commit c062f45deebc20dae5eb8cdb50fb03fb1c252b47
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Sat Apr 18 09:45:46 2009 -0400
umount.nfs: Fix return value of nfs_mount_protocol()
Fix a copy-paste error introduced in nfs_mount_protocol(). It should
return an IPPROTO_ number, not an NFS version number.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
commit 879a9b1b2bdd1160571896023d06291a611c4315
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Sat Apr 18 09:44:56 2009 -0400
umount.nfs: Use a privileged port when sending UMNT requests
Turns out we do actually need to use a privileged port for UMNT. The
Linux rpc.mountd complains if an ephemeral source port is used:
Apr 17 15:52:19 ingres mountd[2061]: refused unmount request from
192.168.0.59 for /export (/export): illegal port 60932
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
commit 8c94296bc84f3a204f2061c0391a1d2350e4f37e
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Sat Apr 18 09:43:58 2009 -0400
support: Provide an API for creating a privileged RPC client
We needed to guarantee that some RPC programs, such as PMAP, got an
unprivileged port, to prevent exhausting the local privileged port
space sending RPC requests that don't need such privileges.
nfs_get_rpcclient() provides that feature.
However, some RPC programs, such as MNT and UMNT, require a privileged
port. So, let's provide an additional API for this that also supports
IPv6 and setting a destination port.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
commit 41eb279c2f46ca020bc3b8d17811555f74b99d2e
Author: Benny Halevy <bhalevy@panasas.com>
Date: Wed Apr 15 14:16:08 2009 -0400
utils/nfsd: fix -N optarg error printout
as currently printed c is the version number, not a string char,
therefore is should be printed as %d not %c. That said, just print
optarg as %s since it might be non-numeric.
Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
commit d4008af910ba1d527f00f8207fb3f8f5709e943d
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Wed Apr 15 12:52:48 2009 -0400
getport.c: fix non-standard C
Squelch a compiler warning in getport.c:
getport.c:65: warning: ┬┐static┬┐ is not at beginning of declaration
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
commit c51d826a201095fb3a7c68c3666e2b795a2b687d
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Wed Apr 15 12:38:40 2009 -0400
nfs-utils: reverse order of librpcsecgss and libgssglue checks
The check that validates the version of librpcsecgss also needs to
have libgssglue installed. Without libgssglue, ./configure complains
that it can't find rpcsecgss, even though it's installed.
It also turns out that the error message generated by pkg-config is
more complete than the one we have in aclocal/rpcsec_vers.m4, so just
let those PKG_CHECK_MODULES m4 macros use the default error message.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---------------------------------------------------------------
diff --git a/aclocal/rpcsec_vers.m4 b/aclocal/rpcsec_vers.m4
index e59c0aa..25902ca 100644
--- a/aclocal/rpcsec_vers.m4
+++ b/aclocal/rpcsec_vers.m4
@@ -1,12 +1,11 @@
dnl Checks librpcsec version
AC_DEFUN([AC_RPCSEC_VERSION], [
- dnl TI-RPC replaces librpcsecgss, but we still need libgssglue
+ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1])
+
+ dnl TI-RPC replaces librpcsecgss
if test "$enable_tirpc" = no; then
- PKG_CHECK_MODULES([RPCSECGSS], [librpcsecgss >= 0.16], ,
- [AC_MSG_ERROR([Unable to locate information required to use librpcsecgss. If you have pkgconfig installed, you might try setting environment variable PKG_CONFIG_PATH to /usr/local/lib/pkgconfig])])
- else
- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1])
+ PKG_CHECK_MODULES([RPCSECGSS], [librpcsecgss >= 0.16])
fi
])dnl
diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
index 097debb..543c35b 100644
--- a/support/include/nfsrpc.h
+++ b/support/include/nfsrpc.h
@@ -24,6 +24,7 @@
#define __NFS_UTILS_NFSRPC_H
#include <rpc/types.h>
+#include <rpc/clnt.h>
/*
* Conventional RPC program numbers
@@ -54,7 +55,7 @@
extern rpcprog_t nfs_getrpcbyname(const rpcprog_t, const char *table[]);
/*
- * Acquire an RPC CLIENT *
+ * Acquire an RPC CLIENT * with an ephemeral source port
*/
extern CLIENT *nfs_get_rpcclient(const struct sockaddr *,
const socklen_t, const unsigned short,
@@ -62,6 +63,14 @@ extern CLIENT *nfs_get_rpcclient(const struct sockaddr *,
struct timeval *);
/*
+ * Acquire an RPC CLIENT * with a privileged source port
+ */
+extern CLIENT *nfs_get_priv_rpcclient( const struct sockaddr *,
+ const socklen_t, const unsigned short,
+ const rpcprog_t, const rpcvers_t,
+ struct timeval *);
+
+/*
* Convert a socket address to a universal address
*/
extern char *nfs_sockaddr2universal(const struct sockaddr *,
diff --git a/support/nfs/getport.c b/support/nfs/getport.c
index 734d21a..cf1677e 100644
--- a/support/nfs/getport.c
+++ b/support/nfs/getport.c
@@ -60,9 +60,9 @@
#endif /* !HAVE_LIBTIRPC */
#ifdef HAVE_LIBTIRPC
-const static rpcvers_t default_rpcb_version = RPCBVERS_4;
+static const rpcvers_t default_rpcb_version = RPCBVERS_4;
#else /* !HAVE_LIBTIRPC */
-const static rpcvers_t default_rpcb_version = PMAPVERS;
+static const rpcvers_t default_rpcb_version = PMAPVERS;
#endif /* !HAVE_LIBTIRPC */
#ifdef HAVE_DECL_AI_ADDRCONFIG
diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
index 2b11e35..85e6064 100644
--- a/support/nfs/rpc_socket.c
+++ b/support/nfs/rpc_socket.c
@@ -132,6 +132,58 @@ static int nfs_bind(const int sock, const sa_family_t family)
return -1;
}
+#ifdef IPV6_SUPPORT
+
+/*
+ * Bind a socket using an unused privileged source port.
+ *
+ * Returns zero on success, or returns -1 on error. errno is
+ * set to reflect the nature of the error.
+ */
+static int nfs_bindresvport(const int sock, const sa_family_t family)
+{
+ struct sockaddr_in sin = {
+ .sin_family = AF_INET,
+ .sin_addr.s_addr = htonl(INADDR_ANY),
+ };
+ struct sockaddr_in6 sin6 = {
+ .sin6_family = AF_INET6,
+ .sin6_addr = IN6ADDR_ANY_INIT,
+ };
+
+ switch (family) {
+ case AF_INET:
+ return bindresvport_sa(sock, (struct sockaddr *)&sin,
+ (socklen_t)sizeof(sin));
+ case AF_INET6:
+ return bindresvport_sa(sock, (struct sockaddr *)&sin6,
+ (socklen_t)sizeof(sin6));
+ }
+
+ errno = EAFNOSUPPORT;
+ return -1;
+}
+
+#else /* !IPV6_SUPPORT */
+
+/*
+ * Bind a socket using an unused privileged source port.
+ *
+ * Returns zero on success, or returns -1 on error. errno is
+ * set to reflect the nature of the error.
+ */
+static int nfs_bindresvport(const int sock, const sa_family_t family)
+{
+ if (family != AF_INET) {
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+
+ return bindresvport(sock, NULL);
+}
+
+#endif /* !IPV6_SUPPORT */
+
/*
* Perform a non-blocking connect on the socket fd.
*
@@ -218,7 +270,8 @@ static CLIENT *nfs_get_udpclient(const struct sockaddr *sap,
const socklen_t salen,
const rpcprog_t program,
const rpcvers_t version,
- struct timeval *timeout)
+ struct timeval *timeout,
+ const int resvport)
{
CLIENT *client;
int ret, sock;
@@ -245,7 +298,10 @@ static CLIENT *nfs_get_udpclient(const struct sockaddr *sap,
return NULL;
}
- ret = nfs_bind(sock, sap->sa_family);
+ if (resvport)
+ ret = nfs_bindresvport(sock, sap->sa_family);
+ else
+ ret = nfs_bind(sock, sap->sa_family);
if (ret < 0) {
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = errno;
@@ -294,7 +350,8 @@ static CLIENT *nfs_get_tcpclient(const struct sockaddr *sap,
const socklen_t salen,
const rpcprog_t program,
const rpcvers_t version,
- struct timeval *timeout)
+ struct timeval *timeout,
+ const int resvport)
{
CLIENT *client;
int ret, sock;
@@ -321,7 +378,10 @@ static CLIENT *nfs_get_tcpclient(const struct sockaddr *sap,
return NULL;
}
- ret = nfs_bind(sock, sap->sa_family);
+ if (resvport)
+ ret = nfs_bindresvport(sock, sap->sa_family);
+ else
+ ret = nfs_bind(sock, sap->sa_family);
if (ret < 0) {
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = errno;
@@ -365,7 +425,8 @@ static CLIENT *nfs_get_tcpclient(const struct sockaddr *sap,
* @timeout: pointer to request timeout (must not be NULL)
*
* Set up an RPC client for communicating with an RPC program @program
- * and @version on the server @sap over @transport.
+ * and @version on the server @sap over @transport. An unprivileged
+ * source port is used.
*
* Returns a pointer to a prepared RPC client if successful, and
* @timeout is initialized; caller must destroy a non-NULL returned RPC
@@ -405,10 +466,75 @@ CLIENT *nfs_get_rpcclient(const struct sockaddr *sap,
switch (transport) {
case IPPROTO_TCP:
- return nfs_get_tcpclient(sap, salen, program, version, timeout);
+ return nfs_get_tcpclient(sap, salen, program, version,
+ timeout, 0);
+ case 0:
+ case IPPROTO_UDP:
+ return nfs_get_udpclient(sap, salen, program, version,
+ timeout, 0);
+ }
+
+ rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
+ return NULL;
+}
+
+/**
+ * nfs_get_priv_rpcclient - acquire an RPC client
+ * @sap: pointer to socket address of RPC server
+ * @salen: length of socket address
+ * @transport: IPPROTO_ value of transport protocol to use
+ * @program: RPC program number
+ * @version: RPC version number
+ * @timeout: pointer to request timeout (must not be NULL)
+ *
+ * Set up an RPC client for communicating with an RPC program @program
+ * and @version on the server @sap over @transport. A privileged
+ * source port is used.
+ *
+ * Returns a pointer to a prepared RPC client if successful, and
+ * @timeout is initialized; caller must destroy a non-NULL returned RPC
+ * client. Otherwise returns NULL, and rpc_createerr.cf_stat is set to
+ * reflect the error.
+ */
+CLIENT *nfs_get_priv_rpcclient(const struct sockaddr *sap,
+ const socklen_t salen,
+ const unsigned short transport,
+ const rpcprog_t program,
+ const rpcvers_t version,
+ struct timeval *timeout)
+{
+ struct sockaddr_in *sin = (struct sockaddr_in *)sap;
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
+
+ switch (sap->sa_family) {
+ case AF_LOCAL:
+ return nfs_get_localclient(sap, salen, program,
+ version, timeout);
+ case AF_INET:
+ if (sin->sin_port == 0) {
+ rpc_createerr.cf_stat = RPC_UNKNOWNADDR;
+ return NULL;
+ }
+ break;
+ case AF_INET6:
+ if (sin6->sin6_port == 0) {
+ rpc_createerr.cf_stat = RPC_UNKNOWNADDR;
+ return NULL;
+ }
+ break;
+ default:
+ rpc_createerr.cf_stat = RPC_UNKNOWNHOST;
+ return NULL;
+ }
+
+ switch (transport) {
+ case IPPROTO_TCP:
+ return nfs_get_tcpclient(sap, salen, program, version,
+ timeout, 1);
case 0:
case IPPROTO_UDP:
- return nfs_get_udpclient(sap, salen, program, version, timeout);
+ return nfs_get_udpclient(sap, salen, program, version,
+ timeout, 1);
}
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
diff --git a/utils/mount/network.c b/utils/mount/network.c
index bcd0c0f..72f4b84 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -869,7 +869,7 @@ int nfs_advise_umount(const struct sockaddr *sap, const socklen_t salen,
memcpy(saddr, sap, salen);
nfs_set_port(saddr, mnt_pmap.pm_port);
- client = nfs_get_rpcclient(saddr, salen, mnt_pmap.pm_prot,
+ client = nfs_get_priv_rpcclient(saddr, salen, mnt_pmap.pm_prot,
mnt_pmap.pm_prog, mnt_pmap.pm_vers,
&timeout);
if (client == NULL)
@@ -1337,7 +1337,7 @@ static unsigned short nfs_mount_protocol(struct mount_options *options)
return IPPROTO_UDP;
}
- return nfs_nfs_version(options);
+ return nfs_nfs_protocol(options);
}
/*
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index aaf8d29..c97c81f 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -86,7 +86,7 @@ main(int argc, char **argv)
NFSCTL_VERUNSET(versbits, c);
break;
default:
- fprintf(stderr, "%c: Unsupported version\n", c);
+ fprintf(stderr, "%s: Unsupported version\n", optarg);
exit(1);
}
break;