Skip to content
Snippets Groups Projects
Commit 0aa2900b authored by Pavel Vondruska's avatar Pavel Vondruska
Browse files

initial

parents
Branches
Tags v1.1
No related merge requests found
Pipeline #1384 failed
build:bullseye:
image: debian:bullseye
script:
- ./make.sh
artifacts:
paths:
- build/*
make.sh 0 → 100755
#!/bin/bash
set -x
# Nastaveni promennych, pokud je SINVERSION zakomentovana, pokusime se odhadnout nejnovejsi
export DEBIAN_FRONTEND=noninteractive
# Nacteni promennych o bezicim systemu vcetne verzi
. /etc/os-release
# Od Debian 11 Bullseye ma debian-security trochu jinou cestu, abychom mohli pouzit heredoc, rozskocime si pres funkci
function get_debian_security() {
if [ "${VERSION_ID}" -lt "11" ]; then echo "${VERSION_CODENAME}/updates"; else echo "${VERSION_CODENAME}-security"; fi
}
# Vygenerovani sources.list podle verze Debianu
cat > /etc/apt/sources.list << EOSOURCES
deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
EOSOURCES
# Instalace buildovacich veci a zavislosti
apt update -qqq
apt install -yqqq git devscripts build-essential
apt source nfs-utils
cd nfs-utils-1.3.4
cp ../zs* debian/patches
echo "zs1-local-realm-guess
zs1-n-option-impl
zs2-idmap-init
zs3-keyctl-order
zs4-nfs4mount-strtok
zs5-multhr-hostcache
zs7-svcgssdargs.patch" >> debian/patches/series
dch --newversion "1.3.4-6+zs8" "Apply local patches"
mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control
# Build balicku
dpkg-buildpackage -uc -us -b
cd ..
mkdir build
mv *.deb build/
Index: nfs-utils-1.2.5/utils/gssd/gssd_main_loop.c
===================================================================
--- nfs-utils-1.2.5.orig/utils/gssd/gssd_main_loop.c 2011-09-24 13:55:15.000000000 +0200
+++ nfs-utils-1.2.5/utils/gssd/gssd_main_loop.c 2013-08-05 12:22:04.134188759 +0200
@@ -229,7 +229,9 @@
} else if (ret == 0) {
/* timeout */
} else { /* ret > 0 */
+ sigprocmask(SIG_BLOCK, &set, NULL);
scan_poll_results(ret);
+ sigprocmask(SIG_UNBLOCK, &set, NULL);
}
}
topdirs_free_list();
Index: nfs-utils-1.2.5/utils/idmapd/idmapd.c
===================================================================
--- nfs-utils-1.2.5.orig/utils/idmapd/idmapd.c 2013-08-05 12:29:36.625174503 +0200
+++ nfs-utils-1.2.5/utils/idmapd/idmapd.c 2013-08-05 12:29:54.433366222 +0200
@@ -778,7 +778,6 @@
} else {
event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
event_add(&ic->ic_event, NULL);
- fcntl(ic->ic_dirfd, F_SETSIG, 0);
fcntl(ic->ic_dirfd, F_NOTIFY, 0);
if (verbose > 0)
xlog_warn("Opened %s", ic->ic_path);
Index: nfs-utils-1.3.4/utils/gssd/krb5_util.c
===================================================================
--- nfs-utils-1.3.4.orig/utils/gssd/krb5_util.c
+++ nfs-utils-1.3.4/utils/gssd/krb5_util.c
@@ -831,7 +831,7 @@ find_keytab_entry(krb5_context context,
* single realm, but we code with the assumption that
* someday it may actually return a list.
*/
- code = krb5_get_host_realm(context, targethostname, &realmnames);
+ code = krb5_get_host_realm(context, myhostname, &realmnames);
if (code) {
k5err = gssd_k5_err_msg(context, code);
printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n",
Index: nfs-utils-1.3.4/utils/gssd/svcgssd.c
===================================================================
--- nfs-utils-1.3.4.orig/utils/gssd/svcgssd.c
+++ nfs-utils-1.3.4/utils/gssd/svcgssd.c
@@ -108,7 +108,11 @@ main(int argc, char *argv[])
idmap_verbosity++;
break;
case 'n':
- get_creds = 0;
+ /*
+ * Creds are necessary for passing enctype limits,
+ * using krb5 library hack.
+ */
+ setenv("KRB5_IGNORE_ACCEPTOR","1",1);
break;
case 'v':
verbosity++;
Index: nfs-utils-1.3.4/debian/nfs-common.init
===================================================================
--- nfs-utils-1.3.4.orig/debian/nfs-common.init
+++ nfs-utils-1.3.4/debian/nfs-common.init
@@ -156,6 +156,7 @@ case "$1" in
then
do_modprobe sunrpc
do_modprobe nfs
+ do_modprobe nfsv4
do_modprobe nfsd
mkdir -p "$PIPEFS_MOUNTPOINT"
if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT
Index: nfs-utils-1.2.8/debian/control
===================================================================
--- nfs-utils-1.2.8.orig/debian/control
+++ nfs-utils-1.2.8/debian/control
@@ -32,7 +32,7 @@ Homepage: http://nfs.sourceforge.net/
Package: nfs-common
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, rpcbind, adduser, ucf, lsb-base (>= 1.3-9ubuntu3), initscripts (>= 2.88dsf-13.3), libtirpc1 (>= 0.2.4)
+Depends: ${shlibs:Depends}, ${misc:Depends}, rpcbind, adduser, ucf, lsb-base (>= 1.3-9ubuntu3), initscripts (>= 2.88dsf-13.3), libtirpc1 (>= 0.2.4), keyutils
Recommends: python
Suggests: open-iscsi, watchdog
Provides: nfs-client
Index: nfs-utils-1.3.4/utils/nfsidmap/nfsidmap.c
===================================================================
--- nfs-utils-1.3.4.orig/utils/nfsidmap/nfsidmap.c
+++ nfs-utils-1.3.4/utils/nfsidmap/nfsidmap.c
@@ -17,6 +17,7 @@
#include "conffile.h"
int verbose = 0;
+int timeout = 600;
char *usage = "Usage: %s [-vh] [-c || [-u|-g|-r key] || -d || -l || [-t timeout] key desc]";
#define MAX_ID_LEN 11
@@ -209,6 +210,10 @@ static int id_lookup(char *name_at_domai
return EXIT_FAILURE;
}
+ /* Set timeout to 10 (600 seconds) minutes */
+ if (rc == EXIT_SUCCESS)
+ keyctl_set_timeout(key, timeout);
+
rc = EXIT_SUCCESS;
if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
switch (errno) {
@@ -266,6 +271,10 @@ static int name_lookup(char *id, key_ser
return EXIT_FAILURE;
}
+ /* Set timeout to 10 (600 seconds) minutes */
+ if (rc == EXIT_SUCCESS)
+ keyctl_set_timeout(key, timeout);
+
rc = EXIT_SUCCESS;
if (keyctl_instantiate(key, &name, strlen(name), 0)) {
rc = EXIT_FAILURE;
@@ -356,7 +365,6 @@ int main(int argc, char **argv)
char *value;
char *type;
int rc = 1, opt;
- int timeout = 600;
key_serial_t key;
char *progname, *keystr = NULL;
int clearing = 0, keymask = 0, display = 0, list = 0;
@@ -470,10 +478,6 @@ int main(int argc, char **argv)
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
- /* Set timeout to 10 (600 seconds) minutes */
- if (rc == EXIT_SUCCESS)
- keyctl_set_timeout(key, timeout);
-
free(arg);
return rc;
}
Index: nfs-utils-1.2.8/utils/nfsidmap/nfsidmap.c
===================================================================
--- nfs-utils-1.2.8.orig/utils/nfsidmap/nfsidmap.c
+++ nfs-utils-1.2.8/utils/nfsidmap/nfsidmap.c
@@ -33,6 +33,8 @@ char *usage="Usage: %s [-v] [-c || [-u|-
static int keyring_clear(char *keyring);
+int timeout = 600;
+
#define UIDKEYS 0x1
#define GIDKEYS 0x2
@@ -58,6 +60,9 @@ int id_lookup(char *name_at_domain, key_
(type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
if (rc == 0) {
+ /* Set timeout to 10 (600 seconds) minutes */
+ keyctl_set_timeout(key, timeout);
+
rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
if (rc < 0) {
switch(rc) {
@@ -112,6 +117,9 @@ int name_lookup(char *id, key_serial_t k
(type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
if (rc == 0) {
+ /* Set timeout to 10 (600 seconds) minutes */
+ keyctl_set_timeout(key, timeout);
+
rc = keyctl_instantiate(key, &name, strlen(name), 0);
if (rc < 0)
xlog_err("name_lookup: keyctl_instantiate failed: %m");
@@ -230,7 +238,6 @@ int main(int argc, char **argv)
char *value;
char *type;
int rc = 1, opt;
- int timeout = 600;
key_serial_t key;
char *progname, *keystr = NULL;
int clearing = 0, keymask = 0;
@@ -323,10 +330,6 @@ int main(int argc, char **argv)
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
- /* Set timeout to 10 (600 seconds) minutes */
- if (rc == 0)
- keyctl_set_timeout(key, timeout);
-
free(arg);
return rc;
}
Index: nfs-utils-1.2.8/utils/mount/nfs4mount.c
===================================================================
--- nfs-utils-1.2.8.orig/utils/mount/nfs4mount.c
+++ nfs-utils-1.2.8/utils/mount/nfs4mount.c
@@ -87,8 +87,9 @@ char *GSSDLCK = DEFAULT_DIR "/rpcgssd";
static int parse_sec(char *sec, int *pseudoflavour)
{
int i, num_flavour = 0;
+ char *lasts;
- for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
+ for (sec = strtok_r(sec, ":", &lasts); sec; sec = strtok_r(NULL, ":",&lasts)) {
if (num_flavour >= MAX_USER_FLAVOUR) {
nfs_error(_("%s: maximum number of security flavors "
"exceeded"), progname);
Index: nfs-utils-1.3.4/utils/gssd/gssd_proc.c
===================================================================
--- nfs-utils-1.3.4.orig/utils/gssd/gssd_proc.c
+++ nfs-utils-1.3.4/utils/gssd/gssd_proc.c
@@ -84,6 +84,7 @@
int num_krb5_enctypes = 0;
krb5_enctype *krb5_enctypes = NULL;
+static pthread_rwlock_t machine_credential_rwlock = PTHREAD_RWLOCK_INITIALIZER;
/*
* Parse the supported encryption type information
*/
@@ -533,6 +534,7 @@ krb5_use_machine_creds(struct clnt_info
uid, tgtname);
do {
+ pthread_rwlock_wrlock(&machine_credential_rwlock);
gssd_refresh_krb5_machine_credential(clp->servername, NULL,
service);
/*
@@ -545,6 +547,8 @@ krb5_use_machine_creds(struct clnt_info
clp->servername);
goto out;
}
+ pthread_rwlock_unlock(&machine_credential_rwlock);
+ pthread_rwlock_rdlock(&machine_credential_rwlock);
for (ccname = credlist; ccname && *ccname; ccname++) {
u_int min_stat;
@@ -583,9 +587,12 @@ krb5_use_machine_creds(struct clnt_info
goto out;
}
}
+ pthread_rwlock_unlock(&machine_credential_rwlock);
} while(!success);
+ return auth;
out:
+ pthread_rwlock_unlock(&machine_credential_rwlock);
return auth;
}
Index: nfs-utils-1.3.4/utils/gssd/gssd_proc.c
===================================================================
--- nfs-utils-1.3.4.orig/utils/gssd/gssd_proc.c
+++ nfs-utils-1.3.4/utils/gssd/gssd_proc.c
@@ -736,10 +736,18 @@ handle_gssd_upcall(struct clnt_upcall_in
char *target = NULL;
char *service = NULL;
char *enctypes = NULL;
+ char *upcall_str;
+ char *pbuf = info->lbuf;
printerr(2, "\n%s: '%s' (%s)\n", __func__, info->lbuf, clp->relpath);
- for (p = strtok(info->lbuf, " "); p; p = strtok(NULL, " ")) {
+ upcall_str = strdup(info->lbuf);
+ if (upcall_str == NULL) {
+ printerr(0, "ERROR: malloc failure\n");
+ goto out_nomem;
+ }
+
+ while ((p = strsep(&pbuf, " "))) {
if (!strncmp(p, "mech=", strlen("mech=")))
mech = p + strlen("mech=");
else if (!strncmp(p, "uid=", strlen("uid=")))
@@ -755,7 +763,7 @@ handle_gssd_upcall(struct clnt_upcall_in
if (!mech || strlen(mech) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to find gss mechanism name "
- "in upcall string '%s'\n", info->lbuf);
+ "in upcall string '%s'\n", upcall_str);
goto out;
}
@@ -768,7 +776,7 @@ handle_gssd_upcall(struct clnt_upcall_in
if (!uidstr) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to find uid "
- "in upcall string '%s'\n", info->lbuf);
+ "in upcall string '%s'\n", upcall_str);
goto out;
}
@@ -781,7 +789,7 @@ handle_gssd_upcall(struct clnt_upcall_in
if (target && strlen(target) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to parse target name "
- "in upcall string '%s'\n", info->lbuf);
+ "in upcall string '%s'\n", upcall_str);
goto out;
}
@@ -796,7 +804,7 @@ handle_gssd_upcall(struct clnt_upcall_in
if (service && strlen(service) < 1) {
printerr(0, "WARNING: handle_gssd_upcall: "
"failed to parse service type "
- "in upcall string '%s'\n", info->lbuf);
+ "in upcall string '%s'\n", upcall_str);
goto out;
}
@@ -809,6 +817,8 @@ handle_gssd_upcall(struct clnt_upcall_in
do_error_downcall(clp->gssd_fd, uid, -EACCES);
}
out:
+ free(upcall_str);
+out_nomem:
free(info);
return;
}
Index: nfs-utils-1.3.4/debian/nfs-utils_env.sh
===================================================================
--- nfs-utils-1.3.4.orig/debian/nfs-utils_env.sh
+++ nfs-utils-1.3.4/debian/nfs-utils_env.sh
@@ -13,12 +13,14 @@ echo RPCNFSDARGS=\"$RPCNFSDOPTS ${RPCNFS
echo RPCMOUNTDARGS=\"$RPCMOUNTDOPTS\"
echo STATDARGS=\"$STATDOPTS\"
echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
echo RPCGSSDARGS=\"$RPCGSSDARGS\"
+echo GSSDARGS=\"$RPCGSSDARGS\"
echo KRB5RCACHEDIR=\"$KRB5RCACHEDIR\"
+echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
+echo BLKMAPDARGS=\"$BLKMAPDARGS\"
} > /run/sysconfig/nfs-utils
# the following are supported by the systemd units, but not exposed in default files
-# echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
-# echo BLKMAPDARGS=\"$BLKMAPDARGS\"
# echo GSS_USE_PROXY=\"$GSS_USE_PROXY\"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment