If you are getting your users/groups from a directory service such
as LDAP or AD it's possible for those usernames or groupnames to
contain spaces.
Submitted by: Sean E. Fagan
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: iXsystems
This is rather pedantic, as for most architectures it holds that
sizeof(type *) == sizeof(type **)
Found by: clang static analyzer
Reviewed by: ed
Differential Revision: https://reviews.freebsd.org/D4722
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
systems that are automounted, since that configuration
isn't supported. This still allows the export, since
two emails I received felt that this should not be
disabled. It sends the message to syslog(LOG_ERR..), so that
it goes to the same places as the other messages related
to /etc/exports problems, even though it is a warning and not an error.
Reviewed by: trasz
MFC after: 2 weeks
unmount, which causes error from nmount(2) call when performing
MNT_DELEXPORT over the directory which ceased to be a mount point.
The race is legitimate and innocent, but results in the chatty mountd.
Silence it by providing an distinguished error code for the situation,
and ignoring the error in mountd loop.
Based on the patch by: Andreas Longwitz <longwitz@incore.de>
Prodded and tested by: bdrewery
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
in the "hosts" array and eventually looks up the network address with
getaddrinfo(). At one point it checks for a numeric address and if it
sees one, it sets a hint parameter to force getaddrinfo to interpret the
host as a numeric address. However that hint is not cleared for subsequent
iterations of the loop and if any hosts seen after this point are host names,
getaddrinfo will fail on the name. The result of this bug is that you cannot
pass a host name to the -h flag.
Unfortunately, the first iteration will either process ::1 or 127.0.0.1,
so the flag is set on the first iteration and all host names will fail
to be processed.
The same bug applies to rpc.lockd and rpc.statd, so fix them too.
Differential Revision: https://reviews.freebsd.org/D1507
Reported by: Dylan Martin
MFC after: 1 week
Sponsored by: Sandvine Inc.
Sometimes nmount(2) will fail without setting errmsg. The previous (ignored)
error would then be shown as the reason for the failed call if the next
nmount(2) also fails without [ENOENT,ENOTSUP].
An example is when there is a tmpfs mounted with -o size. vfs_filteropt() adds
'size' as an error in errmsg due to 'size' not being in tmpfs_updateopts. Then
tmpfs_mount returns [ENOTSUP] from nmount(2), which is then ignored. The next
call may race with an unmount causing an invalid [EINVAL] that then does log an
error, with the tmpfs errmsg.
The race itself is a separate issue to fix as it is expected to have an
[ENOENT] returned instead.
In this example the mount being shown is actually nullfs, not tmpfs that the
error is from.
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument mount option <size> is unknown
It should only show:
mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument
MFC after: 2 weeks
execution of the nfsd threads while it is reloading the exports.
This avoids clients from getting intermittent access errors
when the exports are being reloaded non-atomically.
It is not an ideal solution, since requests will back up while
the nfsd threads are suspended. Also, when this option is used,
if mountd crashes while reloading exports, mountd will have to
be restarted to get the nfsd threads to resume execution.
This has been tested by Vincent Hoffman (vince at unsane.co.uk)
and John Hickey (jh at deterlab.net).
The nfse patch offers a more comprehensive solution for this issue.
PR: kern/9619, kern/131342
Reviewed by: kib
MFC after: 2 weeks
entries with different security flavors are in the exports(5)
file. For that case, mountd replies with the security flavors
of the last entry and not the correct one for the client host.
This patch fixes that by storing separate copies of the flavors
for each host/net case, plus a default one for the case where
no hosts/nets are specified on an entry in the exports(5) file.
Unlike the patch in the PR, it replies with the security flavors
for the entry instead of merging the security flavors for all
the entries and replying with that.
Tested by: attila.bogar at linguamatics.com
PR: kern/164933
MFC after: 2 weeks
error: variable 'dirp' set but not used
error: variable 'dirplen' set but not used
Approved by: dim, cperciva (mentor, blanket for pre-mentorship already-approved commits)
MFC after: 3 days
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
referred to as the experimental server. It also adds a new command
line option "-o" to both mountd and nfsd that forces them to use the
old/regular NFS server. The "-e" option for these commands is now
a no-op, since the new server is the default. I will be committing rc
script and man changes soon. Discussed on freebsd-fs@.
would crash in check_options() since dp == NULL for the V4: line.
This patch moves the check for options allowed on the V4: line to
ahead of where dp is used to avoid this crash.
Reported by: mamalos AT eng.auth.gr
MFC after: 1 week
allocates data structures that are never linked into the tree or free'd.
As such, mountd would leak memory every time it parsed an nfsv4 root line.
This patch frees up those structures to plug the leak.
Approved by: kib (mentor)
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively. (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer. Do the equivalent in
kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively. Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary. In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.
Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups. When feasible, truncate
the group list rather than generating an error.
Minor changes:
- Reduce the number of hand rolled versions of groupmember().
- Do not assign to both cr_gid and cr_groups[0].
- Modify ipfw to cache ucreds instead of part of their contents since
they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation)
X-MFC after: never
PR: bin/113398 kern/133867
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.
Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.
Reported by: lstewart
Tested by: lstewart