Previously the code only warned about the condition and then happily
proceeded to use the too large value resulting in the array
out-of-bounds access.
Obtained from: Panzura (Chuanbo Zheng)
MFC after: 10 days
Sponsored by: Panzura
When attempting to mount a non-directory which exists, return ENOTDIR instead
of ENOENT. If stat() or statfs() failed, don't pass part of the invalid
(struct statfs) to ex_search(). In that same case, preserve the value of "bad"
rather than overwriting with EACCES.
Submitted by: Bruce Leverett (Panasas)
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: Panasas
Differential Revision: https://reviews.freebsd.org/D14438
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Use SLIST from sys/queue.h instead of homebrew linked list for mountlist.
Reviewed by: bapt, rmacklem
MFC after: 1 week
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D12504
Use SLIST from sys/queue.h instead of homebrew linked list for the exportlist.
Reviewed by: bapt, rmacklem
MFC after: 1 week
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D12502
Introduced in r324007, the data alloced by strdup was never free'ed.
While here, remove cast to caddr_t when freeing dp.
Reported by: bde
MFC after: 1 week
X MFC With: r324007
The default values found in /etc/passwd and /etc/group are 65534, 65533.
In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits.
Without this patch, a file created by root on an NFS exported volume without
the "-root=" export option will end up owned by uid 4**32 - 2.
When discussed on freebsd-current@, it seemed that users preferred the
values being changed to 65534/65533.
I have not added code to acquire these values from the databases, since
the mountd daemon might get "stuck" during startup waiting for a non-responsive
password database server.
Discussed on: freebsd-current
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
when the new/default NFS server was running, for the "-n" option.
This patch fixes the problem for head and stable/11. For stable/10 the
patch will need to be modified when MFC'd, since the stable/10 mountd.c
handles both old and new NFS servers.
Since the new NFS server uses vfs.nfsd.nfs_privport == 0 by default,
there wouldn't have been many users affected by the code not setting
it to 0 when the "-n" option was specified.
PR: 213450
Submitted by: rs@bytecamp.net
MFC after: 2 weeks
If you are getting your users/groups from a directory service such
as LDAP or AD it's possible for those usernames or groupnames to
contain spaces.
Submitted by: Sean E. Fagan
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: iXsystems
This is rather pedantic, as for most architectures it holds that
sizeof(type *) == sizeof(type **)
Found by: clang static analyzer
Reviewed by: ed
Differential Revision: https://reviews.freebsd.org/D4722
systems that are automounted, since that configuration
isn't supported. This still allows the export, since
two emails I received felt that this should not be
disabled. It sends the message to syslog(LOG_ERR..), so that
it goes to the same places as the other messages related
to /etc/exports problems, even though it is a warning and not an error.
Reviewed by: trasz
MFC after: 2 weeks
unmount, which causes error from nmount(2) call when performing
MNT_DELEXPORT over the directory which ceased to be a mount point.
The race is legitimate and innocent, but results in the chatty mountd.
Silence it by providing an distinguished error code for the situation,
and ignoring the error in mountd loop.
Based on the patch by: Andreas Longwitz <longwitz@incore.de>
Prodded and tested by: bdrewery
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
in the "hosts" array and eventually looks up the network address with
getaddrinfo(). At one point it checks for a numeric address and if it
sees one, it sets a hint parameter to force getaddrinfo to interpret the
host as a numeric address. However that hint is not cleared for subsequent
iterations of the loop and if any hosts seen after this point are host names,
getaddrinfo will fail on the name. The result of this bug is that you cannot
pass a host name to the -h flag.
Unfortunately, the first iteration will either process ::1 or 127.0.0.1,
so the flag is set on the first iteration and all host names will fail
to be processed.
The same bug applies to rpc.lockd and rpc.statd, so fix them too.
Differential Revision: https://reviews.freebsd.org/D1507
Reported by: Dylan Martin
MFC after: 1 week
Sponsored by: Sandvine Inc.
Sometimes nmount(2) will fail without setting errmsg. The previous (ignored)
error would then be shown as the reason for the failed call if the next
nmount(2) also fails without [ENOENT,ENOTSUP].
An example is when there is a tmpfs mounted with -o size. vfs_filteropt() adds
'size' as an error in errmsg due to 'size' not being in tmpfs_updateopts. Then
tmpfs_mount returns [ENOTSUP] from nmount(2), which is then ignored. The next
call may race with an unmount causing an invalid [EINVAL] that then does log an
error, with the tmpfs errmsg.
The race itself is a separate issue to fix as it is expected to have an
[ENOENT] returned instead.
In this example the mount being shown is actually nullfs, not tmpfs that the
error is from.
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument mount option <size> is unknown
It should only show:
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument
MFC after: 2 weeks
execution of the nfsd threads while it is reloading the exports.
This avoids clients from getting intermittent access errors
when the exports are being reloaded non-atomically.
It is not an ideal solution, since requests will back up while
the nfsd threads are suspended. Also, when this option is used,
if mountd crashes while reloading exports, mountd will have to
be restarted to get the nfsd threads to resume execution.
This has been tested by Vincent Hoffman (vince at unsane.co.uk)
and John Hickey (jh at deterlab.net).
The nfse patch offers a more comprehensive solution for this issue.
PR: kern/9619, kern/131342
Reviewed by: kib
MFC after: 2 weeks
entries with different security flavors are in the exports(5)
file. For that case, mountd replies with the security flavors
of the last entry and not the correct one for the client host.
This patch fixes that by storing separate copies of the flavors
for each host/net case, plus a default one for the case where
no hosts/nets are specified on an entry in the exports(5) file.
Unlike the patch in the PR, it replies with the security flavors
for the entry instead of merging the security flavors for all
the entries and replying with that.
Tested by: attila.bogar at linguamatics.com
PR: kern/164933
MFC after: 2 weeks
error: variable 'dirp' set but not used
error: variable 'dirplen' set but not used
Approved by: dim, cperciva (mentor, blanket for pre-mentorship already-approved commits)
MFC after: 3 days
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
referred to as the experimental server. It also adds a new command
line option "-o" to both mountd and nfsd that forces them to use the
old/regular NFS server. The "-e" option for these commands is now
a no-op, since the new server is the default. I will be committing rc
script and man changes soon. Discussed on freebsd-fs@.
would crash in check_options() since dp == NULL for the V4: line.
This patch moves the check for options allowed on the V4: line to
ahead of where dp is used to avoid this crash.
Reported by: mamalos AT eng.auth.gr
MFC after: 1 week
allocates data structures that are never linked into the tree or free'd.
As such, mountd would leak memory every time it parsed an nfsv4 root line.
This patch frees up those structures to plug the leak.
Approved by: kib (mentor)
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively. (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer. Do the equivalent in
kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively. Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary. In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.
Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups. When feasible, truncate
the group list rather than generating an error.
Minor changes:
- Reduce the number of hand rolled versions of groupmember().
- Do not assign to both cr_gid and cr_groups[0].
- Modify ipfw to cache ucreds instead of part of their contents since
they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation)
X-MFC after: never
PR: bin/113398 kern/133867
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.
Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.
Reported by: lstewart
Tested by: lstewart
set for RPC UDP sockets. Mountd uses internal libc fuctions
directly and bypasses generic socket initialization completely,
so we need to set IP_RECVDSTADDR here to match the libc behavior.
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.
Approved by: kib (mentor)
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
-h bindip
Specify specific IP addresses to bind to for TCP and UDP requests.
This option may be specified multiple times. If no -h option is
specified, mountd will bind to INADDR_ANY. Note that when specifying
IP addresses with -h, mountd will automatically add 127.0.0.1 and if
IPv6 is enabled, ::1 to the list.
PR: bin/114097
Reviewed by: pjd (an eariler version of the patch)
MFC after: 1 week