Opened 7 weeks ago
Closed 7 weeks ago
#20139 closed enhancement (fixed)
libtirpc-1.3.5
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (3)
comment:1 by , 7 weeks ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 weeks ago
comment:3 by , 7 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
commit d68523a88ba0a60b949c3bbb2c246be3cfeb0eea Author: NeilBrown <neilb@suse.de> Date: Mon Mar 18 11:30:12 2024 -0400 Try using a new abstract address when connecting to rpcbind As RPC services are network services, it can make sense to localise them in a network namespace on Linux. Unfortunately the use of a path name - /var/run/rpcbind.sock - to contact rpcbind makes that difficult and requires a mount namespace to be created as well. Linux supports abstract addresses for AF_UNIX sockets. These start with a nul byte and (by convention) no other nul bytes with the length specified by the addrlen. Abstract addresses are matched by byte comparison without reference to the filesystem, and are local to the network namespace in which are used. Using an abstract address for contacting rpcbind removes the need for a mount namespace. Back comparability is assured by attempting to connect to the existing well known address (/var/run/rpcbind.sock) if the abstract address cannot be reached. Choosing the name needs some care as the same address will be configured for rpcbind, and needs to be built in to libtirpc for this enhancement to be fully successful. There is no formal standard for choosing abstract addresses. The defacto standard appears to be to use a path name similar to what would be used for a filesystem AF_UNIX address - but with a leading nul. In that case "\0/var/run/rpcbind.sock" seems like the best choice. However at this time /var/run is deprecated in favour of /run, so "\0/run/rpcbind.sock" might be better. Though as we are deliberately moving away from using the filesystem it might seem more sensible to explicitly break the connection and just have "\0rpcbind.socket" using the same name as the systemd unit file.. The linux kernel already attempts to connect to the second option, "\0/run/rpcbind.sock" since Linux v6.5 so this patch chooses that option. commit 33c687b940a85479b899fda8a4ee78aab8f18d21 Author: NeilBrown <neilb@suse.de> Date: Mon Mar 18 11:27:23 2024 -0400 Change local_rpcb() to take a targaddr pointer. One caller of local_rpcb() wants the target-addr, and local_rcpb() has easy access to it. So accept a pointer and fill it in if not NULL. This will simplify a future patch in which local_rpcb() makes a choice between different possible socket paths. commit d4d6c80f760228c2f36c926cfe6814a4377aa65a Author: NeilBrown <neilb@suse.de> Date: Mon Mar 18 11:26:02 2024 -0400 Allow working with abstract AF_UNIX addresses. Linux supports abstract addresses for AF_UNIX. These have .sun_path starting with '\0'. When presented in human-readable form they have a leading '@' instead. The length of the sockaddr must not include any trailing zeroes after the abstract name, as they will treated as part of the name and cause address matching to fail. This patch makes various changes to code that works with sun_path to ensure that abstract addresses work correctly. In particular it fixes a bug in __rpc_sockisbound() which incorrectly determines that a socket bound to an abstract address is in fact not bound. This prevents sockets with abstract addresses being used even when created outside of the library. commit 6951a9c3139c9c7dbb0bdae70737996011fc7a37 Author: Herb Wartens <wartens2@llnl.gov> Date: Mon Mar 18 11:07:15 2024 -0400 rpcb_clnt.c: memory leak in destroy_addr Piece was dropped from original fix. commit 3e5f7b04d2b8076576aef5e9cb3657d818eec4a5 Author: Zhuohao Bai <zhuohao_bai@foxmail.com> Date: Fri Jan 5 11:34:01 2024 -0500 _rpc_dtablesize: Decrease the value of size. To fix the bug caused by a Size value that is too large and leads to an array that requires excessive memory, which subsequently results in the failure of rpcbind to start properly. commit 11d8d96e75e9260bed8566a6a366ff7dd8fde753 Author: Jörg Sommer <joerg.sommer@navimatix.de> Date: Fri Jan 5 11:25:14 2024 -0500 netconfig: remove tcp6, udp6 on --disable-ipv6 If the configuration for IPv6 is disabled, the netconfig should not contain settings for tcp6 and udp6. The test for the configure option didn't work, because it check the wrong variable. commit 22b1c0cd6076dcd7df822cd1181e98278dc865db Author: Olga Kornievskaia <kolga@netapp.com> Date: Wed Jan 3 17:50:42 2024 -0500 gssapi: fix rpc_gss_seccreate passed in cred Fix rpc_gss_seccreate() usage of the passed in gss credential. Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context") commit 14d90686b669f697c8773bea28c1f3753ee99f83 Author: Olga Kornievskaia <kolga@netapp.com> Date: Wed Jan 3 17:48:40 2024 -0500 gssapi: revert commit f5b6e6fdb1e6 Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in authgss_refresh()". Instead of modifying existing api, use rpc_gss_seccreate() which exposes the error values.