Opened 3 months ago
Closed 3 months ago
Last modified 8 weeks ago
New point version.
exportd: server-side gid management
Ported manage-gids option from mountd
gssd: Add options to rpc.gssd to allow for the use of $HOME/.k5identity files
Since commit 2f682f25c642fcfe7c511d04bc9d67e732282348 $HOME
has been set to '/' to avoid a deadlock when accessing
Kerberized NFS shares. While this works for most use cases,
users who depend on the use of $HOME/.k5identity files are
negatively impacted by this commit. This patch allows for
users to use their $HOME/.k5identity to access subsequent
Kerberized resources based on the credentials in said file.
The default set by commit 2f682f25c still remains the same,
but a user can pass '-H' to change rpc.gssd behavior to not
set $HOME to '/'. Setting 'set-home=0' in /etc/nfs.conf
has the same effect as passing '-H' directly to rpc.gssd.
mountd: reject unknown client IP when !use_ipaddr.
When use_ipaddr is not in effect, an auth_unix_ip lookup
request from the kernel for an unknown client will be
rejected. When it IS in effect, these requests are
always granted with the IP address being mapped to a
string form of the address, preceded by a '$'.
This is inconsistent behaviour and could present a small
information leak. It means that, for example, a SETCLIENT
NFSv4 request may or may not succeed depending on an
internal setting in rpc.mountd.
This is easily rectified by always checking if the
client is known.
mountd: Don't proactively add export info when fh info is requested.
When an "nfsd.fh" request is received from the kernel, we map the
file-handle prefix to a path name and report that (as required) and then
also add "nfsd.export" information with export flags applicable to that
This is not necessary and was added as a perceived optimisation.
When updating data already in the kernel, it is unlikely to help as the
kernel can be expected to ask for both details at much the same time.
With NFSv3, new information is normally added by a MOUNT rpc request, so
this is irrelevant.
With NFSv4, the kernel requests the "nfsd.export" information when
walking down from ROOT, *before* requesting the nfsd.fh information, so
this "optimisation" causes unnecessary work.
A future patch will add logging of authentication requests, and this
double-handling would result in extra unnecessary log messages.
As this "optimisation" appears to have no practical value and some
(small) cost, let's remove it.
mountd/exports: update man page
The text in the manpages about the export table is a bit outdated, and
doesn't mention the in-kernel cache which is an import part of
As a future patch will enable logging of updates to that cache, it is
important to have the caching behaviour documented. So update that
section of both man pages, and make a few other minor improvements.
mountd: add logging for authentication results for accesses.
When NFSv3 is used to mount a filesystem, success/failure messages are
logged by mountd and can be used for auditing. When NFSv4 is used,
there is no distinct "MOUNT" request, and nothing is logged.
We can instead log authentication requests from the kernel. These will
happen regularly - typically every 15 minutes of ongoing access - so
they may be too noisy, or might be more useful. As they might not be
wanted, make them selectable with the "AUTH" facility in xlog().
Add a "-l" to enable these logs. Alternately "debug = auth" will have
the same effect.
The same changes are made to both rpc.mountd and nfsv4.exportd.
mountd: add --cache-use-ipaddr option to force use_ipaddr
When logging authentication requests, it can be easier to read the logs
if clients are always identified by IP address, not intermediate names
like netgroups or subnets.
To allow this, add --cache-use-ipaddr or -i which tell mountd to always
mountd: make default ttl settable by option
The DEFAULT_TTL affects the rate at which authentication messages are
logged. So it is useful to make it settable.
Add "-ttl" and "-T", and add clear statement in the documentation of
both the benefits and the possible negative effects of choosing a larger
mountd: add logging of NFSv4 clients attaching and detaching.
NFSv4 does not have a MOUNT request like NFSv3 does (via the MOUNT
protocol). So these cannot be logged.
NFSv4 does have SETCLIENTID and EXCHANGE_ID. These are indirectly
visible though changes in /proc/fs/nfsd/clients.
When a new client attaches, a directory appears. When the client
detaches, through a timeout (v4.0) or DESTROY_SESSION (v4.1+)
the directory disappears.
This patch adds tracking of these changes using inotify, with log
messages when a client attaches or detaches.
Unfortuantely clients are created in two steps, the second being a
confirmation. This results in a temporary client appearing and
disappearing. It is not possible (in Linux 5.10) to detect the
unconfirmed client, so extra attach/detach messages are generated.
This patch also moves some cache* function declarations into a header
file, and makes a few related changes to #includes.
nfsdclnts: Ignore SIGPIPE signal
exportfs: fix unexporting of '/'
The code that has been added to strip trailing slashes from path in
unexportfs_parsed() forgot to account for the case of the root
directory, which is simply '/'. In that case it accesses path[-1] and
reduces the path to an empty string, which then fails to match any
Fix it by stopping the stripping when the path is just a single
character - it doesn't matter if it's a '/' or not, we want to keep it
either way in that case.
exportfs -u localhost:/
Without this patch, the unexport step fails with "exportfs: Could not
find 'localhost:/' to unexport."
mountd/exportd: only log confirmed clients, and poll for updates
It is possible (and common with the Linux NFS client) for the nfs server
to receive multiple SET_CLIENT_ID or EXCHANGE_ID requests when starting
a connection. This results in some clients appearing in
which never get confirmed. mountd currently logs these, but they aren't
If the kernel supports the reporting of the confirmation status of
clients, we can suppress the message until a client is confirmed.
With this patch we:
- record if the client is confirmed, assuming it is if the status is
- don't log unconfirmed clients
- request MODIFY notification from unconfirmed clients.
- recheck an info file when it is modified.
NFS server should enable RDMA by default
Product is shipped with NFS/RDMA disabled by default.
An extra step is needed when setting up an NFS server
to support NFS/RDMA clients.
mountd/exports: Fix typo in the man page
Fix `statx()` emulation breaking exports
Ever since commit 76c21e3f (mountd: Check the stat() return values in
match_fsid(), 2020-05-08), it wasn't possible to export filesystems
on my musl based system anymore.
The root cause of this is the innocuous-looking change to decide based
on `errno` whether `is_mountpoint()` raised a real error or whether it
simply didn't match. The issue is that `is_mountpoint()` transitively
calls into our `xlstat()` wrapper, which either executes `statx()` if
the system supports it or otherwise falls back to `fstatat()`. But if
`statx()` is not supported, then we'll always first set `errno = ENOSYS`
before calling `fstatat()`. So effectively, all systems which do not
have `statx()` and whose `fstatat()` doesn't reset `errno` will cause us
to end up with errno set to `ENOSYS`.
Fix the issue by resetting `errno` before calling `fstatat()` in both
`xlstat()` and `xstat()`.
Replace all /var/run with /run
FHS 3.0 deprecated /var/run in favour of /run.
FHS 3.0 was released over 5 years ago.
I think it is time for nfs-utils to catch up.
Note that some places, particularly systemd unit files, already use just
nfs-utils: Factor out common structure cleanup calls
nfs-utils: Enable the retrieval of raw config settings without expansion
Config entries sometimes contain variable expansions, this adds options
to retrieve the config entry rather than its current expanded value.
gssd: use mutex to protect decrement of refcount
The decrement of the "ple" refcount is not protected so it can race with
increments or decrements from other threads. An increment could be lost
and then the ple would be freed early, leading to memory corruption.
So use the mutex to protect decrements (increments are already
As gssd_destroy_krb5_principals() calls release_ple() while holding the
mutex, we need a "release_pte_locked()" which doesn't take the mutex.
Fix NFSv4 export of tmpfs filesystems
Some filesystems cannot be exported without an fsid or uuid.
tmpfs is the main example.
When mountd (or exportd) creates nfsv4 pseudo-root exports for the path
leading down to an export point it exports each directory without any
fsid or uuid. If one of these directories is on tmpfs, that will fail.
The net result is that exporting a subdirectory of a tmpfs filesystem
will not work over NFSv4 as the parents within the filesystem cannot be
exported. It will either fail, or fall-back to NFSv3 (depending on the
version of the mount.nfs program).
To fix this we need to provide an fsid or uuid for these pseudo-root
exports. This patch does that by creating an RFC-4122 V5 compatible
UUID based on an arbitrary seed and the path to the export.
To check if an export needs a uuid, text_export() is moved from exportfs
to libexport.a, modified slightly and renamed to export_test().
Remove 'force' arg from cache_flush()
Since v4.17 the timestamp written to 'flush' is ignored,
so there isn't much point choosing too precisely.
For kernels since v4.3-rc3-13-g778620364ef5 it is safe
to write 1 second beyond the current time.
For earlier kernels, nothing is really safe (even the current
behaviour), but writing one second beyond the current time isn't too bad
in the unlikely case the people use a new nfs-utils on a 5 year old
This remove a dependency for libnfs.a on 'etab' being declare,
so svcgssd no longer needs to declare it.
Move declaration of etab and rmtab into libraries
There are two global "struct stat_paths" structures: etab and rmtab.
They are currently needed by some library code so any program which is
linked with that library code needs to declare the structures even if it
doesn't use the functionality. This is clumsy and error-prone.
Instead: have the library declare the structure and put the definition
in a header file. Now programs only need to know about these structures
if they use the functionality.
'rmtab' is now declared in libnfs.a (rmtab.c). 'etab' is declared in
README: update git repository URL
The old URL is no longer available. Update to the new URL that is
mentioned on https://linux-nfs.org.
configure: check for rpc/rpc.h presence
Recent versions of glibc (since 2.26?) no longer supply rpc/rpc.h, and
in previous versions, RPC was optional. Detect such cases and prompt the
user to build with libtirpc instead.
gssd: deal with failed thread creation
If we fail to create a thread to handle an upcall, we still need to do a
downcall to tell the kernel about the failure, otherwise the process
that is trying to establish gss credentials will hang.
This patch shifts the thread creation down a level in the call chain so
now the main thread does a little more work up front (reading & parsing
the data from the pipefs file) so it has the info it needs to be able
to do the error downcall.
gssd: add timeout for upcall threads
Add a global list of active upcalls and a watchdog thread that walks the
list, looking for threads running longer than timeout seconds. By
default, an error message will by logged to the syslog.
The upcall timeout can be specified by passing the -U option or by
setting the upcall-timeout parameter in nfs.conf.
Passing the -C option or setting cancel-timed-out-upcalls=1 in nfs.conf
causes the watchdog thread to also cancel timed-out upcall threads and
report an error of -ETIMEDOUT to the kernel.
nfs(5): Fix missing mentions of "rdma6" netid
nfs(5): Correct the spelling of "kernel_source"
mount.nfs: insert 'sloppy' at beginning of the options
Previously, the 'sloppy' option was appended to other options
so that when kernel parses the options sequentially, the
'sloppy' option will not work if there's a invalid option in
front of it.
use 'po_insert' instead 'po_append'
gssd: Cleaned up debug messages
Added tids to a number of statements
Broke the lifetime_rec secs into a readable format
Printed tids out correctly
Trim down the output of both '-v' and '-vv'
Fixed at 6ef71d2f2f1e488d2bf2bd7f0d0d9bd423ce78a0
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.