_IDMAPDCONF "/etc/idmapd.conf"
+#endif
+
static int keyring_clear(char *keyring);
#define UIDKEYS 0x1
#define GIDKEYS 0x2
/*
+ * Check to the config file for the verbosity level
+ */
+int
+get_config_verbose(char *path)
+{
+ conf_path = path;
+ conf_init();
+ return conf_get_num("General", "Verbosity", 0);
+}
+
+/*
* Find either a user or group id based on the name@domain string
*/
int id_lookup(char *name_at_domain, key_serial_t key, int type)
@@ -266,7 +282,9 @@ int main(int argc, char **argv)
break;
}
}
-
+ if (!verbose) {
+ verbose = get_config_verbose(PATH_IDMAPDCONF);
+ }
if (keystr) {
rc = key_revoke(keystr, keymask);
return rc;
commit 1ca82a963ace17397bd7ec09f5e0707badd7c254
Author: Jeff Layton <jlayton@redhat.com>
Date: Tue May 29 14:23:18 2012 -0400
statd: drop all capabilities from the bounding set as well
statd drops all capabilities except for CAP_NET_BIND when it starts.
It's possible though that if it ever had a compromise that an attacker would
be able to invoke a setuid process (or something with file capabilities) in
order to reinstate some caps.
This could happen as a result of the daemon becoming compromised, or
possibly as a result of the ha-callout program becoming compromised.
In order to prevent that, have statd also prune the capability bounding
set to nothing prior to dropping capabilities. That ensures that the
process won't be able to reacquire capabilities via any means --
including exec'ing a setuid program.
We do however need to be cognizant of the fact that PR_CAPBSET_DROP was
only added in 2.6.25, so check to make sure that #define exists via
autoconf before we rely on it. In order to do that, we must add
ax_check_define.m4 from the GNU autoconf macro archive.
Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound
exists before attempting to clear the bounding set. If it does, then
don't bother trying since it won't work. In that event though, do
throw a warning however since the presence of that file indicates that
there is a disconnect between the build and runtime environments.
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/nsm/file.c b/support/nsm/file.c
index 5dd52c1..5476446 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -338,10 +338,10 @@ nsm_is_default_parentdir(void)
*
* Returns true if successful, or false if some error occurred.
*/
+#ifdef HAVE_SYS_CAPABILITY_H
static _Bool
nsm_clear_capabilities(void)
{
-#ifdef HAVE_SYS_CAPABILITY_H
cap_t caps;
caps = cap_from_text("cap_net_bind_service=ep");
@@ -357,10 +357,60 @@ nsm_clear_capabilities(void)
}
(void)cap_free(caps);
-#endif
return true;
}
+#define CAP_BOUND_PROCFILE "/proc/sys/kernel/cap-bound"
+static _Bool
+prune_bounding_set(void)
+{
+#ifdef PR_CAPBSET_DROP
+ int ret;
+ unsigned long i;
+ struct stat st;
+
+ /*
+ * Prior to kernel 2.6.25, the capabilities bounding set was a global
+ * value. Check to see if /proc/sys/kernel/cap-bound exists and don't
+ * bother to clear the bounding set if it does.
+ */
+ ret = stat(CAP_BOUND_PROCFILE, &st);
+ if (!ret) {
+ xlog(L_WARNING, "%s exists. Not attempting to clear "
+ "capabilities bounding set.",
+ CAP_BOUND_PROCFILE);
+ return true;
+ } else if (errno != ENOENT) {
+ /* Warn, but attempt to clear the bounding set anyway. */
+ xlog(L_WARNING, "Unable to stat %s: %m", CAP_BOUND_PROCFILE);
+ }
+
+ /* prune the bounding set to nothing */
+ for (i = 0; i <= CAP_LAST_CAP; ++i) {
+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+ if (ret) {
+ xlog(L_ERROR, "Unable to prune capability %lu from "
+ "bounding set: %m", i);
+ return false;
+ }
+ }
+#endif /* PR_CAPBSET_DROP */
+ return true;
+}
+#else /* !HAVE_SYS_CAPABILITY_H */
+static _Bool
+nsm_clear_capabilities(void)
+{
+ return true;
+}
+
+static _Bool
+prune_bounding_set(void)
+{
+ return true;
+}
+#endif /* HAVE_SYS_CAPABILITY_H */
+
/**
* nsm_drop_privileges - drop root privileges
* @pidfd: file descriptor of a pid file
@@ -393,6 +443,9 @@ nsm_drop_privileges(const int pidfd)
return false;
}
+ if (!prune_bounding_set())
+ return false;
+
if (st.st_uid == 0) {
xlog_warn("Running as root. "
"chown %s to choose different user", nsm_base_dirname);
commit ddb095f82becc94c8e3a2429cc755dee5d1808c9
Author: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Date: Tue May 29 14:15:32 2012 -0400
build: avoid AM_CONDITIONAL in conditional execution.
Automake does not support conditional AM_CONDITIONAL calls; what that
means is that you always have to execute AM_CONDITIONAL one way or the
other. Both the libsqlite3.m4 file and the nfsdcld conditionals are
executed only when NFSv4 is enabled, which breaks building with
--disable-nfsv4.
Remove the SQLite3 conditional altogether as it's never used, and move
the nfsdcld conditional outside of the conditional code.
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/aclocal/libsqlite3.m4 b/aclocal/libsqlite3.m4
index 73d1e46..8c38993 100644
--- a/aclocal/libsqlite3.m4
+++ b/aclocal/libsqlite3.m4
@@ -29,5 +29,4 @@ AC_DEFUN([AC_SQLITE3_VERS], [
LIBS="$saved_LIBS"])
AC_MSG_RESULT($libsqlite3_cv_is_recent)
- AM_CONDITIONAL(CONFIG_SQLITE3, [test "$libsqlite3_cv_is_recent" = "yes"])
])dnl
diff --git a/configure.ac b/configure.ac
index 9ba53e2..b408f1b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -278,8 +278,6 @@ if test "$enable_nfsv4" = yes; then
fi
fi
- AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ])
-
dnl librpcsecgss already has a dependency on libgssapi,
dnl but we need to make sure we get the right version
if test "$enable_gss" = yes; then
@@ -293,6 +291,7 @@ if test "$enable_nfsv41" = yes; then
fi
dnl enable nfsidmap when its support by libnfsidmap
+AM_CONDITIONAL(CONFIG_NFSDCLD, [test "$enable_nfsdcld" = "yes" ])
AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
commit 7e9c0f760397d7e8fa78bdeefffc14eb8269925b
Author: Jeff Layton <jlayton@redhat.com>
Date: Tue May 29 13:53:09 2012 -0400
autoconf: make the test for prctl have an effect
We currently test to ensure that prctl() is available, but the results
of that test are a no-op either way. statd calls prctl()
unconditionally, so make configure bail out if prctl() isn't available
since the build will fail in that event anyway.
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4
index 68a624c..f8a0ed1 100644
--- a/aclocal/libcap.m4
+++ b/aclocal/libcap.m4
@@ -3,7 +3,7 @@ dnl
AC_DEFUN([AC_LIBCAP], [
dnl look for prctl
- AC_CHECK_FUNC([prctl], , )
+ AC_CHECK_FUNC([prctl], , AC_MSG_ERROR([prctl syscall is not available]))
AC_ARG_ENABLE([caps],
[AS_HELP_STRING([--disable-caps], [Disable capabilities support])])
commit 646be42c84305d02dea06113cc9e6c9a7ab94f8a
Author: Steve Dickson <steved@redhat.com>
Date: Thu May 17 08:16:29 2012 -0400
Makefile.am: Corrected a misspelling of overridden
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/mount/Makefile.am b/utils/mount/Makefile.am
index 7627854..5810936 100644
--- a/utils/mount/Makefile.am
+++ b/utils/mount/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
# These binaries go in /sbin (not /usr/sbin), and that cannot be
-# overriden at config time.
+# overridden at config time.
sbindir = /sbin
man8_MANS = mount.nfs.man umount.nfs.man
commit d4d392087f8ee049ed8f476e5ae780cbc0d0012a
Author: NeilBrown <neilb@suse.de>
Date: Thu May 17 08:14:57 2012 -0400
osd_login - ensure /sbin is created before installation.
If we use a more standard approach to describing the osd_login
script, the automake infrastructure will create /sbin before
attempting installation.
This is important for: make DESTDIR=/empty-dir install
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/osd_login/Makefile.am b/utils/osd_login/Makefile.am
index adc493a..20c2d8c 100644
--- a/utils/osd_login/Makefile.am
+++ b/utils/osd_login/Makefile.am
@@ -1,12 +1,9 @@
## Process this file with automake to produce Makefile.in
-OSD_LOGIN_FILES= osd_login
+# These binaries go in /sbin (not /usr/sbin), and that cannot be
+# overridden at config time.
+sbindir = /sbin
-EXTRA_DIST= $(OSD_LOGIN_FILES)
-
-all-local: $(OSD_LOGIN_FILES)
-
-install-data-hook:
- $(INSTALL) --mode 755 osd_login $(DESTDIR)/sbin/osd_login
+sbin_SCRIPTS = osd_login
MAINTAINERCLEANFILES = Makefile.in
commit a69f6aeb19841f5a95c3eb4f4e5fe5ca0db247f4
Author: Jim Rees <rees@umich.edu>
Date: Tue May 15 10:10:01 2012 -0400
blkmapd: remove pretty_sig()
This really only works against EMC servers. There is at least one server
that returns unprintable signatures, which fill the log with garbage (the
spec does not mandate printable signatures). It could be made more generic,
for example by checking each byte for isprint(). But the signatures are
really only of interest to developers, not admins, so it seems better to
just remove it.
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/blkmapd/device-process.c b/utils/blkmapd/device-process.c
index 652a7a8..5fe3dff 100644
--- a/utils/blkmapd/device-process.c
+++ b/utils/blkmapd/device-process.c
@@ -49,28 +49,6 @@
#include "device-discovery.h"
-static char *pretty_sig(char *sig, uint32_t siglen)
-{
- static char rs[100];
- uint64_t sigval;
- unsigned int i;
-
- if (siglen <= sizeof(sigval)) {
- sigval = 0;
- for (i = 0; i < siglen; i++)
- sigval |= ((unsigned char *)sig)[i] << (i * 8);
- sprintf(rs, "0x%0llx", (unsigned long long) sigval);
- } else {
- if (siglen > sizeof rs - 4) {
- siglen = sizeof rs - 4;
- sprintf(&rs[siglen], "...");
- } else
- rs[siglen] = '\0';
- memcpy(rs, sig, siglen);
- }
- return rs;
-}
-
uint32_t *blk_overflow(uint32_t * p, uint32_t * end, size_t nbytes)
{
uint32_t *q = p + ((nbytes + 3) >> 2);
@@ -109,9 +87,6 @@ static int decode_blk_signature(uint32_t **pp, uint32_t * end,
* for mapping, then thrown away.
*/
comp->bs_string = (char *)p;
- BL_LOG_INFO("%s: si_comps[%d]: bs_length %d, bs_string %s\n",
- __func__, i, siglen,
- pretty_sig(comp->bs_string, siglen));
p += ((siglen + 3) >> 2);
}
*pp = p;
@@ -152,10 +127,6 @@ read_cmp_blk_sig(struct bl_disk *disk, int fd, struct bl_sig_comp *comp)
}
ret = memcmp(sig, comp->bs_string, siglen);
- if (!ret)
- BL_LOG_INFO("%s: %s sig %s at %lld\n", __func__, dev_name,
- pretty_sig(sig, siglen),
- (long long)comp->bs_offset);
out:
if (sig)