Age | Commit message (Collapse) | Author | Files | Lines |
|
glibc reports a memory overflow when make_options_string() in snprintf()
As described by Andreas Hasenack on the autofs mailing list this is due
to my incorrect use of max_len in snprintf(), it should in fact be
max_len - <length of buffer already used>.
Anyway looking at the calculated maximum options string length there's
no actual overflow possible.
To fix this use strcat(3) instead of snprintf(), in this case there's
probably less overhead anyway. While we are at it drop the useless error
checks because we know it won't overflow.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The final @cookie parameter should be a struct berval ** type. The
check currently fails when -Werror=incompatible-pointer-types is set:
conftest.c: In function 'main':
conftest.c:54:47: error: passing argument 4 of 'ldap_parse_page_control'
from incompatible pointer type [-Werror=incompatible-pointer-types]
54 | ret = ldap_parse_page_control(ld,clp,ct,c);
| ^
| |
| struct berval *
In file included from /usr/include/lber_types.h:24,
from /usr/include/lber.h:29,
from /usr/include/ldap.h:30,
from conftest.c:45:
/usr/include/ldap.h:2155:25: note: expected 'struct berval **' but
argument is of type 'struct berval *'
2155 | ldap_parse_page_control LDAP_P((
Signed-off-by: David Disseldorp <ddiss@suse.de>
|
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Update to release 5.1.9.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Update to autoconf 2.71.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Fix autoconf usage of obselete macros.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
It shouldn't be needed, as everthing should be shutdown by the time
the cmd pipe is destroyed, but be more careful at exit anyway.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Try harder to avoid possibility of invalid accesses in master_kill().
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Fix this typo in create_cmd_pipe_fifo()
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The third parameter of ldap_parse_page_control() is a pointer so fix
the decelaration in the configure check function source.
Also regenerate configure script (under autoconf-2.69).
Fixes: fd08b1c02610 ("autofs-5.1.8 - define LDAP_DEPRECATED during LDAP
configure check")
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In recent Kerberos revisions when a TGT expires autofs will fail to
renew the ticket.
Expired creds are being pulled out of the cache and in that case the patched
version clears the cache to remove the expired creds.
If the cache is already in use, try to pull out a cred and then if that
was successful and the cred is expired, clear the cache.
So this fixes the behaviour I was seeing, since that was happening because
expired creds were being pulled out of the cache and in that case the patched
version clears the cache to remove the expired creds.
What sort of race conditions might happen here?
- If the function is called very late during the validity of a ticket, it
might expire after the decision not to clear the cache. In that case,
the behaviour is the same as the unpatched version, but this is highly
unlikely because do_kinit is not supposed to happen while there is a
valid ticket.
- If two or more threads decide to call do_kinit at about the same time:
it's protected by a mutex, so one of the calls will happen first; this
call will clear the cache and add a new ticket. When the others kick
in, the cache won't be cleared because it's only cleared if we can
find an expired ticket in the cache and any such ticket was removed
when the first do_kinit happened.
- If one thread does do_kinit while another thread is trying to do a lookup:
if the current ticket is expired then the lookup would have failed anyway;
if it's not expired then we won't clear the cache.
- If there is both an expired and a valid ticket in the cache:
this only happens if two or more do_kinits clashed and stored tickets
with different expiration times, and if the current time is between those
times. The current bug happens because krb5 cache retrieval is returning
the earliest (i.e. expired) ticket. When that's the case then do_kinit
will clear the cache because when it tests the cache it will pull the
expired cred - and it needs to do this because otherwise all lookups are
failing (that's the bug). In a case where krb5 cache retrieval returns
the valid ticket, it doesn't matter that the cache is not cleared because
any subsequent lookups will use that valid ticket.
Signed-off-by: Ian Collier <imc@cs.ox.ac.uk>
|
|
I was writing a test for this, since we plan to release an autofs
update with this fix, and noticed that a particular config stopped
working: `credentialcache` in /etc/autofs_ldap_auth.conf.
For the test I was grabbing a TGT instead of using a keytab, an
configuring autofs to use that to authenticate against an openldap
server:
<autofs_ldap_sasl_conf
usetls="no"
tlsrequired="no"
authrequired="yes"
authtype="GSSAPI"
clientprinc="ubuntu@LXD"
credentialcache="/tmp/krb5cc_0"
/>
Initially openldap was configured to accept connections authenticated
via sasl and any ssf (including 0, which is the case with autofs).
Later I would configure the openldap server to reject connections
authenticated with SASL and an ssf=0, in order to trigger the bug and
verify the fix (where autofs would be using ssf=256).
Anyway, the above was working with an unpatched autofs:
(...)
parse_ldap_config: lookup(ldap): user: (null), secret: unspecified,
client principal: ubuntu@LXD credential cache: /tmp/krb5cc_0
do_init: parse(sun): init gathered global options: (null)
do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI
sasl_do_kinit_ext_cc: using external credential cache for auth: client
principal ubuntu@LXD
sasl_do_kinit_ext_cc: external credential cache default principal ubuntu@LXD
sasl_do_kinit_ext_cc: Kerberos authentication was successful!
sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI
sasl_log_func: GSSAPI client step 1
getuser_func: called with context (nil), id 16385.
sasl_log_func: GSSAPI client step 1
getuser_func: called with context (nil), id 16385.
sasl_log_func: GSSAPI client step 2
sasl_bind_mech: sasl bind with mechanism GSSAPI succeeded
But not in the patched one:
(...)
parse_ldap_config: lookup(ldap): user: (null), secret: unspecified,
client principal: ubuntu@LXD credential cache: /tmp/krb5cc_0
do_init: parse(sun): init gathered global options: (null)
do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI
sasl_do_kinit: initializing kerberos ticket: client principal ubuntu@LXD
sasl_do_kinit: calling krb5_parse_name on client principal ubuntu@LXD
sasl_do_kinit: Using tgs name krbtgt/LXD@LXD
sasl_do_kinit: krb5_get_init_creds_keytab failed with error -1765328174
do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI
sasl_do_kinit: initializing kerberos ticket: client principal ubuntu@LXD
sasl_do_kinit: calling krb5_parse_name on client principal ubuntu@LXD
sasl_do_kinit: Using tgs name krbtgt/LXD@LXD
sasl_do_kinit: krb5_get_init_creds_keytab failed with error -1765328174
The patched version is only trying sasl_do_kinit(), instead of
sasl_do_kinit_ext_cc(). But if there's an external credential cache
configured I think sasl_do_kinit_ext_cc() needs to be called for
initialization since the code doesn't naturally call the mechanism
selection functions.
|
|
When checking if a mount location is a multi-mount after the first location
the next '-' or '/' indicates it's a multi-mount.
But the '-' can be part of a mount location and can follow a space leading
to incorrectly deciding the location is a multi-mount.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
We have had reports of GUI programs (such as Nautilus) probing for files
such as .hidden in the parent directory of the directory being accessed.
If using an indirect mount map with a wildcard map entry autofs is duty
bound to try and mount these which usually results in a mount failure but
can also cause lengthy delays in some cases.
There are some challenges to modifying application code and even if it
can be done it's always open to being broken later by developers that
aren't aware of the reasoning behind the original changes.
Now, there is a machanism in autofs that can be used to ignore certain
map entries, the "builtin map -null", see auto.master(5). Currently it
can be used only in the master map but this change extends it to be used
in indirect mount maps as well. In this way it can be used to handle
problematic entries by simply adding a map entry that uses the builtin
-null map.
For example:
.hidden -null
* someserver:/remote/home/&
This mechanism is not standard so if one is using systems other than
those with Linux autofs and central map storage, such as LDAP, then
it would be necessary to configure nsswitch to ensure the files map
source is consulted first followed by the remote map source. Then the
-null map entries included in a local file map that uses plus map
inclusion to move on the the central map source if there is no match.
For example, in /etc/auto.home we can have:
.hidden -null
+auto.home
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Commit aa6da48d1 ("autofs-5.1.7 - eliminate count_mounts() from
expire_proc_indirect()") stopped using the count_mounts() function
in indirect mount expires because it can be a significant overhead
and shouldn't be needed if the kernel expire dentry selection works
as it should.
Unfortunately there is a case where it doesn't work properly, when
a USR1 signal is sent to the automount process it is meant to expire
mounts regardless of the expire timeout. In this case if a mount has
been propagated to a mount namespace and is held busy the mount will
fail to umount and because setting the last used field of the mount
dentry doesn't prevent the mount dentry from being selected for expire
again immediately in this case automount will look continually.
The problem occurs because the the kernel doesn't know how to check
these propagated mounts for busyness and the init namespace automount
process tries to expire the mount but fails and continues trying to
expire the mount because the expire function assumes only mounts that
are not busy will be selected for expire.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
During the implementation of amd format map entry support the code
to match a cached key was modified.
Unfortunately there's a case were the key lookup behaves incorrectly.
That case is when there are included maps in the map itself and one
of the maps (usually the last) has a wildcard key entry. In this case
the wildcard key may be found during lookup but the map it blongs to
isn't checked so it can be incorrectly returned instead of a matching
entry in a subsequent included map.
Another problem case is when there's a wildcard match and a cache prune
occurs while the mount is being done. In this case the matched cache
entry that has been added is seen as stale and removed along with the
mount point directory during the prune leading to a mount fail.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There are some cases where the error return handling isn't quite right,
fix them.
Also fix a typo. in configuration file comment.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When calculating the proximity add checks for basic reachability.
If an interface doesn't have an address of the family of the target
host, or the interface address is the IPv6 link local address, or
the target host address is the IPv6 link local address then don't
add it to the list of hosts to probe.
Reported-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Cc: Goldwyn Rodrigues <rgoldwyn@suse.de>
Cc: Mike Gabriel <sunweaver@debian.org>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
While the usage isn't strickly wrong it's also not correct and it
passes compiler checks but it doesn't match the usage within the
macro it's passed to.
Change it to match the IN6_* macro definition to reduce the potential
for confusion.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
autofs can use quite a few file handles, particularly with very large
direct mount maps or many submounts as is often seen with amd maps.
So make the maximum number of open files configurable.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add an ioctl fd open helper, it simplifies the code in some areas.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's a unnecessarily complicated method used to pass the map source
to module read map and lookup mount functions. This also confuses
coverity which constantly complains about unmatched locking.
Just add a parameter to those functions to simplify it and elliminate
the coverity false positives not to mention slightly less overhead by
the lock removal.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
We often see segfaults when cleaning up resources at submount shutdown
after changes are made to resolve problems. It's always really hard to
work out what's causing these to happen.
But changing submounts to use the same final cleanup method as top level
mounts eliminates the faulting, at least in the case of the most recent
changes, hopefully this change in proceedure will continue to work.
Admitedly there's some setting of fields to NULL after freeing but that
didn't fix the problem until the procedure change was also made.
In any case the result is a consistency improvement.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Don't free the submount map entry until it's no longer used.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There shouldn't be any need to take the parent source lock at autofs mount
shutdown so don't take it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There shouldn't be any multi-mount offsets mounted within a submount
because the submount will be a nesting point and offsets will be mounted
within it when it gets mounted and expired before it's umounted.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Change to use the printf(3) functions in the amd parser rather than
string functions. These functions seem to have less overhead and they
are a little more compact.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Set the struct fields dev and ino straight after getting them with
stat() or fstat() so they can be used in cache_set_ino_index() without
being passed in.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's nothing to be gained by checking for existence of the path
here, just trust the mkdir_path() call will return the correct error
if the path exists.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There is a length field in struct mapent, use it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In do_mount_direct() a stat() call is used to check mount point
attributes but the fstat() of the ioctlfd is for the same path so
the lower overhead fstat() call can be used to do these checks as
well.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Eliminate the "root" parameter of both mount and umount of autofs mounts.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
None of the tests I have show that the realpath local variable in the
autofs submount mount function is needed, remove it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The expire proc for both direct and indirect mounts doesn't immediately
continue after seeing an autofs submount and sending it a notification.
Add the "continue" to avoid some wasted overhead.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Use the autofs_point structure thid and get rid of the copy in struct
master_mapent.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The top level lexical analyser matching of 1 and 2 arg selector
functions did not have enough context to match correctly.
This was causing it to attempt to match the selector function and its
parameter(s) against the selector function names which wasn't working.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In function master_mount_mounts() commit 635b90eccee9 checks if the
current top level mount is already running by using two things, if the
mount handling thread id is set in the autofs mount point structure and
if the mount point path is a mounted autofs file system.
But the top level master map entry for a direct mount map is the
reserved path "/-" and doesn't have an actual mount associated with it
so a mounted check can't be used. But we know that top level mounts
start in state ST_INIT and once that state is changed it never changes
back to it. So using the presence of the mount handling thread id and
the state not being ST_INIT is sufficient to know if this is a new
mount or not.
Fixes: 635b90eccee9 ("autofs-5.1.8 - fix mount tree startup reconnect")
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In sasl_do_kinit() there is a failure case that omits freeing the local
variable tgs_princ, fix it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
As Coverity points out the buffer in handle_cmd_pipe_fifo_message()
could be overflowed and end up not terminated so fix it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When reconnecting to an existing mount tree at startup trying to work
out if we created the mountpoint directory uses the parent path of the
current map entry.
But if the current map entry has no parent we should use the map entry
path.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The autofs mount point struct field submnt_count is present but not
used, remove it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Switch to use the functions previously added to allow a single
application wide command pipe to be used.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In order to use a single file handle for a command pipe the pipe needs
to be independent of the kernel message packet handling function.
Add most of the functions needed for this as preperation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Using a fifo pipe for every autofs mount to dynamically set the log
priority is expensive in terms of the number of file handles used.
It would be better to use a single file handle and locate the autofs
mount point by it's id to set the log priority.
Start by making the communication pipe send the device id as well as
the log priority to be set and use the newly added helper function
master_find_mapent_by_devid() to locate the autofs mount to change the
log priority.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a helper function that can locate an automount given its device id.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Eliminate the last remaining usage autofs mount struct state_pipe that
is used when changing state to ST_SHUTDOWN at submount exit. Ths single
usage consumes a pipe file handle pair for every autofs file system
mount.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's a mixture of usage of sigprocmask() and pthread_sigmask(), change
to use the pthread versions of this for correctness.
The only exception to this is reset_signals() which is done in a forked
process that is single threaded so it's valid to keep them as they are.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Rename function statemachine() to signal_handler() to align with what
the function actually does.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When looking for amd sections in the configuration the function to
find mount entries is not named so it is clear what it's trying to
do so change its name. Also make it static since it is called only
once in the same source file.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's a delay on expire of submounts that can be as much as the
expire timeout. This was originally an attempt to reduce re-reading
the map but it can cause very long delays on expire.
So get rid of the delay and allow submounts to expire normally.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
After adding locking to fix a crash during lookups we're seeing a
deadlock becuase of recursive calls.
But once the lookup is open we shouldn't need to open it again during
the recursive call, fix it based on that.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Since map sources are reference counted they persist beyond autofs
submounts.
Now the map source moudule lookup gets closed at submount umount and
if we are unlucky enough to be using the same map in other submounts
and a lookup is underway at the time of the umount a crash can occur.
To resolve this it's much better to just not close the lookup at
submount umount and rely on the map source free to close the module
lookup and instances when the map source is no longer referenced.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The function mount_autofs() collects the status of mounting an autofs
file system but doesn't actually return it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
This commit defines LDAP_DEPRECATED as 1 during a configure check for
ldap_parse_page_control. This is in line with how lookup_ldap.c is
compiled at build time.
The configure script is regenerated with autoconf 2.69.
The regeneration of the configure script also includes changes due to
commit 69fda4f090e3. That commit intended to run checks with implicit
function declaration warnings enabled in order to recognize missing
libldap functions. However, the in-tree copy of the configure script
was not regenerated at that time.
Signed-off-by: Arjun Shankar <arjun@redhat.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When autofs needs to wait for a sss connection the connection function
is immediately called a second time without first waiting. Adjust the
calling so that there's a wait before the next call.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
In the sss lookup module function setautomntent() a return of ENOENT
isn't handled quite right.
If ENOENT (rather than EHOSTDOWN) is returned from sss setautomntent()
we should assume the LDAP info. has been read by sss and the entry in
fact doesn't exist.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If a mount location host (or hosts) has an empty host name it has to be
a mistake so fail the automount request.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There has been a request to include some additional information when
logging mounts and umounts, specifically host and mount location path.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Fix a couple of grammer problem with the configuration setting
use_ignore_mount_option description.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When using the --dumpmaps option of automount(8) a SEGV can occur
because a thread specific data variable accessed in the code hasn't
yet been created.
There is another thread specific data variable that is accessed when
dumping the maps so it needs to be created too.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
A regression was introduced when the offset mount handling was rewritten.
It resulted in an incorrect path sometimes being used in an is_mounted()
check.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
While a '-' alone isn't strictly valid it hadn't previously cuased a
parse error. So commit 9047e91ffa69 (autofs-5.1.7 - fix concat_options()
error handling) introduced a regression by no longer allowing this.
Fix this regression by only failing if errno is set to a non-zero value
on return from concat_options() as well as returning NULL.
Fixes: 9047e91ffa69 (autofs-5.1.7 - fix concat_options() error handling)
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity has reported a memory leak in update_hosts_mounts() introduced
by the map reload deadlock fix.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When reloading maps the hosts map calls lookup method ->parse_mount()
for each multi-mount root entry in the map (each host) while holding
the cache read lock which leads to a cache lock deadlock.
Remove the need to hold the cache read lock by creating an independent
list of entries for the update so the lock doesn't need to be taken.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When starting automount(8) with a hosts map that has mounts that were
in use at the last exit a deadlock can occur.
In this case automount(8) will perform the same steps but not actually
perform the mount to re-construct the context of each mount. But, with
the hosts map, that leads to calling back into the sun parse module
while holding the map module read lock which will again try and take
the write lock.
Fix this by only taking the write lock in the mount code path if the
module handle has not already been opened.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Fix invalid access in modules/parse_amd.c:do_host_mount().
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a map source lock to serialise map setting and use of module
structure fields such as the context.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The naming used for parse module instance locks is the same as that
used for map lookup instances. Rename these to make it clear they
are being used in the parse modules.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Because of our use of a script-based map that dynamically creates
exports server-side based on user's rights, we see a regression since
commit 2f562f63a (autofs-5.1.6 - use a valid timeout in
lookup_prune_one_cache()).
Creating an option for a configurable positive_timeout, as mentioned in
the commit comment, would solve this problem for us.
We use autofs to mount these filesystems on the fly, using a map based
on a script which checks that the user is granted, and which asks for
the creation of the appropriate export file on the corresponding NFS
server.
When the reservation is done, we signal the node's automount daemon
using the USR1 and HUP signals in order to forget what was automounted
by the user (as compute nodes may be shared by different users, we want
to ensure that the previously mounted resource is no more in the
running configuration).
For this to work, our granting access script must be called each time a
user request to access a mounted point. But since the commit [2f562f63a]
introducing the positive timeout, when a user tries to access a mounted
point, the cache is used if a another user used the same mounted point
within the positive timeout timeframe (120s).
So we need a way to disable the cache to be sure that our granting script
is called. It can be done for the NEGATIVE_TIMEOUT but not yet for the
POSITIVE_TIMEOUT.
Signed-off-by: Alexandre Merlin <alexandre.merlin@inria.fr>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
SASL mechanism auto-selection using ldap_sasl_interactive_bind() is tricky.
The behaviour and the required information depend not only on the capabilities
of Cyrus SASL on the client machine but also on supportedSASLmechanisms on the
LDAP server. The latter information will be requested by libldap during SASL
mechanism negotiation. Current OpenLDAP libldap implementation is to prefer
user credential based SCRAM-* mechanisms on token based GSSAPI. Only exception
are SASL bind requests to servers, e. g. Active Directory domain controllers,
that have disabled all SASL mechanisms, which rely on user credential transfer
between client and directory server.
Current autofs implementation fetches user credential information from LDAP
authentication configuration file for LDAP simple binds or if users explicitly
specify a user credential based authentication mechanism (authtype).
This patch makes specification of user credentials mandatory for SASL mechanism
auto-detection using ldap_sasl_interactive_bind(). Users can then omit SASL
authtype specification and automount will auto-select the best suited user
credential based SASL mechanism supported by client and LDAP server.
If authtype="GSSAPI" is specified together with authrequired="autodetect"
automount will obtain a Kerberos ticket-granting ticket and bind to all Active
Directory servers or use the specified user credentials to bind to all other
LDAP servers that also support user credential based SASL mechanisms.
The patch is backward compatible to implementations that use autofs function
sasl_choose_mech(). The strategy of this function is to force users to specify
the SASL mechanism (authtype) if user credentials shall be used for SASL binding
and only perform auto-selection for server supported mechanisms, which are not
based on user credentials.
Signed-off-by: Thomas Reim <reimth@gmail.com>
|
|
In general, automount users that apply SASL binding for authentication are
free to use any SASL mechanism supported by the underlying SASL library.
automounter does not check the specified mechanism and transparently
forwards the information to SASL or LDAP.
Most directory services now support the more secure Salted Challenge
Response Authentication Mechanismis (SCRAM) for SASL binding (RFC 5802).
But automount users cannot request use of SCRAM, as automount does not
read user and password credentials for SCRAM mechanisms.
This patch enables SCRAM-SHA-1 and other SCRAM-SHA mechanisms
(if supported by SASL library).
Signed-off-by: Thomas Reim <reimth@gmail.com>
|
|
When using the --dumpmaps option of automount(8) a SEGV can occur
because a thread specific data variable accessed in the code hasn't
yet been created.
The thread specific data doesn't need to be set to list the maps
so we can create the key and rely on pthread_getspecific() returning
NULL when the value hasn't been set as this case is handled correctly.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Current logging of LDAP map lookups in verbose mode is not very
comprehensive. It's not clear for what purpose connections to the LDAP
directory are made as the only result that will be reported is the autofs
mount point creation.
Inform users about the intention of the LDAP directory access in verbose
mode.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Cyrus SASL library is known for useless error notifications of internal
events that can and will be easily handled by the applications. By default
automounter provides a logging callback to the SASL library, which displays
annoying SASL error messages to users for internal library issues that do
not harm SASL authentication operation.
OpenLDAP only provides a logging callback to SASL library for its server
application. Client side applications won't see any internal SASL
notifcations.
Choose a compromise and provide SASL internal logging messages only if user
requests debug logging mode.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
automounter only provides very limited debug information when binding
using Cyrus SASL. LDAP based directory services currently all increase
communication security, which makes it difficult for system administrators
to find the root cause of failed authentication binds.
Log Cyrus SASL binding parameters and result.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
automounter only provides very limited debug information when binding
using OpenLDAP. LDAP based directory services currently all increase
communication security, which makes it difficult for system administrators
to find the root cause of failed authentication binds.
Allow users to switch on and configure debug logging for OpenLDAP client
used by automount.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Wrong CFLAGS: gcc handles implicit function declaration as warning with current
flag settings. Missing functions in libldap will not be identified.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
From: Thomas Reim <reimth@gmail.com>
Cyrus SASL supports data encryption in GSSAPI (with Kerberos V) mode using an
SASL data security layer according to IETF RFC 2078. This security layer
provides for traffic encryption during authentication and authorization towards
an OpenLDAP based server and for subsequent encryption of data traffic for the
LDAP session. Current automounter does not implement SASL security layer
encryption and only relies on TLS to protect LDAP communication.
OpenLDAP libldap if compiled with Cyrus SASL supports negotiation of an SASL
data security layer based encryption of LDAP traffic. libldap also provides
automatic negotiation of the best suited SASL mechanism taking into account
application required defaults.
Since version 4.4 Samba AD domain controllers default settings only allow for
simple SASL binds over TLS encrypted connections or SASL binds with sign or
seal, i. e. data security layer encryption, over unencrypted connections.
Therefore, current automounter cannot fetch autofs maps from Samba AD DCs
using SASL anymore without setting Samba configuration parameter "ldap server
require strong auth" to "no" or "allow_sasl_over_tls".
This patch updates automounter to let OpenLDAP and Cyrus SASL handle SASL
binding and traffic security configuration. Proposed changes are backward
compatible for clients that use LDAP libaries different from LDAP. When using
SASL mechanism GSSAPI or simple authentication with TLS encryption automounter
seamlessly interworks with latest Samba AD DCs.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
autofs prefers OpenLDAP as LDAP client library and Cyrus as SASL library.
OpenLDAP also uses Cyrus SASL and is fully capable of providing SASL
authentication and binding to clients. OpenLDAP SASL interface is actively
maintained and provides latest security features, e. g. SASL data security
layer.
It does not make much sense to implement and use an own SASL interface in
autofs if OpenLDAP is used, which already has a powerful SASL implementation.
Prepare conditional compilation for use of OpenLDAP for SASL authentication
and binding.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Heavily modified LIBS and CFLAGS harm succeeding configure checks
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's no locking used for null cache access in mount_autofs_direct().
And in master_mount_mounts() an entry could be deleted holding the read
lock only.
Also in each of these cases an unnecessary cache_partial_match() is
done.
In do_readmap() the null cache read lock is taken but it is only needed
for a short time in do_readmap_mount() where an entry could be deleted.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
fix it.
Signed-off-by: James Dingwall <james-autofs@dingwall.me.uk>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The function innetgr(3) may not be present in musl libc, add a check
for this.
Originally contributed by Fabian, modified by me.
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Update generated configure with autoconf and autoheader.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If using musl libc the XSI-compliant variant strerror_r() which returns
an integer instead of a pointer so add a helper function to handle this
case.
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Copy the definition from glibc. Fixes build failures like:
```
automount.c:280:35: error: '__SWORD_TYPE' undeclared (first use in this function)
280 | if (fs.f_type != (__SWORD_TYPE) AUTOFS_SUPER_MAGIC) {
| ^~~~~~~~~~~~
automount.c:280:35: note: each undeclared identifier is reported only once for each function it appears in
automount.c:280:48: error: expected ')' before numeric constant
280 | if (fs.f_type != (__SWORD_TYPE) AUTOFS_SUPER_MAGIC) {
| ~ ^
| )
```
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Fixes build failures on musl like:
```
../include/log.h:49:8: error: unknown type name 'pid_t'
49 | extern pid_t log_pidinfo(struct autofs_point *ap, pid_t pid, char *label);
| ^~~~~
../include/log.h:49:51: error: unknown type name 'pid_t'; did you mean 'gid_t'?
49 | extern pid_t log_pidinfo(struct autofs_point *ap, pid_t pid, char *label);
| ^~~~~
| gid_t
```
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Fixes build failure on musl like:
```
../include/hash.h:22:2: error: #error Wordsize not 32 or 64
22 | #error Wordsize not 32 or 64
| ^~~~~
```
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
On musl, _PATH_NSSWITCH_CONF won't be defined (it doesn't support NSS),
so let's give it a dummy path when it's not defined by glibc.
Fixes build failures like:
```
../include/nsswitch.h:27:23: error: '_PATH_NSSWITCH_CONF' undeclared (first use in this function)
27 | #define NSSWITCH_FILE _PATH_NSSWITCH_CONF
| ^~~~~~~~~~~~~~~~~~~
```
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Fixes a build failure with the musl libc:
```
../include/hash.h:74:8: error: unknown type name '__always_inline'
74 | static __always_inline uint32_t hash_64(uint64_t val, unsigned int bits)
| ^~~~~~~~~~~~~~~
```
We need to include stddef.h from linux-headers to ensure _always_inline
is always defined.
Bug: https://bugs.gentoo.org/828918
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
configure scripts need to work with a POSIX-compliant shell,
so let's not use a bashism here.
```
checking for res_query in -lresolv... yes
checking for libhesiod... no
./configure: 4880: test: 0: unexpected operator
checking how to run the C preprocessor... gcc -E
```
Tested-by: Yixun Lan <dlan@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
The initgroups(3) function isn't safe to use between fork() and
exec() in a threaded program.
Using it this way often leads to a hang for even moderate work
loads.
But the getgrouplist()/setgroups() combination can be used safely
in this case and this patch changes autofs to use these (the safety
of using of setgroups() is yet to to be documented).
A large portion of the work on this patch has been contributed
by Roberto Bergantinos <rbergant@redhat.com>.
Reported-by: Roberto Bergantinos <rbergant@redhat.com>
Fixes: 6343a3292020 ("autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn()")
Signed-off-by: Roberto Bergantinos <rbergant@redhat.com>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Commit 0210535df4b ("autofs-5.1.0 - gaurd against incorrect umount
return") guards against umount_ent() returning a fail when the mount
has actually been umounted.
But we also see umount_ent() return success when in fact the mount has
not been umounted leading to incorrect handling of automounts.
So checking the return of umount_ent() isn't always giving the correct
result in more than just one case, consequently we should ignore the
result from the spawned umount(8) and check if the mount has in fact
been umounted.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The nonstrict parameter of tree_mapent_umount_offsets() ins't useful
because if a real mount at the base of a sub-tree fails to umount all
we can do is re-instate the offset mounts under it which must succeed
for the mount tree to remain useful.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The sysconf(3) return handling doesn't handle a -1 return with errno
not changed which indicated a maximum or minimum limit that's not
known.
Add handling of this case.
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
key_thread_attempt_id
Don't call pthread_getspecific() if key_thread_attempt_id is NULL in
case the pthread_getspecific() implementation doesn't check for this.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Converting xdr_exports() to not be recursive introduced a memory leak
if an error is encountered, fix it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The key field of the map entry of the root of the map entry tree to be
deleted can't be used for the key parameter, fix it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If a map entry is being added to an existing hash chain there's an
unneccessarily complicted setting of ->next of the last entry.
Just initialize the map entry ->next field instead and remove the
confusing assignment.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when
setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only
mounts to also use rpcbind to probe availability which breaks the
requirememt that this type of mount not use rpcbind at all.
Fix this by treating fstype=nfs4 mounts as a special case which doesn't
use rpcbind.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If there's a system error (eg. oversize packet received) just give up
since redoing the call would likely end up with the same error.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
To avoid reading memory outside of the the string
allocated for parent, tail needs to stop when it
reaches or passes parent, even if it doesn't
actually equal parent.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
|
|
If we encounter a duplicate host export entry don't fail, just ignore
it and return the duplicate.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When mounting a list of multi-mount offsets the offset mount should
succeed even if there's a mount failure for the non-strict case (the
default).
But currently if the last offset mount fails the multi-mount fails
regardless of whether the mount is non-strict or not.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The change to fix root offset error handlling is missing a cache read
lock prior to the key lookup, the following unmatched unlock then
causes a hang.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If mounting the root or offsets of a multi-mount root fails any mounts
done so far need to be umounted and the multi-mount offset tree deleted
so it can be created cleanly and possibly mounted the next time it's
triggered.
Also, if a subtree that is not the multi-mount root fails the expire
alarm needs to be re-instated so other subtrees (at least the root)
will continue to expire.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add error message reporting to the descriptor open functions.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The check of whether the open file limit needs to be changed is not
right, it checks the hard open file limit against what autofs wants
to set it to which is always less than this value. Consequently the
open file limit isn't changed.
autofs should be changing only the soft open file limit but it is
setting both the hard and soft limits. The system hard limit is much
higer than the autofs maximum open files so the hard limit should be
left alone.
While we are here increase the requested maximum soft open file limit
to 20k.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Dynamic executables should be compiled with -fPIE and linked with -pie.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The status return for attempted mount notification is not done
correctly in some cases leading to a status being sent to the
kernel multiple times or the send causing an error.
We must send a status to the kernel but it needs to be the correct
one. It definitely shouldn't be sent twice for the same mount attempt
and shouldn't be failing.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
|
|
Set the NFS service port to the default (2049) only if tcp protocol is
being used and not alternate port has been given.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Make getting a portmap client and getting a service port from portmap
helper functions and simplify the return handling.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Several of the NFS connection macros have the same value so that they
can be used as internal code documentation of what is being done.
Adjust the protocol macro naming to be consistent in a few places.
Also make sure the correct flags are set for the function they indicate.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
|
|
This buffer was originally added because a SEGV was seen accessing
the ap->path field on shutdown.
But this was actually caused by calling master_remove_mapent() too
early which adds the map entry to the master map join list that leads
to freeing the autofs_point (ap in the code) which also frees ap->path.
But the master map join list is protected by the master map mutex which
is held until after all the accesses are completed. So whatever the
problem was it doesn't appear to be present any more.
Nevertheless, to be sure, delay the call to master_remove_mapent() until
after all accesses to ap->path are completed.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a length check before copying the incoming path string to the work
buffer.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add some checks for buffer overflow to the master map parser.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a source length check before copying to a work buffer in
umount_autofs_indirect().
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Since direct mount expire requests from the kernel need to look up their
map entry and copy the path to a request processing struct fix length
char array the copy length should be checked.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The lookup key used in match_key() should not be NULL.
A check for a malloc() failure of the lookup key is missing in one of
the two cases in match_key() so add it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
autofs uses PTHREAD_STACK_MIN to set the stack size for threads it
creates.
In two cases it is used to reduce the stack size for long running
service threads while it's used to allocate a larger stack for worker
threads that can have larger memory requirements.
In recent glibc releases PTHREAD_STACK_MIN is no longer a constant
which can lead to unexpectedly different stack sizes on different
architectures and the autofs assumption it's a constant causes a
compile failure.
The need to alter the stack size was due to observed stack overflow
which was thought to be due the thread stack being too small for autofs
and glibc alloca(3) usage.
Quite a bit of that alloca(3) usage has been eliminated from autofs now,
particularly those that might be allocating largish amounts of storage,
and there has been a lot of change in glibc too so using the thread
default stack should be ok.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Quite a bit of the alloca(3) usage has been eliminated over time.
Use malloc(3) for some more cases that might need to allocate a largish
amount of storage.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's a possibility of a memory leak in the mount options processing
when calling concat_options() in parse_mount() of the Sun format map
entry parsing.
There's also a case in do_init() of the Sun map format parsing where
a previously freed value is used in a logging statement without being
set to MULL.
So ensure concat_options() always frees it's arguments so that the
handling can be consistent in all places.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If a triggered offset mount fails automount is not handling nonstrict
mount failure correctly.
The nonstrict mount failure handling needs to convert an offset mount
failure to a success if the offset subtree below the failed mount is not
empty otherwise it must return the failure. The previous implementation
used -1 to indicate the subtree was empty and that was used to detect
when the mount should fail instead of converting the fail to a success.
Make the new implementation do the same.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The description of how the -null master map option behaves is
mising from auto.master(5).
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When umounting direct mounts at exit or when umounting mounts no
longer in the map on re-load a deadlock can occur.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Map entry offset paths need to be in shortest to longest order but
exports from a server could come in any order. If there are a large
number of exports this can result in a lot of overhead when adding
the offset to the ordered list used to mount the offset during parsing
since the path length of exports can vary a lot.
So leverage the tree implemention to sort the export offsets into
shortest to longest order as we go when constructing the mapent from
the exports list.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Since we need to create the offset tree after adding the offset entries
to the mapent cache (from a list.h list) there's no need to lookup the
mapent in tree_mapent_add_node() and validate it. Just use it directly
when calling tree_mapent_add_node() and avoid a cache lookup on every
node addition.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Since we need to create the offset tree after adding the offset entries
to the mapent cache lookup the root mapent once and use it when calling
tree_mapent_add_node() instread of doing a cache lookup on every node
addition.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
While it's rare it's possible that a mapent entry might not have
it's offsets in shortest to longest path order.
If this happens adding an entry to the mapent tree can result in
an incorrect tree topology that doesn't work. That's because adding
tree entries ensures that nodes in a sub-tree are placed below the
containing node so the containing node must be present for that to
work. This topology is critical to the performance of map entries
that have a very large number of offsets such as an NFS server with
many exports.
There's no other choice but make a traversal after the offset entries
have all been added to create the mapent tree.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When swicthing to use the mnt_list to track mounts for expire, if the
amd hosts map entry name is for the host short name, the amd mount
entry for the short name gets removed. This causes a subsequent mounts
for host exports to fail.
What should happen is the short name amd entry not be removed and a
mounted mount entry for the symlinked FQDN mount added so it expires.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Commit 256963d6b (autofs-5.1.7 - refactor lookup_prune_one_cache() a bit)
changed the position of the getting the next enumeration map entry but
failed to update a couple of other locations that assume the next map
entry has been set. Under certain fairly common conditions this leads
to an infinite loop.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Using an ioctl (AUTOFS_DEV_IOCTL_CLOSEMOUNT) to close an autofs mount
file handle can race with copy_to_user() so the file handle needs to
be closed using close(2) instead.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
If NIS support is not available a dangling symlink is created pointing
from lookup_nis.so to (a non-existent) lookup_yp.so.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Master map section mounts (amd format mounts) get umounted on reload.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: check_return: Calling "pthread_mutex_lock" without checking
return value.
Well, I use helpers to do this in many places so can't really disagree.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: var_deref_model: Passing null pointer "tree" to
"tree_traverse_inorder", which dereferences it.
This obviously can't happen but deal with it anyway to quiet Coverity.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: use: Using an unreliable value of "me" inside the second locked
section.
Change lookup_prune_one_cache() a little, move the location the next
key is set (before releasing the lock) and add a comment explaining
why we don't care about the side effects of the read lock release/
write lock aquire/write lock release/read lock reaquire.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity:
in parse_mapent(): double_free: Calling "free" frees pointer "newopt"
which has already been freed.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Covarity: missing_unlock: Returning without unlocking "mc->rwlock".
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: extra_argument: This argument was not used by the format
string: "key".
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: dead_error_line: Execution cannot reach this statement: "free(mp);".
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
master_add_amd_mount_section_mounts()
Coverity: missing_lock: Accessing "entry->current" without holding lock
"master_mapent.current_mutex".
This is initialization not clearing current source. But the field has
already been initialized in the master_new_mapent() call.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: Calling function "umount" that uses "me->key" after a check
function. This can cause a time-of-check, time-of-use race
condition.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: operator_confusion: "ap->flags | 1" is always 1/true
regardless of the values of its operand.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: fixed_size_dest: You might overrun the 4097-character
fixed-size string "key" by copying "me->key" without
checking the length.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: double_unlock: "cache_unlock" unlocks "mc->rwlock" while it
is unlocked.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: leaked_storage: Variable "ext_mp" going out of scope leaks
the storage it points to.
Same applies to the other duped fields destined for the mnt_list struct.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: Overwriting "path" in "path = master_strdup(yyvsp[-1].strtype)"
leaks the storage that "path" points to.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: identical code in if condition branches.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Coverity: error[doubleFree]: Memory pointed to by 'root' is freed twice
No it's not, but root isn't freed before the fatal call which crashes
automount so add a free() before the fatal() call.
It appears Coverity doesn't recognise pthread_exit() as an exit condition.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Fix complier warning about unused variable entry in get_exports().
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The mounts_mutex is no longer used, remove it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Offsets need to have a mount location, check for it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Move the amd mounts removal from master_free_autofs_point() into
lib/mounts.c along with the rest of the amd mount handling.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
This function is not used anywhere now, remove it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The length of root may already be known, add a parameter to allow
passing it to mount_fullpath() so a strlen() call can be avoided.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
mount_fullpath() is meant to be used for this type of path construction
so use it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The local variable mountpoint in sun_mount() is set directly from a
passed in parameter and never changed and the source isn't changed
either, so use the variable directly.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Remove the code that's no longer used due to the tree mapent
implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Change to use the tree mapent implementation for the handling
of offset mounts.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add tree_mapent_mount_offsets() and tree_mapent_umount_offsets() to
the mapent tree handling implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add tree mapent support function set_offset_tree_catatonic().
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add function tree_mapent_cleanup_offsets() to the mapent tree handling
implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
mount_fullpath() incorrecly fills fullpath with the contents of root
when name[0] == '/'. The cases root[last] == '/' and name[0] == '/'
need to be handled seperately.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add function tree_mapent_traverse_subtree() that enumerates offsets from
a given base node bounded by subtree nesting points.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add function tree_mapent_delete_offsets() to the mapent tree handling
implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add function tree_mapent_add_node() to the mapent tree handling
implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a struct mapent basic tree implementation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Generalise the tree implementation so that it's independent of the
data structure that's used.
Do this by refactoring it into core tree functions and functions
specific to the data structure to be used so that different data
structures can be used when needed by adding an implementation for
the data structure specific functions.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add a path length field to struct autofs_point since the path length
is needed at various times avoiding additional strlen() calls.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Remove debugging functions cache_dump_multi() and cache_dump_cache()
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Add convienience macros IS_MM() to check is a mapent is part of a
multi-mount, IS_MM_ROOT() to check if a mapent is the root of a
multi-mount tree and MM_ROOT() to return the multi-mount root mapent.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Rename the tree struct and functions to make them consistent.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The root parameter of do_mount_autofs_offset() is used only in a
debug log message. It doesn't really add any value to debugging
so remove it.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Rename local variable from path to m_offset in update_offset_entry() to
make the meaning of this variable clear.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There's no reason to use local function storage for the passed in key
just use the given key.
Also, if there's no hash array entry for the key then there's no cache
entry so don't return a fail for this case.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Some time ago I had to wait and retry umount() for autofs mounts
becuase I found EBUSY would be returned for a time after the call
causing false negative umount returns.
I think that problem has been resolved but removing the retry is
probably a little risky.
But the wait time is quite long at one fifth of a second so reduce
that to one twentieth of a second and increase the retries to make
it more resposive.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Multi-mount offset mounts are added to the mounted mounts table whether
they have a real mount or not. If there are a large number of offsets
this can add unnecessary overhead to the mounted mounts table processing.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
There are a number of places where strlen() is used to re-calculate
the length of a string. Eliminate some of those by calculating the
length once and passing it to the functions that do the re-calculation.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The count_mounts() function traverses the directory tree under a given
automount in order to count the number of mounts.
If there are many directories (such as when there is a very large
number of offset trigger mounts) this can take a long time.
Eliminate the call in expire_proc_indirect() by changing the expire
ioctl function to better use the expire return from the kernel.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When fixing the locking in parse_mount() it was evident that there was
no real benefit of having an additional lock for the offset list so its
use was eliminated.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Some map entry cache locking inconsistencies have crept in.
In parse_mount() of the sun format parser the cache read lock is too
heavily used and has too broad a scope. This has lead to some operations
that should hold the write lock being called with only the read lock.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Pass mapent_cache to update_offset_entry() rather than use the wait/signal
mechanism, it isn't needed here.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When there are no mounts left in a subtree of offset mounts the offset
list is deleted. If all goes well deleting the list this shouldn't cause
a positive return from umount_subtree_mounts() (essentially saying that
the umount of the subtree has not succeeded).
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Some map entry cache locking inconsistencies have crept in.
In umount_subtree_mounts() the cache write lock should be held when
deleting multi-mount cache entries.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The mnts_get_expire_list() function is supposed to return an ordered
list of expire candidates but it is not checking the mounted status
of list entries and is returning a larger list than is needed.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The check of the return from sun_mount() following the possible mount
of the root offset in mount_subtree() can be simpler.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Eliminate clean_stale_multi_triggers() by checking for stale offsets at
the time mount_subtree() is called.
This should result in the same behaviour but eliminate an additional
seperate traversal of the offset list.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Refactor umount_multi_triggers() to try the umount of an offset subtree
in a seperate function.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The offset parameter of do_mount_autofs_offset() isn't used.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The path to be mounted is the key in the passed in mapent.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Avoid the list traversal in cache_set_parents() by setting the
offset parent when updating the offset.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
Eliminate the list traversal from get_parent() and rename it to
get_offset_parent() to better describe it's usage.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
When checking if a path is a mount point the case of a non-existent path
was not being handled.
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
The function cache_lookup_offset() will do a linear search when
looking for an offset. If the number of offsets is large this
can be a lot of overhead.
But it's possible to use the information already present where
this is called to to do a hashed lookup instead.
Signed-off-by: Ian Kent <raven@themaw.net>
|