Commit Graph

9 Commits

Author SHA1 Message Date
Rick Macklem
ce78460aeb Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

Tested by:	freebsd@danielengel.com (earlier version)
PR:		205193
Reviewed by:	bz, rgrimes
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D19218
2019-04-06 22:05:51 +00:00
Mark Johnston
670c1e4b1c Add missing endpwent() and endgrent() calls to nfsuserd(8).
PR:		230937
Submitted by:	Peter Eriksson <peter@ifm.liu.se>
Reviewed by:	rmacklem
Approved by:	re (gjb)
MFC after:	1 week
2018-08-28 15:18:14 +00:00
Rick Macklem
7897d2a532 Revert r320757 since it can cause "excl->shared" panics.
PR#230752 shows a panic where an nfsd thread tries to do soconnect() on
the AF_LOCAL socket used by the nfsuserd while already holding an
exclusive lock on it. I am not 100% sure how this happens, but since an
AF_LOCAL socket is in the file system namespace it is conceivable that it
could lock it and then attempt an upcall to the nfsuserd.
However, reverting r320757 stops the nfsuserd from using an AF_LOCAL
socket, so it should avoid any such panic().
r320757 did fix a problem with running the nfsuserd when jails were
enabled, but that can be dealt with less elegantly by allowing the
use of an alternate address instead of 127.0.0.1.
The gssd daemon also uses an AF_LOCAL socket, but it will do upcalls
before the nfsd thread processes the RPC, so I think it should not
be suseptible to this problem.

PR:		230752
2018-08-22 12:20:10 +00:00
Rick Macklem
77193c0508 Modify the nfsuserd daemon so that it uses an AF_LOCAL socket for upcalls.
This patch modifies the nfsuserd daemon so that it uses an AF_LOCAL socket
for upcalls by default. This should fix the problem with using a UDP
socket upcall to 127.0.0.1 when jails are used.
The AF_LOCAL socket case only supports a single server daemon, since hangs
were observed by the original problem reporter when multiple daemons
were used.
The patch adds a command line option called "-use-udpsock" which makes
the daemon revert to its prepatched behaviour.

Suggested by:	dfr
PR:		205193
Relnotes:	yes
2017-07-06 22:04:37 +00:00
Rick Macklem
c1c63967cb Fix the default uid/gid values in nfsuserd.c
This patch sets the default uid/gid values for "nobody" and "nogroup"
to the values in the password and group databases. Normally nfsuserd(8)
will override these with whatever is in the password/group databases,
so these values are only used when the databases entries aren't available.
It would be nice to use the definitions in sys/conf.h, but those are
in the _KERNEL section of the file.

Reported by:	tez@pkgsrc.org
Submitted by:	tez@pkgsrc.org
MFC after:	2 weeks
2017-04-23 23:09:02 +00:00
Rick Macklem
e6c623c86a Add support for the "-manage-gids" option to the nfsuserd daemon.
When this option is set, the NFS server uses the list of groups
acquired via getgrouplist(3) for the uid instead of the list of
groups in the RPC request. This can be used to avoid the 16 gid
limit for the group list in the RPC request.

Suggested by:	jpaetzel
Tested by:	jpaetzel
MFC after:	2 weeks
2015-11-30 22:11:34 +00:00
Rick Macklem
eb75badee3 Change the NFSv4 nfsuserd(8) daemon so that it doesn't preload the
uid<->username mapping cache with an entry when another entry
for that uid is already loaded. This fixes a case where the
mapping of "toor" would replace "root" when the daemon was started,
resulting in no mapping for "root" until the cache entry for "toor"
timed out.
The algorithm is inefficient, but since it is only done once when
the daemon is started up, I don't think that's an issue.

MFC after:	2 weeks
2011-06-21 21:07:33 +00:00
Xin LI
9964058e79 Code cleanup for nfs4 utilities:
- Mark internal routines as static;
 - Eliminate unused parameters where possible, mark __unused for others;
 - Remove unused variables;
 - Use %jd for int64_t values in printf();
 - Add appropriate %d for printf to match its parameter;
 - Rename a variable to resolve conflict with revoke(2);

Reviewed by:	rmacklem
Tested with:	make universe (bugs are mine)
2009-05-29 22:19:45 +00:00
Rick Macklem
03914b0bb2 Add two new utilities and two new daemons to /usr/src/usr.sbin that
are specifically used by the experimental nfsv4 subsystem.
  nfscbd - The NFSv4 client callback daemon.
  nfsuserd - The NFSv4 daemon that maps between user and group name
           and their corresponding uid/gid numbers.
  nfsdumpstate - A utility that dumps out the NFSv4 Open/Lock state.
  nfsrevoke - Administratively revokes an NFSv4 client, releasing all
           NFSv4 Open/Lock state it holds on the server.

Approved by:	kib (mentor)
2009-05-26 15:19:04 +00:00