[PATCH 00/35] Current autofs patch queue (lets try again)

[PATCH 00/35] Current autofs patch queue (lets try again)

[Ian Kent]

Unfortunately I didn't get to commit the series I posted on the 2nd of August
so lets try again.

I'm hoping to commit these in the next few days and, because of a couple
of regressions introduced in 5.1.3, and I'm still keen to release 5.1.4.

---

Ian Kent (33):
      autofs-5.1.3 - fix spec file url
      autofs-5.1.3 - fix unset tsd group name handling
      autofs-5.1.3 - remove some redundant rpc library code
      autofs-5.1.3 - add port parameter to rpc_ping()
      autofs-5.1.3 - dont probe NFSv2 by default
      autofs-5.1.3 - add version parameter to rpc_ping()
      autofs-5.1.3 - fix typo in autofs config file comments
      autofs-5.1.3 - fix typos in autofs man pages
      autofs-5.1.3 - fix incorrect status return in get_nfs_info()
      autofs-5.1.3 - fix a couple of compiler warnings
      autofs-5.1.3 - set systemd KillMode to process
      autofs-5.1.3 - fix mount.nfs blocks on first mount
      autofs-5.1.3 - fix some man page problems
      autofs-5.1.3 - add some more debug logging to get_nfs_info()
      autofs-5.1.3 - add some more debug logging to get_supported_ver_and_cost()
      autofs-5.1.3 - fix ipv6 proto option handling
      autofs-5.1.3 - also check flag file exe name
      autofs-5.1.3 - fix possible map instance memory leak
      autofs-5.1.3 - check map instances for staleness on map update
      autofs-5.1.3 - allow dot in OPTIONSTR value lexer pattern
      autofs-5.1.3 - fix autofs_use_lofs description
      autofs-5.1.3 - fix amd parser error buffer size
      autofs-5.1.3 - make spawn_bind_mount() use mount_wait as well
      autofs-5.1.3 - document ghost option in auto.master man page
      autofs-5.1.3 - only take master map mutex for master map update
      autofs-5.1.3 - revert fix argc off by one in mount_autofs.c
      autofs-5.1.3 - fix nisplus lookup init not configured check
      autofs-5.1.3 - make open_lookup() error handling more consistent
      autofs-5.1.3 - be silent about sss library not found
      autofs-5.1.3 - be silent about nis domain not set
      autofs-5.1.3 - make map source reference message debug only
      autofs-5.1.3 - improve description of mount_nfs_default_protocol
      autofs-5.1.3 - port option should not behave like nobind option

NeilBrown (1):
      autofs-5.1.3 - Add -c option when calling /bin/umount - if supported.

Waldemar Brodkorb (1):
      autofs-5.1.3 - use pkg-config to search for libtirpc to fix cross-compilation


 CHANGELOG                      |   39 ++++
 Makefile.conf.in               |    3 
 Makefile.rules                 |    2 
 aclocal.m4                     |   66 ++-----
 autofs.spec                    |    2 
 configure                      |  362 +++++++++++++++++++++++++++++++++-------
 configure.in                   |   30 +++
 daemon/flag.c                  |   35 ++++
 daemon/lookup.c                |   11 +
 daemon/module.c                |   14 +-
 daemon/spawn.c                 |   46 ++++-
 daemon/state.c                 |    5 -
 include/config.h.in            |    3 
 include/master.h               |    1 
 include/replicated.h           |    4 
 include/rpc_subs.h             |    3 
 lib/macros.c                   |    8 +
 lib/master.c                   |   49 ++++-
 lib/master_tok.l               |    4 
 lib/mounts.c                   |    1 
 lib/parse_subs.c               |    2 
 lib/rpc_subs.c                 |  171 ++++++-------------
 man/auto.master.5.in           |   13 +
 man/autofs.5                   |    6 -
 man/autofs.8.in                |    8 -
 man/autofs.conf.5.in           |   15 +-
 man/autofs_ldap_auth.conf.5.in |    2 
 man/automount.8                |    4 
 modules/amd_parse.y            |    2 
 modules/base64.c               |    2 
 modules/lookup_file.c          |    4 
 modules/lookup_hesiod.c        |    3 
 modules/lookup_nisplus.c       |    3 
 modules/lookup_sss.c           |    4 
 modules/lookup_yp.c            |    2 
 modules/mount_autofs.c         |    8 -
 modules/mount_nfs.c            |   30 ++-
 modules/replicated.c           |   79 ++++++++-
 redhat/autofs.conf.default.in  |   13 +
 samples/autofs.conf.default.in |   13 +
 samples/autofs.service.in      |    3 
 41 files changed, 712 insertions(+), 363 deletions(-)

--
Ian
--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 01/35] autofs-5.1.3 - fix spec file url

[Ian Kent]

The host ftp.kernel.org is no longer available, fix it.
And fix 5.1.3 release date year in CHANGLOG (oops!).

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG   |    5 ++++-
 autofs.spec |    2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index f999eed4..e796fb36 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,7 @@
-24/05/2016 autofs-5.1.3
+xx/xx/2017 autofs-5.1.4
+- fix spec file url.
+
+24/05/2017 autofs-5.1.3
 =======================
 - fix release date in CHANGELOG.
 - build: check for clock_gettime in librt.
diff --git a/autofs.spec b/autofs.spec
index c40fc9f3..591ffbaa 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -24,7 +24,7 @@ Version: %{version}
 Release: %{release}
 License: GPL
 Group: System Environment/Daemons
-Source: ftp://ftp.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}.tar.gz
+Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}.tar.gz
 Buildroot: %{_tmppath}/%{name}-tmp
 %if %{with_systemd}
 BuildRequires: systemd-units

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 02/35] autofs-5.1.3 - fix unset tsd group name handling

[Ian Kent]

Commit 1a64a6bbc5 changed set_tsd_user_vars() to set thread specific
values even if the group name could not be obtained.

But the structure holding the values was not initialized on allocation
so the group field might not be NULL when no group name is available.

Also the macro addition and removal functions didn't properly handle a
macro value of NULL.

Signed-off-by: Ian Kent <raven@themaw.net>
Reported-by: Donald Buczek <buczek@molgen.mpg.de>
---
 CHANGELOG    |    1 +
 lib/macros.c |    8 +++++---
 lib/mounts.c |    1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index e796fb36..8d79bd60 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
 xx/xx/2017 autofs-5.1.4
 - fix spec file url.
+- fix unset tsd group name handling.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/lib/macros.c b/lib/macros.c
index ff9ba899..dfdca857 100644
--- a/lib/macros.c
+++ b/lib/macros.c
@@ -281,18 +281,20 @@ macro_addvar(struct substvar *table, const char *str, int len, const char *value
 	}
 
 	if (lv) {
-		char *this = malloc(strlen(value) + 1);
+		const char *val = value ? value : "";
+		char *this = malloc(strlen(val) + 1);
 		if (!this) {
 			lv = table;
 			goto done;
 		}
-		strcpy(this, value);
+		strcpy(this, val);
 		free(lv->val);
 		lv->val = this;
 		if (lv != table)
 			lv = table;
 	} else {
 		struct substvar *new;
+		const char *this = value ? value : "";
 		char *def, *val;
 
 		def = strdup(str);
@@ -302,7 +304,7 @@ macro_addvar(struct substvar *table, const char *str, int len, const char *value
 		}
 		def[len] = '\0';
 
-		val = strdup(value);
+		val = strdup(this);
 		if (!val) {
 			lv = table;
 			free(def);
diff --git a/lib/mounts.c b/lib/mounts.c
index ce6a60a7..0b38bd86 100644
--- a/lib/mounts.c
+++ b/lib/mounts.c
@@ -1463,6 +1463,7 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid)
 		error(logopt, "failed alloc tsv storage");
 		return;
 	}
+	memset(tsv, 0, sizeof(struct thread_stdenv_vars));
 
 	tsv->uid = uid;
 	tsv->gid = gid;

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 03/35] autofs-5.1.3 - Add -c option when calling /bin/umount - if supported.

[Ian Kent]

From: NeilBrown <neilb@suse.com>

The "-c" option has been supported by umount since util-linux 2.17.

It tells umount that the path name is "canonical", meaning no symlinks
or ".." etc.

This is appropriate for autofs to use as it always uses canonical path
names. The advantage of "-c" is that it means umount doesn't need to
'lstat()' the path so much.

From util-linux 2.30, umount doesn't lstat the path at all when "-c"
is passed. This is particularly beneficial when unmounting an NFS
filesystem for which the server is no reachable. In that case an
'lstat()' will hang, but the umount(2) can succeed.

So check if "-c" is supported, and if so, use it.
Prior to 2.30 this doesn't help much, but doesn't hurt.
After 2.30 (and a similar small change to nfs-utils), "-c" will mean
that unmounting NFS filesystems will not hang.

Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 aclocal.m4          |   18 ++++++++++++++++++
 configure           |   33 +++++++++++++++++++++++++++++++++
 configure.in        |   14 ++++++++++++++
 daemon/spawn.c      |   23 +++++++++++++++--------
 include/config.h.in |    3 +++
 6 files changed, 84 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8d79bd60..91225cf0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 xx/xx/2017 autofs-5.1.4
 - fix spec file url.
 - fix unset tsd group name handling.
+- Add -c option when calling /bin/umount - if supported.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/aclocal.m4 b/aclocal.m4
index 00811e08..40e1ee97 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -73,6 +73,24 @@ AC_DEFUN(AF_SLOPPY_MOUNT,
   fi
 fi])
 
+dnl --------------------------------------------------------------------------
+dnl AF_NO_CANON_UMOUNT
+dnl
+dnl Check to see if umount(8) supports the no-canonicalize (-c) option, and define
+dnl the cpp variable HAVE_NO_CANON_UMOUNT if so.  This requires that UMOUNT is
+dnl already defined by a call to AF_PATH_INCLUDE or AC_PATH_PROGS.
+dnl --------------------------------------------------------------------------
+AC_DEFUN(AF_NO_CANON_UMOUNT,
+[if test -n "$UMOUNT" ; then
+  AC_MSG_CHECKING([if umount accepts the -c option])
+  if "$UMOUNT" -h 2>&1 | grep -e '-c.*--no-canonicalize' > /dev/null 2>&1 ; then
+    enable_no_canon_umount=yes
+    AC_MSG_RESULT(yes)
+  else
+    AC_MSG_RESULT(no)
+  fi
+fi])
+
 
 dnl --------------------------------------------------------------------------
 dnl AF_LINUX_PROCFS
diff --git a/configure b/configure
index 10f907e3..9ba26707 100755
--- a/configure
+++ b/configure
@@ -737,6 +737,7 @@ with_flagdir
 with_libtirpc
 with_dmalloc
 enable_sloppy_mount
+enable_no_canon_umount
 with_hesiod
 with_openldap
 with_sasl
@@ -1363,6 +1364,7 @@ Optional Features:
   --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --enable-sloppy-mount         enable the use of the -s option to mount
+  --enable-no-canon-umount         enable the use of the -c option to umount
   --disable-ext-env	        disable search in environment for substitution variable
   --disable-mount-locking       disable use of locking when spawning mount command
   --enable-force-shutdown       enable USR1 signal to force unlink umount of any
@@ -3993,6 +3995,37 @@ $as_echo "#define HAVE_SLOPPY_MOUNT 1" >>confdefs.h
 
 fi
 
+#
+# Newer umounts have the -c (--no-canonicalize) option to avoid
+# stating the path and possible blocking.  Good for NFS.
+#
+# Check whether --enable-no-canon-umount was given.
+if test "${enable_no_canon_umount+set}" = set; then :
+  enableval=$enable_no_canon_umount;
+else
+  enable_no_canon_umount=auto
+fi
+
+if test x$enable_no_canon_umount = xauto; then
+	if test -n "$UMOUNT" ; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if umount accepts the -c option" >&5
+$as_echo_n "checking if umount accepts the -c option... " >&6; }
+  if "$UMOUNT" -h 2>&1 | grep -e '-c.*--no-canonicalize' > /dev/null 2>&1 ; then
+    enable_no_canon_umount=yes
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  fi
+fi
+fi
+if test x$enable_no_canon_umount = xyes; then
+
+$as_echo "#define HAVE_NO_CANON_UMOUNT 1" >>confdefs.h
+
+fi
+
 # LDAP SASL auth needs libxml and Kerberos
 for ac_prog in xml2-config
 do
diff --git a/configure.in b/configure.in
index 05212521..d408b209 100644
--- a/configure.in
+++ b/configure.in
@@ -167,6 +167,20 @@ if test x$enable_sloppy_mount = xyes; then
 	AC_DEFINE(HAVE_SLOPPY_MOUNT, 1, [define if the mount command supports the -s option])
 fi
 
+#
+# Newer umounts have the -c (--no-canonicalize) option to avoid
+# stating the path and possible blocking.  Good for NFS.
+#
+AC_ARG_ENABLE(no-canon-umount,
+[  --enable-no-canon-umount         enable the use of the -c option to umount],,
+	enable_no_canon_umount=auto)
+if test x$enable_no_canon_umount = xauto; then
+	AF_NO_CANON_UMOUNT()
+fi
+if test x$enable_no_canon_umount = xyes; then
+	AC_DEFINE(HAVE_NO_CANON_UMOUNT, 1, [define if the umount command supports the -c option])
+fi
+
 # LDAP SASL auth needs libxml and Kerberos
 AF_CHECK_LIBXML()
 AF_CHECK_KRB5()
diff --git a/daemon/spawn.c b/daemon/spawn.c
index c640d976..4515607b 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -592,6 +592,11 @@ int spawn_umount(unsigned logopt, ...)
 	char **argv, **p;
 	char prog[] = PATH_UMOUNT;
 	char arg0[] = PATH_UMOUNT;
+#ifdef HAVE_NO_CANON_UMOUNT
+	char * const arg_c = "-c";
+#else
+	char * const arg_c = NULL;
+#endif
 	char argn[] = "-n";
 	unsigned int options;
 	unsigned int retries = MTAB_LOCK_RETRIES;
@@ -620,19 +625,21 @@ int spawn_umount(unsigned logopt, ...)
 			update_mtab = 0;
 		}
 	}
+	if (arg_c)
+		argc++;;
 
-	if (!(argv = alloca(sizeof(char *) * argc + 1)))
+	if (!(argv = alloca(sizeof(char *) * (argc + 1))))
 		return -1;
 
-	argv[0] = arg0;
+	p = argv;
+	*p++ = arg0;
+	if (arg_c)
+		*p++ = arg_c;
+
+	if (!update_mtab)
+		*p++ = argn;
 
 	va_start(arg, logopt);
-	if (update_mtab)
-		p = argv + 1;
-	else {
-		argv[1] = argn;
-		p = argv + 2;
-	}
 	while ((*p++ = va_arg(arg, char *)));
 	va_end(arg);
 
diff --git a/include/config.h.in b/include/config.h.in
index e8885092..6ed0d832 100644
--- a/include/config.h.in
+++ b/include/config.h.in
@@ -57,6 +57,9 @@
 /* define if you have MOUNT_NFS */
 #undef HAVE_MOUNT_NFS
 
+/* define if the umount command supports the -c option */
+#undef HAVE_NO_CANON_UMOUNT
+
 /* define if the mount command supports the -s option */
 #undef HAVE_SLOPPY_MOUNT
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 04/35] autofs-5.1.3 - remove some redundant rpc library code

[Ian Kent]

Remove some redundant code that was used long long ago for testing.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG          |    1 +
 include/rpc_subs.h |    1 -
 lib/rpc_subs.c     |   86 ----------------------------------------------------
 3 files changed, 1 insertion(+), 87 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 91225cf0..977dfcda 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ xx/xx/2017 autofs-5.1.4
 - fix spec file url.
 - fix unset tsd group name handling.
 - Add -c option when calling /bin/umount - if supported.
+- remove some redundant rpc library code.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/include/rpc_subs.h b/include/rpc_subs.h
index e744e893..a344ed16 100644
--- a/include/rpc_subs.h
+++ b/include/rpc_subs.h
@@ -71,7 +71,6 @@ int rpc_portmap_getport(struct conn_info *, struct pmap *, unsigned short *);
 int rpc_ping_proto(struct conn_info *);
 int rpc_ping(const char *, long, long, unsigned int);
 double monotonic_elapsed(struct timespec, struct timespec);
-int rpc_time(const char *, unsigned int, unsigned int, long, long, unsigned int, double *);
 const char *get_addr_string(struct sockaddr *, char *, socklen_t);
 
 #endif
diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
index 386c7bac..5828a447 100644
--- a/lib/rpc_subs.c
+++ b/lib/rpc_subs.c
@@ -1084,31 +1084,6 @@ double monotonic_elapsed(struct timespec start, struct timespec end)
 	return t2 - t1;
 }
 
-int rpc_time(const char *host,
-	     unsigned int ping_vers, unsigned int ping_proto,
-	     long seconds, long micros, unsigned int option, double *result)
-{
-	int status;
-	double taken;
-	struct timespec start, end;
-	int proto = (ping_proto & RPC_PING_UDP) ? IPPROTO_UDP : IPPROTO_TCP;
-	unsigned long vers = ping_vers;
-
-	clock_gettime(CLOCK_MONOTONIC, &start);
-	status = __rpc_ping(host, vers, proto, seconds, micros, option);
-	clock_gettime(CLOCK_MONOTONIC, &end);
-
-	if (status == RPC_PING_FAIL || status < 0)
-		return status;
-
-	taken = monotonic_elapsed(start, end);
-
-	if (result != NULL)
-		*result = taken;
-
-	return status;
-}
-
 static int rpc_get_exports_proto(struct conn_info *info, exports *exp)
 {
 	CLIENT *client;
@@ -1281,64 +1256,3 @@ const char *get_addr_string(struct sockaddr *sa, char *name, socklen_t len)
 
 	return inet_ntop(sa->sa_family, addr, name, len);
 }
-
-#if 0
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
-	int ret;
-	double res = 0.0;
-	exports exportlist, tmp;
-	groups grouplist;
-	int n, maxlen;
-
-/*
-	ret = rpc_ping("budgie", 10, 0, RPC_CLOSE_DEFAULT);
-	printf("ret = %d\n", ret);
-
-	res = 0.0;
-	ret = rpc_time("budgie", NFS2_VERSION, RPC_PING_TCP, 10, 0, RPC_CLOSE_DEFAULT, &res);
-	printf("v2 tcp ret = %d, res = %f\n", ret, res);
-
-	res = 0.0;
-	ret = rpc_time("budgie", NFS3_VERSION, RPC_PING_TCP, 10, 0, RPC_CLOSE_DEFAULT, &res);
-	printf("v3 tcp ret = %d, res = %f\n", ret, res);
-
-	res = 0.0;
-	ret = rpc_time("budgie", NFS2_VERSION, RPC_PING_UDP, 10, 0, RPC_CLOSE_DEFAULT, &res);
-	printf("v2 udp ret = %d, res = %f\n", ret, res);
-
-	res = 0.0;
-	ret = rpc_time("budgie", NFS3_VERSION, RPC_PING_UDP, 10, 0, RPC_CLOSE_DEFAULT, &res);
-	printf("v3 udp ret = %d, res = %f\n", ret, res);
-*/
-	exportlist = rpc_get_exports("budgie", 10, 0, RPC_CLOSE_NOLINGER);
-	exportlist = rpc_exports_prune(exportlist);
-
-	maxlen = 0;
-	for (tmp = exportlist; tmp; tmp = tmp->ex_next) {
-		if ((n = strlen(tmp->ex_dir)) > maxlen)
-			maxlen = n;
-	}
-
-	if (exportlist) {
-		while (exportlist) {
-			printf("%-*s ", maxlen, exportlist->ex_dir);
-			grouplist = exportlist->ex_groups;
-			if (grouplist) {
-				while (grouplist) {
-					printf("%s%s", grouplist->gr_name,
-						grouplist->gr_next ? "," : "");
-					grouplist = grouplist->gr_next;
-				}
-			}
-			printf("\n");
-			exportlist = exportlist->ex_next;
-		}
-	}
-	rpc_exports_free(exportlist);
-
-	exit(0);
-}
-#endif

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 05/35] autofs-5.1.3 - add port parameter to rpc_ping()

[Ian Kent]

Commit 4914be96 introduced an NFS ping probe to check availability on
fallback from bind mount failure but failed to take into account the
case where the port option had been given to avoid bind mounting.

Change rpc_ping() and __rpc_ping() to take a port parameter and don't
contact the portmapper or rpcbind if it is valid.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 include/rpc_subs.h  |    2 +-
 lib/rpc_subs.c      |   41 ++++++++++++++++++++++++++---------------
 modules/mount_nfs.c |    2 +-
 4 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 977dfcda..1aa1dbb5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ xx/xx/2017 autofs-5.1.4
 - fix unset tsd group name handling.
 - Add -c option when calling /bin/umount - if supported.
 - remove some redundant rpc library code.
+- add port parameter to rpc_ping().
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/include/rpc_subs.h b/include/rpc_subs.h
index a344ed16..def80a2f 100644
--- a/include/rpc_subs.h
+++ b/include/rpc_subs.h
@@ -69,7 +69,7 @@ void rpc_destroy_tcp_client(struct conn_info *);
 int rpc_portmap_getclient(struct conn_info *, const char *, struct sockaddr *, size_t, int, unsigned int);
 int rpc_portmap_getport(struct conn_info *, struct pmap *, unsigned short *);
 int rpc_ping_proto(struct conn_info *);
-int rpc_ping(const char *, long, long, unsigned int);
+int rpc_ping(const char *, int, long, long, unsigned int);
 double monotonic_elapsed(struct timespec, struct timespec);
 const char *get_addr_string(struct sockaddr *, char *, socklen_t);
 
diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
index 5828a447..a039e8ee 100644
--- a/lib/rpc_subs.c
+++ b/lib/rpc_subs.c
@@ -1001,12 +1001,11 @@ int rpc_ping_proto(struct conn_info *info)
 }
 
 static int __rpc_ping(const char *host,
-		      unsigned long version, int proto,
+		      unsigned long version, int proto, int port,
 		      long seconds, long micros, unsigned int option)
 {
 	int status;
 	struct conn_info info;
-	struct pmap parms;
 
 	info.proto = proto;
 	info.host = host;
@@ -1023,32 +1022,41 @@ static int __rpc_ping(const char *host,
 
 	status = RPC_PING_FAIL;
 
-	parms.pm_prog = NFS_PROGRAM;
-	parms.pm_vers = version;
-	parms.pm_prot = info.proto;
-	parms.pm_port = 0;
 
-	status = rpc_portmap_getport(&info, &parms, &info.port);
-	if (status < 0)
-		return status;
+	if (port > 0)
+		info.port = port;
+	else {
+		struct pmap parms;
+
+		parms.pm_prog = NFS_PROGRAM;
+		parms.pm_vers = version;
+		parms.pm_prot = info.proto;
+		parms.pm_port = 0;
+		status = rpc_portmap_getport(&info, &parms, &info.port);
+		if (status < 0)
+			return status;
+	}
 
 	status = rpc_ping_proto(&info);
 
 	return status;
 }
 
-int rpc_ping(const char *host, long seconds, long micros, unsigned int option)
+int rpc_ping(const char *host, int port,
+	     long seconds, long micros, unsigned int option)
 {
 	unsigned long vers4 = NFS4_VERSION;
 	unsigned long vers3 = NFS3_VERSION;
 	unsigned long vers2 = NFS2_VERSION;
 	int status;
 
-	status = __rpc_ping(host, vers2, IPPROTO_UDP, seconds, micros, option);
+	status = __rpc_ping(host, vers2,
+			    IPPROTO_UDP, port, seconds, micros, option);
 	if (status > 0)
 		return RPC_PING_V2 | RPC_PING_UDP;
 
-	status = __rpc_ping(host, vers3, IPPROTO_UDP, seconds, micros, option);
+	status = __rpc_ping(host, vers3,
+			    IPPROTO_UDP, port, seconds, micros, option);
 	if (status > 0)
 		return RPC_PING_V3 | RPC_PING_UDP;
 
@@ -1058,15 +1066,18 @@ int rpc_ping(const char *host, long seconds, long micros, unsigned int option)
 		return RPC_PING_V4 | RPC_PING_UDP;
 	*/
 
-	status = __rpc_ping(host, vers2, IPPROTO_TCP, seconds, micros, option);
+	status = __rpc_ping(host, vers2,
+			    IPPROTO_TCP, port, seconds, micros, option);
 	if (status > 0)
 		return RPC_PING_V2 | RPC_PING_TCP;
 
-	status = __rpc_ping(host, vers3, IPPROTO_TCP, seconds, micros, option);
+	status = __rpc_ping(host, vers3, port,
+			    IPPROTO_TCP, seconds, micros, option);
 	if (status > 0)
 		return RPC_PING_V3 | RPC_PING_TCP;
 
-	status = __rpc_ping(host, vers4, IPPROTO_TCP, seconds, micros, option);
+	status = __rpc_ping(host, vers4,
+			    IPPROTO_TCP, port, seconds, micros, option);
 	if (status > 0)
 		return RPC_PING_V4 | RPC_PING_TCP;
 
diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
index c558a738..a0ab656b 100644
--- a/modules/mount_nfs.c
+++ b/modules/mount_nfs.c
@@ -358,7 +358,7 @@ dont_probe:
 			char *host = this->name ? this->name : "localhost";
 			int ret;
 
-			ret = rpc_ping(host, 2, 0, RPC_CLOSE_DEFAULT);
+			ret = rpc_ping(host, port, 2, 0, RPC_CLOSE_DEFAULT);
 			if (ret <= 0)
 				goto next;
 		}

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 06/35] autofs-5.1.3 - dont probe NFSv2 by default

[Ian Kent]

NFS v2 hasn't been recommended for use for a long time now so don't
include it in the avialability probe unless it is specified as an
NFS mount option.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 include/replicated.h |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1aa1dbb5..a56b2894 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ xx/xx/2017 autofs-5.1.4
 - Add -c option when calling /bin/umount - if supported.
 - remove some redundant rpc library code.
 - add port parameter to rpc_ping().
+- dont probe NFSv2 by default.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/include/replicated.h b/include/replicated.h
index 728f1311..5e142f4f 100644
--- a/include/replicated.h
+++ b/include/replicated.h
@@ -26,7 +26,7 @@
 #define NFS2_SUPPORTED		0x0010
 #define NFS3_SUPPORTED		0x0020
 #define NFS4_SUPPORTED		0x0040
-#define NFS_VERS_MASK		(NFS2_SUPPORTED|NFS3_SUPPORTED)
+#define NFS_VERS_MASK		(NFS3_SUPPORTED)
 #define NFS4_VERS_MASK		(NFS4_SUPPORTED)
 
 #define NFS2_REQUESTED		NFS2_SUPPORTED

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 07/35] autofs-5.1.3 - add version parameter to rpc_ping()

[Ian Kent]

Add an version parameter to rpc_ping() to try and avoid NFS pings
to protocol or NFS version that isn't to be used.

When the port option is specified (possibly for NFS tunneling) it's
likely that the protocol is also specified which will reduce uneeded
NFS ping requests. But for this to work best (with the minimum delay)
the NFS version needs to also be specified in the NFS mount options.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 include/rpc_subs.h  |    2 +
 lib/rpc_subs.c      |   74 +++++++++++++++++++++++++++------------------------
 modules/mount_nfs.c |    2 +
 4 files changed, 42 insertions(+), 37 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index a56b2894..cc61f59e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ xx/xx/2017 autofs-5.1.4
 - remove some redundant rpc library code.
 - add port parameter to rpc_ping().
 - dont probe NFSv2 by default.
+- add version parameter to rpc_ping().
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/include/rpc_subs.h b/include/rpc_subs.h
index def80a2f..6e35eedf 100644
--- a/include/rpc_subs.h
+++ b/include/rpc_subs.h
@@ -69,7 +69,7 @@ void rpc_destroy_tcp_client(struct conn_info *);
 int rpc_portmap_getclient(struct conn_info *, const char *, struct sockaddr *, size_t, int, unsigned int);
 int rpc_portmap_getport(struct conn_info *, struct pmap *, unsigned short *);
 int rpc_ping_proto(struct conn_info *);
-int rpc_ping(const char *, int, long, long, unsigned int);
+int rpc_ping(const char *, int, unsigned int, long, long, unsigned int);
 double monotonic_elapsed(struct timespec, struct timespec);
 const char *get_addr_string(struct sockaddr *, char *, socklen_t);
 
diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
index a039e8ee..9a267e4f 100644
--- a/lib/rpc_subs.c
+++ b/lib/rpc_subs.c
@@ -43,6 +43,7 @@ const rpcvers_t rpcb_version = PMAPVERS;
 
 #include "mount.h"
 #include "rpc_subs.h"
+#include "replicated.h"
 #include "automount.h"
 
 /* #define STANDALONE */
@@ -1043,43 +1044,46 @@ static int __rpc_ping(const char *host,
 }
 
 int rpc_ping(const char *host, int port,
-	     long seconds, long micros, unsigned int option)
+	     unsigned int version, long seconds, long micros,
+	     unsigned int option)
 {
-	unsigned long vers4 = NFS4_VERSION;
-	unsigned long vers3 = NFS3_VERSION;
-	unsigned long vers2 = NFS2_VERSION;
-	int status;
+	int status = 0;
+
+	if ((version & NFS2_REQUESTED) && (version & TCP_REQUESTED)) {
+		status = __rpc_ping(host, NFS2_VERSION,
+				    IPPROTO_TCP, port, seconds, micros, option);
+		if (status > 0)
+			return RPC_PING_V2 | RPC_PING_TCP;
+	}
+
+	if ((version & NFS2_REQUESTED) && (version & UDP_REQUESTED)) {
+		status = __rpc_ping(host, NFS2_VERSION,
+				    IPPROTO_UDP, port, seconds, micros, option);
+		if (status > 0)
+			return RPC_PING_V2 | RPC_PING_UDP;
+	}
 
-	status = __rpc_ping(host, vers2,
-			    IPPROTO_UDP, port, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V2 | RPC_PING_UDP;
-
-	status = __rpc_ping(host, vers3,
-			    IPPROTO_UDP, port, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V3 | RPC_PING_UDP;
-
-	/* UDP isn't recommended for NFSv4, don't bother checking it.
-	status = __rpc_ping(host, vers4, IPPROTO_UDP, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V4 | RPC_PING_UDP;
-	*/
-
-	status = __rpc_ping(host, vers2,
-			    IPPROTO_TCP, port, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V2 | RPC_PING_TCP;
-
-	status = __rpc_ping(host, vers3, port,
-			    IPPROTO_TCP, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V3 | RPC_PING_TCP;
-
-	status = __rpc_ping(host, vers4,
-			    IPPROTO_TCP, port, seconds, micros, option);
-	if (status > 0)
-		return RPC_PING_V4 | RPC_PING_TCP;
+	if ((version & NFS3_REQUESTED) && (version & TCP_REQUESTED)) {
+		status = __rpc_ping(host, NFS3_VERSION,
+				    IPPROTO_TCP, port, seconds, micros, option);
+		if (status > 0)
+			return RPC_PING_V3 | RPC_PING_TCP;
+	}
+
+	if ((version & NFS3_REQUESTED) && (version & UDP_REQUESTED)) {
+		status = __rpc_ping(host, NFS3_VERSION,
+				    IPPROTO_UDP, port, seconds, micros, option);
+		if (status > 0)
+			return RPC_PING_V3 | RPC_PING_UDP;
+	}
+
+	if (version & NFS4_REQUESTED) {
+		/* UDP isn't recommended for NFSv4, don't check it. */
+		status = __rpc_ping(host, NFS4_VERSION,
+				    IPPROTO_TCP, port, seconds, micros, option);
+		if (status > 0)
+			return RPC_PING_V4 | RPC_PING_TCP;
+	}
 
 	return status;
 }
diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
index a0ab656b..97f12c4d 100644
--- a/modules/mount_nfs.c
+++ b/modules/mount_nfs.c
@@ -358,7 +358,7 @@ dont_probe:
 			char *host = this->name ? this->name : "localhost";
 			int ret;
 
-			ret = rpc_ping(host, port, 2, 0, RPC_CLOSE_DEFAULT);
+			ret = rpc_ping(host, port, vers, 2, 0, RPC_CLOSE_DEFAULT);
 			if (ret <= 0)
 				goto next;
 		}

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 08/35] autofs-5.1.3 - fix typo in autofs config file comments

[Ian Kent]

Fix a typo in the comments section of the installed autofs configuration
file comments.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                      |    1 +
 redhat/autofs.conf.default.in  |    2 +-
 samples/autofs.conf.default.in |    2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index cc61f59e..10ef5c47 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ xx/xx/2017 autofs-5.1.4
 - add port parameter to rpc_ping().
 - dont probe NFSv2 by default.
 - add version parameter to rpc_ping().
+- fix typo in autofs config file comments.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/redhat/autofs.conf.default.in b/redhat/autofs.conf.default.in
index 3c6a3165..86821de1 100644
--- a/redhat/autofs.conf.default.in
+++ b/redhat/autofs.conf.default.in
@@ -183,7 +183,7 @@ mount_nfs_default_protocol = 4
 #
 #sss_master_map_wait = 0
 #
-# Otions for the amd parser within autofs.
+# Options for the amd parser within autofs.
 #
 # amd configuration options that are aren't used, haven't been
 # implemented or have different behaviour within autofs.
diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
index 3ea3dd10..411afe14 100644
--- a/samples/autofs.conf.default.in
+++ b/samples/autofs.conf.default.in
@@ -182,7 +182,7 @@ browse_mode = no
 #
 #sss_master_map_wait = 0
 #
-# Otions for the amd parser within autofs.
+# Options for the amd parser within autofs.
 #
 # amd configuration options that are aren't used, haven't been
 # implemented or have different behaviour within autofs.

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 09/35] autofs-5.1.3 - fix typos in autofs man pages

[Ian Kent]

Add missing section in the title of the autofs.conf(5) man page
and fix a duplicated i in file system types description of autofs(5).

Signed-off-by: Ian Kent <raven@themaw.net>
Reported-by: Roland Hopferwieser <rhopfer@ica.jku.at>
---
 CHANGELOG            |    1 +
 man/autofs.5         |    2 +-
 man/autofs.conf.5.in |    2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 10ef5c47..257e3501 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,7 @@ xx/xx/2017 autofs-5.1.4
 - dont probe NFSv2 by default.
 - add version parameter to rpc_ping().
 - fix typo in autofs config file comments.
+- fix typos in autofs man pages.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/autofs.5 b/man/autofs.5
index efde77ad..0063fbea 100644
--- a/man/autofs.5
+++ b/man/autofs.5
@@ -447,7 +447,7 @@ This is the mount filesystem \fBtype\fP.
 It can have a value of
 .BR auto ", " link ", " linkx ", " host ", " lofs ", " ext2-4 ", "
 .BR xfs ", " nfs ", " nfsl " or " cdfs "."
-Other types that are not yet implemented or are not available iin autofs are
+Other types that are not yet implemented or are not available in autofs are
 .BR nfsx ", " lustre ", " jfs ", " program ", " cachefs " and " direct "."
 .TP
 .B maptype
diff --git a/man/autofs.conf.5.in b/man/autofs.conf.5.in
index a777c581..0efe0d4f 100644
--- a/man/autofs.conf.5.in
+++ b/man/autofs.conf.5.in
@@ -1,5 +1,5 @@
 .\" t
-.TH AUTOFS.CONF "23 Jan 2014"
+.TH AUTOFS.CONF 5 "23 Jan 2014"
 .SH NAME
 autofs.conf \- autofs configuration
 .SH "DESCRIPTION"

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 10/35] autofs-5.1.3 - use pkg-config to search for libtirpc to fix cross-compilation

[Ian Kent]

From: Waldemar Brodkorb <wbx@openadk.org>

When trying to cross-compile autofs for example with a buildsystem
like buildroot, the compilation fails in case the user wants to use
libtirpc library as RPC implementation. A hard coded include path
in aclocal.m4 is used. Other opensource software like rpcbind or
nfs-utils are suing autotools pkgconfig infrastructure to find
the libtirpc headers and to pass the correct linker flags.

Convert configure.in to use PKG_CHECK_MODULES and remove the
hand written autoconf macros from aclocal.m4.

To autoreconf the package you need pkg-config or pkgconf installed,
which provides the needed autoconf macros in pkg.m4. For an
non-automake project a full path to pkg.m4 is required.

This fixes cross-compilation of autofs and allows to use
alternative C libraries as uClibc-ng without internal RPC
support to be used in cross-compiling environments.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG        |    1 
 Makefile.conf.in |    3 
 Makefile.rules   |    2 
 aclocal.m4       |   48 --------
 configure        |  329 +++++++++++++++++++++++++++++++++++++++++++-----------
 configure.in     |   16 ++-
 6 files changed, 281 insertions(+), 118 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 257e3501..72c3ee70 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,7 @@ xx/xx/2017 autofs-5.1.4
 - add version parameter to rpc_ping().
 - fix typo in autofs config file comments.
 - fix typos in autofs man pages.
+- use pkg-config to search for libtirpc to fix cross-compilation.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/Makefile.conf.in b/Makefile.conf.in
index 2bc3202e..f879e262 100644
--- a/Makefile.conf.in
+++ b/Makefile.conf.in
@@ -64,7 +64,8 @@ RPCGEN = @PATH_RPCGEN@
 RANLIB = @PATH_RANLIB@
 
 # Use libtirpc if requested and available
-TIRPCLIB = @TIRPCLIB@
+TIRPCLIB = @TIRPC_LIBS@
+TIRPCCFLAGS = @TIRPC_CFLAGS@
 
 # Use dmalloc for memory debuging
 DMALLOCLIB = @DMALLOCLIB@
diff --git a/Makefile.rules b/Makefile.rules
index 7d1af2e0..0edf9bfe 100644
--- a/Makefile.rules
+++ b/Makefile.rules
@@ -46,7 +46,7 @@ CFLAGS += -D_REENTRANT -D_FILE_OFFSET_BITS=64
 LIBS += -lpthread
 
 ifdef TIRPCLIB
-CFLAGS += -I/usr/include/tirpc
+CFLAGS += $(TIRPCCFLAGS)
 LIBS += $(TIRPCLIB)
 endif
 
diff --git a/aclocal.m4 b/aclocal.m4
index 40e1ee97..51772043 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -417,51 +417,3 @@ fi
 LIBS="$af_check_ldap_parse_page_control_save_libs"
 ])
 
-dnl --------------------------------------------------------------------------
-dnl AF_CHECK_LIBTIRPC
-dnl
-dnl Use libtirpc for rpc transport
-dnl --------------------------------------------------------------------------
-AC_DEFUN([AF_CHECK_LIBTIRPC],
-[
-# save current flags
-af_check_libtirpc_save_cflags="$CFLAGS"
-af_check_libtirpc_save_libs="$LIBS"
-CFLAGS="$CFLAGS -I/usr/include/tirpc"
-LIBS="$LIBS -ltirpc"
-
-AC_TRY_LINK(
-    [ #include <rpc/rpc.h> ],
-    [ CLIENT *cl;
-      struct sockaddr_in addr;
-      int fd;
-      unsigned long ul; struct timeval t; unsigned int ui;
-      cl = clntudp_bufcreate(&addr,ul,ul,t,&fd,ui,ui); ],
-    [ af_have_libtirpc=yes
-      AC_MSG_RESULT(yes) ],
-    [ AC_MSG_RESULT(no) ])
-
-if test "$af_have_libtirpc" = "yes"; then
-    AC_DEFINE(WITH_LIBTIRPC,1, [Define to 1 if you have the libtirpc library installed])
-    AC_DEFINE(TIRPC_WORKAROUND,1, [Define to 1 to use the libtirpc tsd usage workaround])
-    TIRPCLIB="-ltirpc"
-fi
-
-AC_CHECK_FUNCS([getrpcbyname getservbyname])
-
-# restore flags
-CFLAGS="$af_check_libtirpc_save_cflags"
-LIBS="$af_check_libtirpc_save_libs"
-])
-
-AC_DEFUN([AF_WITH_LIBTIRPC],
-[AC_MSG_CHECKING([if libtirpc is requested and available])
-AC_ARG_WITH(libtirpc,
-[  --with-libtirpc         use libtirpc if available],
-[if test "$withval" = yes; then
-  AF_CHECK_LIBTIRPC()
-else
-  AC_MSG_RESULT(no)
-fi], [AC_MSG_RESULT(no)])
-])
-
diff --git a/configure b/configure
index 9ba26707..c8b8da3c 100755
--- a/configure
+++ b/configure
@@ -672,7 +672,6 @@ MOUNT_NFS
 HAVE_MOUNT
 MOUNT
 DMALLOCLIB
-TIRPCLIB
 OBJEXT
 EXEEXT
 ac_ct_CC
@@ -680,6 +679,11 @@ CPPFLAGS
 LDFLAGS
 CFLAGS
 CC
+TIRPC_LIBS
+TIRPC_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
 flagdir
 fifodir
 mapdir
@@ -750,6 +754,11 @@ enable_limit_getgrgid_size
       ac_precious_vars='build_alias
 host_alias
 target_alias
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+TIRPC_CFLAGS
+TIRPC_LIBS
 CC
 CFLAGS
 LDFLAGS
@@ -1393,6 +1402,14 @@ Optional Packages:
   --with-sasl=DIR	  enable SASL support for LDAP maps (libs and includes in DIR)
 
 Some influential environment variables:
+  PKG_CONFIG  path to pkg-config utility
+  PKG_CONFIG_PATH
+              directories to add to pkg-config's search path
+  PKG_CONFIG_LIBDIR
+              path overriding pkg-config's built-in search path
+  TIRPC_CFLAGS
+              C compiler flags for TIRPC, overriding pkg-config
+  TIRPC_LIBS  linker flags for TIRPC, overriding pkg-config
   CC          C compiler command
   CFLAGS      C compiler flags
   LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
@@ -2166,6 +2183,25 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
+# for pkg-config macros
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 #
 # autofs installs by default in /usr
 #
@@ -2400,7 +2436,232 @@ $as_echo "$flagdir" >&6; }
 #
 # Use libtirpc
 #
-ac_ext=c
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
+  fi
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=0.9.0
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	else
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		PKG_CONFIG=""
+	fi
+fi
+
+# Check whether --with-libtirpc was given.
+if test "${with_libtirpc+set}" = set; then :
+  withval=$with_libtirpc;
+fi
+
+if test "x$with_libtirpc" = "xyes"; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TIRPC" >&5
+$as_echo_n "checking for TIRPC... " >&6; }
+
+if test -n "$TIRPC_CFLAGS"; then
+    pkg_cv_TIRPC_CFLAGS="$TIRPC_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtirpc\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libtirpc") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_TIRPC_CFLAGS=`$PKG_CONFIG --cflags "libtirpc" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$TIRPC_LIBS"; then
+    pkg_cv_TIRPC_LIBS="$TIRPC_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtirpc\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libtirpc") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_TIRPC_LIBS=`$PKG_CONFIG --libs "libtirpc" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        TIRPC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libtirpc" 2>&1`
+        else
+	        TIRPC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libtirpc" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$TIRPC_PKG_ERRORS" >&5
+
+	as_fn_error $? "Package requirements (libtirpc) were not met:
+
+$TIRPC_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables TIRPC_CFLAGS
+and TIRPC_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables TIRPC_CFLAGS
+and TIRPC_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+	TIRPC_CFLAGS=$pkg_cv_TIRPC_CFLAGS
+	TIRPC_LIBS=$pkg_cv_TIRPC_LIBS
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+
+$as_echo "#define WITH_LIBTIRPC 1" >>confdefs.h
+
+
+$as_echo "#define TIRPC_WORKAROUND 1" >>confdefs.h
+
+
+fi
+  ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
@@ -3190,55 +3451,6 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtirpc is requested and available" >&5
-$as_echo_n "checking if libtirpc is requested and available... " >&6; }
-
-# Check whether --with-libtirpc was given.
-if test "${with_libtirpc+set}" = set; then :
-  withval=$with_libtirpc; if test "$withval" = yes; then
-
-# save current flags
-af_check_libtirpc_save_cflags="$CFLAGS"
-af_check_libtirpc_save_libs="$LIBS"
-CFLAGS="$CFLAGS -I/usr/include/tirpc"
-LIBS="$LIBS -ltirpc"
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
- #include <rpc/rpc.h>
-int
-main ()
-{
- CLIENT *cl;
-      struct sockaddr_in addr;
-      int fd;
-      unsigned long ul; struct timeval t; unsigned int ui;
-      cl = clntudp_bufcreate(&addr,ul,ul,t,&fd,ui,ui);
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-   af_have_libtirpc=yes
-      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-
-if test "$af_have_libtirpc" = "yes"; then
-
-$as_echo "#define WITH_LIBTIRPC 1" >>confdefs.h
-
-
-$as_echo "#define TIRPC_WORKAROUND 1" >>confdefs.h
-
-    TIRPCLIB="-ltirpc"
-fi
-
 for ac_func in getrpcbyname getservbyname
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -3251,23 +3463,8 @@ _ACEOF
 fi
 done
 
-
-# restore flags
-CFLAGS="$af_check_libtirpc_save_cflags"
-LIBS="$af_check_libtirpc_save_libs"
-
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
 fi
 
-
-
-
 #
 # Optional include dmalloc
 #
diff --git a/configure.in b/configure.in
index d408b209..085b34d5 100644
--- a/configure.in
+++ b/configure.in
@@ -11,6 +11,9 @@ define([AC_CACHE_LOAD], )dnl
 define([AC_CACHE_SAVE], )dnl
 AC_INIT(.autofs-5.1.3)
 
+# for pkg-config macros
+m4_include([/usr/share/aclocal/pkg.m4])
+
 #
 # autofs installs by default in /usr
 #
@@ -124,8 +127,17 @@ AC_SUBST(flagdir)
 #
 # Use libtirpc
 #
-AF_WITH_LIBTIRPC()
-AC_SUBST(TIRPCLIB)
+PKG_PROG_PKG_CONFIG()
+AC_ARG_WITH([libtirpc], AS_HELP_STRING([--with-libtirpc], [use libtirpc if available]))
+if test "x$with_libtirpc" = "xyes"; then
+  PKG_CHECK_MODULES([TIRPC],[libtirpc],[
+		AC_DEFINE(WITH_LIBTIRPC,1,
+			[Define to 1 if you have the libtirpc library installed])
+		AC_DEFINE(TIRPC_WORKAROUND,1,
+			[Define to 1 to use the libtirpc tsd usage workaround])
+    ])
+  AC_CHECK_FUNCS([getrpcbyname getservbyname])
+fi
 
 #
 # Optional include dmalloc

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 11/35] autofs-5.1.3 - fix incorrect status return in get_nfs_info()

[Ian Kent]

If the host is unreachable getting the RPC client in get_nfs_info()
should set status to zero as response time taken hasn't been calculated.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 modules/replicated.c |    5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 72c3ee70..6492fab3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@ xx/xx/2017 autofs-5.1.4
 - fix typo in autofs config file comments.
 - fix typos in autofs man pages.
 - use pkg-config to search for libtirpc to fix cross-compilation.
+- fix incorrect status return in get_nfs_info().
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/replicated.c b/modules/replicated.c
index 315e3000..c5c4f392 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -605,9 +605,10 @@ static int get_supported_ver_and_cost(unsigned logopt, struct host *host,
 		status = rpc_udp_getclient(&rpc_info, NFS_PROGRAM, vers);
 	else
 		status = rpc_tcp_getclient(&rpc_info, NFS_PROGRAM, vers);
-	if (status == -EHOSTUNREACH)
+	if (status == -EHOSTUNREACH) {
+		status = 0;
 		goto done;
-	else if (!status) {
+	} else if (!status) {
 		clock_gettime(CLOCK_MONOTONIC, &start);
 		status = rpc_ping_proto(&rpc_info);
 		clock_gettime(CLOCK_MONOTONIC, &end);

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 12/35] autofs-5.1.3 - fix a couple of compiler warnings

[Ian Kent]

Fix a few compiler warnings that have been around far too long.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG               |    1 +
 daemon/spawn.c          |   20 ++++++++++++++++----
 lib/master_tok.l        |    2 ++
 lib/parse_subs.c        |    2 +-
 modules/base64.c        |    2 +-
 modules/lookup_file.c   |    4 ----
 modules/lookup_hesiod.c |    3 ---
 7 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6492fab3..823b0832 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,7 @@ xx/xx/2017 autofs-5.1.4
 - fix typos in autofs man pages.
 - use pkg-config to search for libtirpc to fix cross-compilation.
 - fix incorrect status return in get_nfs_info().
+- fix a couple of compiler warnings.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/spawn.c b/daemon/spawn.c
index 4515607b..b931d678 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -195,8 +195,14 @@ static int do_spawn(unsigned logopt, unsigned int wait,
 			 * program group to trigger mount
 			 */
 			if (euid) {
-				seteuid(euid);
-				setegid(egid);
+				if (seteuid(euid) == -1)
+					fprintf(stderr,
+						"warning: seteuid: %s\n",
+						strerror(errno));
+				if (setegid(egid) == -1)
+					fprintf(stderr,
+						"warning: setegid: %s\n",
+						strerror(errno));
 			}
 			setpgrp();
 
@@ -212,8 +218,14 @@ static int do_spawn(unsigned logopt, unsigned int wait,
 			if (fd != -1)
 				close(fd);
 
-			seteuid(0);
-			setegid(0);
+			if (seteuid(0) == -1)
+				fprintf(stderr,
+					"warning: seteuid: %s\n",
+					strerror(errno));
+			if (setegid(0) == -1)
+				fprintf(stderr,
+					"warning: setegid: %s\n",
+					strerror(errno));
 			if (pgrp >= 0)
 				setpgid(0, pgrp);
 
diff --git a/lib/master_tok.l b/lib/master_tok.l
index b32918d1..63dab50d 100644
--- a/lib/master_tok.l
+++ b/lib/master_tok.l
@@ -475,7 +475,9 @@ void master_set_scan_buffer(const char *buffer)
 	line_lim = line + strlen(buffer) + 1;
 }
 
+#ifndef min
 #define min(a,b) (((a) < (b)) ? (a) : (b))
+#endif
 
 int my_yyinput(char *buffer, int max_size)
 {
diff --git a/lib/parse_subs.c b/lib/parse_subs.c
index 80383c20..fc9b6474 100644
--- a/lib/parse_subs.c
+++ b/lib/parse_subs.c
@@ -795,7 +795,7 @@ char *sanitize_path(const char *path, int origlen, unsigned int type, unsigned i
 	unsigned int seen_slash = 0, quote = 0, dquote = 0;
 
 	if (type & (LKP_INDIRECT | LKP_DIRECT)) {
-		char *tmp = path;
+		const char *tmp = path;
 
 		if (*tmp == '"')
 			tmp++;
diff --git a/modules/base64.c b/modules/base64.c
index 0bb356a2..3e9406ff 100644
--- a/modules/base64.c
+++ b/modules/base64.c
@@ -12,7 +12,7 @@ static const char *BASE64_CHARS =
  * @param triple three bytes that should be encoded
  * @param result buffer of four characters where the result is stored
  */
-static void _base64_encode_triple(char triple[3], char result[4])
+static void _base64_encode_triple(unsigned char triple[3], char result[4])
 {
 	int tripleValue, i;
 
diff --git a/modules/lookup_file.c b/modules/lookup_file.c
index b548ac35..e2d248e0 100644
--- a/modules/lookup_file.c
+++ b/modules/lookup_file.c
@@ -1092,13 +1092,9 @@ static int map_update_needed(struct autofs_point *ap,
 			     struct map_source *source,
 			     struct lookup_context *ctxt)
 {
-	struct mapent_cache *mc;
-	struct mapent *me;
 	struct stat st;
 	int ret = 1;
 
-	mc = source->mc;
-
 	/*
 	 * We can skip the map lookup and cache update altogether
 	 * if we know the map hasn't been modified since it was
diff --git a/modules/lookup_hesiod.c b/modules/lookup_hesiod.c
index 3bd62008..298ebc75 100644
--- a/modules/lookup_hesiod.c
+++ b/modules/lookup_hesiod.c
@@ -363,7 +363,6 @@ done:
 int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *context)
 {
 	struct lookup_context *ctxt = (struct lookup_context *) context;
-	struct mapent_cache *mc;
 	char buf[MAX_ERR_BUF];
 	struct map_source *source;
 	struct mapent *me;
@@ -378,8 +377,6 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
 	ap->entry->current = NULL;
 	master_source_current_signal(ap->entry);
 
-	mc = source->mc;
-
 	debug(ap->logopt,
 	      MODPREFIX "looking up root=\"%s\", name=\"%s\"",
 	      ap->path, name);

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 13/35] autofs-5.1.3 - set systemd KillMode to process

[Ian Kent]

It's been reported that fuse based filesystem mounts are lost when
restarting autofs.

This behaviour is due to systemd default KillMode being control-group
rather than process.

While changing this from control-group to process might occassionally
not kill some processes that should be killed on shutdown or restart
these processes are much less common and less problematic than processes
managing fuse based mounts.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                 |    1 +
 samples/autofs.service.in |    1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 823b0832..4a57ca0b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,7 @@ xx/xx/2017 autofs-5.1.4
 - use pkg-config to search for libtirpc to fix cross-compilation.
 - fix incorrect status return in get_nfs_info().
 - fix a couple of compiler warnings.
+- set systemd KillMode to process.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/samples/autofs.service.in b/samples/autofs.service.in
index f9fa96c4..b37d970a 100644
--- a/samples/autofs.service.in
+++ b/samples/autofs.service.in
@@ -9,6 +9,7 @@ PIDFile=@@autofspiddir@@/autofs.pid
 EnvironmentFile=-@@autofsconfdir@@/autofs
 ExecStart=@@sbindir@@/automount $OPTIONS --pid-file @@autofspiddir@@/autofs.pid
 ExecReload=/usr/bin/kill -HUP $MAINPID
+KillMode=process
 TimeoutSec=180
 
 [Install]

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 14/35] autofs-5.1.3 - fix mount.nfs blocks on first mount

[Ian Kent]

The first time an NFS mount is tried mount.nfs tries to start rpc.statd
using systemctl. If /usr/local is being used to provide automounts in
that directory the first mount will hang becuase some directories under
/usr/local are included in the path used by systemctl.

Add rpc-statd.service (and for good measure rpcbind.service) to the
autofs Wants line in the unit file to work around this.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                 |    1 +
 samples/autofs.service.in |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 4a57ca0b..d5dca873 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ xx/xx/2017 autofs-5.1.4
 - fix incorrect status return in get_nfs_info().
 - fix a couple of compiler warnings.
 - set systemd KillMode to process.
+- fix mount.nfs blocks on first mount.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/samples/autofs.service.in b/samples/autofs.service.in
index b37d970a..918fc93c 100644
--- a/samples/autofs.service.in
+++ b/samples/autofs.service.in
@@ -1,7 +1,7 @@
 [Unit]
 Description=Automounts filesystems on demand
 After=network.target ypbind.service sssd.service network-online.target remote-fs.target
-Wants=network-online.target
+Wants=network-online.target rpc-statd.service rpcbind.service
 
 [Service]
 Type=forking

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 15/35] autofs-5.1.3 - fix some man page problems

[Ian Kent]

Fix a few problems with the autofs man pages:
- autofs(8) missing "autofs -" in NAME string.
- punctuation marks in some SEE ALSO sections.
- change NAME string to include key word "autofs" in auto.master(5).

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                      |    1 +
 man/auto.master.5.in           |    4 ++--
 man/autofs.5                   |    4 ++--
 man/autofs.8.in                |    8 ++++----
 man/autofs.conf.5.in           |    2 +-
 man/autofs_ldap_auth.conf.5.in |    2 +-
 man/automount.8                |    4 ++--
 7 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d5dca873..c6423ce8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ xx/xx/2017 autofs-5.1.4
 - fix a couple of compiler warnings.
 - set systemd KillMode to process.
 - fix mount.nfs blocks on first mount.
+- fix some man page problems.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index ba28494e..c87fb7f4 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -1,7 +1,7 @@
 .\" t
 .TH AUTO.MASTER 5 "11 Apr 2006"
 .SH NAME
-auto.master \- Master Map for automounter
+auto.master \- Master Map for automounter consulted by autofs
 .SH "DESCRIPTION"
 The
 .B auto.master
@@ -367,7 +367,7 @@ configuration will be used to locate the source of the map
 .BR autofs (5),
 .BR autofs (8),
 .BR autofs.conf (5),
-.BR autofs_ldap_auth.conf (5)
+.BR autofs_ldap_auth.conf (5).
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debian GNU/Linux system.  Edited by <hpa@transmeta.com> and
diff --git a/man/autofs.5 b/man/autofs.5
index 0063fbea..c2421272 100644
--- a/man/autofs.5
+++ b/man/autofs.5
@@ -602,8 +602,8 @@ depricated so this is not likely to change.
 .BR auto.master (5),
 .BR autofs (8),
 .BR autofs.conf (5),
-.BR mount (8).
-.BR autofs_ldap_auth.conf (5)
+.BR mount (8),
+.BR autofs_ldap_auth.conf (5).
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debian GNU/Linux system.  Edited by H. Peter Avian
diff --git a/man/autofs.8.in b/man/autofs.8.in
index b2b757bb..9f03eada 100644
--- a/man/autofs.8.in
+++ b/man/autofs.8.in
@@ -1,6 +1,6 @@
 .TH AUTOFS 8 "9 Sep 1997"
 .SH NAME
-Service control for the automounter
+autofs \- Service control for the automounter
 .SH SYNOPSIS
 If a SysV init script system is being used:
 .br
@@ -72,9 +72,9 @@ for more information.
 .BR automount (8),
 .BR autofs (5),
 .BR autofs.conf (5),
-.BR auto.master (5).
-.BR autofs_ldap_auth.conf (5)
-.BR systemctl(1)
+.BR auto.master (5),
+.BR autofs_ldap_auth.conf (5),
+.BR systemctl(1).
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debian GNU/Linux system.  Edited by H. Peter Anvin
diff --git a/man/autofs.conf.5.in b/man/autofs.conf.5.in
index 0efe0d4f..ec2d4bb3 100644
--- a/man/autofs.conf.5.in
+++ b/man/autofs.conf.5.in
@@ -513,6 +513,6 @@ map_type = file
 .SH "SEE ALSO"
 .BR automount (8),
 .BR auto.master (5),
-.BR autofs_ldap_auth.conf (5)
+.BR autofs_ldap_auth.conf (5).
 .SH AUTHOR
 This manual page was written by Ian Kent <raven@themaw.net>.
diff --git a/man/autofs_ldap_auth.conf.5.in b/man/autofs_ldap_auth.conf.5.in
index fe5077dd..e035ebe5 100644
--- a/man/autofs_ldap_auth.conf.5.in
+++ b/man/autofs_ldap_auth.conf.5.in
@@ -113,6 +113,6 @@ externally configured credential cache that is used during authentication.
 By default, autofs will setup a memory based credential cache.
 .SH "SEE ALSO"
 .BR auto.master (5),
-.BR autofs.conf (5),
+.BR autofs.conf (5).
 .SH AUTHOR
 This manual page was written by Ian Kent <raven@themaw.net>.
diff --git a/man/automount.8 b/man/automount.8
index 601c18c8..8e0551e9 100644
--- a/man/automount.8
+++ b/man/automount.8
@@ -178,8 +178,8 @@ constructed has been detached from the mount tree.
 .BR autofs (8),
 .BR autofs.conf (5),
 .BR auto.master (5),
-.BR mount (8).
-.BR autofs_ldap_auth.conf (5)
+.BR mount (8),
+.BR autofs_ldap_auth.conf (5).
 .SH BUGS
 Don't know, I've fixed everything I know about.
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 16/35] autofs-5.1.3 - add some more debug logging to get_nfs_info()

[Ian Kent]

Add some additional debug logging to get_nfs_info() for failure cases.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 modules/replicated.c |   36 +++++++++++++++++++++++++++++++-----
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c6423ce8..a21da121 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -14,6 +14,7 @@ xx/xx/2017 autofs-5.1.4
 - set systemd KillMode to process.
 - fix mount.nfs blocks on first mount.
 - fix some man page problems.
+- add some more debug logging to get_nfs_info().
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/replicated.c b/modules/replicated.c
index c5c4f392..c44ed466 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -266,20 +266,29 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
 				host->name, host->addr, host->addr_len,
 				proto, RPC_CLOSE_DEFAULT);
 		if (status == -EHOSTUNREACH) {
+			debug(logopt,
+			      "host not reachable getting portmap client");
 			supported = status;
 			goto done_ver;
-		} else if (status)
+		} else if (status) {
+			debug(logopt, "error 0x%d getting portmap client");
 			goto done_ver;
+		}
 		parms.pm_vers = NFS4_VERSION;
 		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
 		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
+			debug(logopt,
+			      "host not reachable or timedout getting service port");
 			supported = status;
 			goto done_ver;
 		} else if (status < 0) {
 			if (version & NFS_VERS_MASK)
 				goto v3_ver; /* MOUNT_NFS_DEFAULT_PROTOCOL=4 */
-			else
+			else {
+				debug(logopt,
+				      "error 0x%d getting service port");
 				goto done_ver;
+			}
 		}
 	}
 
@@ -288,6 +297,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
 	else
 		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS4_VERSION);
 	if (status == -EHOSTUNREACH) {
+		debug(logopt, "host not reachable getting RPC client");
 		supported = status;
 		goto done_ver;
 	} else if (!status) {
@@ -295,6 +305,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
 		status = rpc_ping_proto(rpc_info);
 		clock_gettime(CLOCK_MONOTONIC, &end);
 		if (status == -ETIMEDOUT) {
+			debug(logopt, "host NFS ping timed out");
 			supported = status;
 			goto done_ver;
 		} else if (status > 0) {
@@ -326,16 +337,23 @@ v3_ver:
 				host->name, host->addr, host->addr_len,
 				proto, RPC_CLOSE_DEFAULT);
 		if (status == -EHOSTUNREACH) {
+			debug(logopt,
+			      "host not reachable getting portmap client");
 			supported = status;
 			goto done_ver;
-		} else if (status)
+		} else if (status) {
+			debug(logopt,
+			      "error 0x%d getting getting portmap client");
 			goto done_ver;
+		}
 	}
 
 	if (!port) {
 		parms.pm_vers = NFS3_VERSION;
 		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
 		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
+			debug(logopt,
+			      "host not reachable or timedout getting service port");
 			supported = status;
 			goto done_ver;
 		} else if (status < 0)
@@ -347,6 +365,7 @@ v3_ver:
 	else
 		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS3_VERSION);
 	if (status == -EHOSTUNREACH) {
+		debug(logopt, "host not reachable getting RPC client");
 		supported = status;
 		goto done_ver;
 	} else if (!status) {
@@ -354,6 +373,7 @@ v3_ver:
 		status = rpc_ping_proto(rpc_info);
 		clock_gettime(CLOCK_MONOTONIC, &end);
 		if (status == -ETIMEDOUT) {
+			debug(logopt, "host NFS ping timed out");
 			supported = status;
 			goto done_ver;
 		} else if (status > 0) {
@@ -382,6 +402,8 @@ v2_ver:
 				host->name, host->addr, host->addr_len,
 				proto, RPC_CLOSE_DEFAULT);
 		if (status == -EHOSTUNREACH) {
+			debug(logopt,
+			      "host not reachable getting portmap client");
 			supported = status;
 			goto done_ver;
 		} else if (status)
@@ -392,6 +414,8 @@ v2_ver:
 		parms.pm_vers = NFS2_VERSION;
 		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
 		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
+			debug(logopt,
+			      "host not reachable or timedout getting service port");
 			supported = status;
 			goto done_ver;
 		} else if (status < 0)
@@ -403,15 +427,17 @@ v2_ver:
 	else
 		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS2_VERSION);
 	if (status == -EHOSTUNREACH) {
+		debug(logopt, "host not reachable getting RPC client");
 		supported = status;
 		goto done_ver;
 	} else if (!status) {
 		clock_gettime(CLOCK_MONOTONIC, &start);
 		status = rpc_ping_proto(rpc_info);
 		clock_gettime(CLOCK_MONOTONIC, &end);
-		if (status == -ETIMEDOUT)
+		if (status == -ETIMEDOUT) {
+			debug(logopt, "host NFS ping timed out");
 			supported = status;
-		else if (status > 0) {
+		} else if (status > 0) {
 			double reply;
 			if (random_selection) {
 				/* Random value between 0 and 1 */

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 17/35] autofs-5.1.3 - add some more debug logging to get_supported_ver_and_cost()

[Ian Kent]

Add some additional debug logging to get_supported_ver_and_cost() for failure cases.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 modules/replicated.c |    9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index a21da121..94e79a0c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,7 @@ xx/xx/2017 autofs-5.1.4
 - fix mount.nfs blocks on first mount.
 - fix some man page problems.
 - add some more debug logging to get_nfs_info().
+- add some more debug logging to get_supported_ver_and_cost().
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/replicated.c b/modules/replicated.c
index c44ed466..634275b8 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -615,16 +615,20 @@ static int get_supported_ver_and_cost(unsigned logopt, struct host *host,
 		int ret = rpc_portmap_getclient(&pm_info,
 				host->name, host->addr, host->addr_len,
 				proto, RPC_CLOSE_DEFAULT);
-		if (ret)
+		if (ret) {
+			debug(logopt, "failed to get portmap client");
 			return 0;
+		}
 
 		memset(&parms, 0, sizeof(struct pmap));
 		parms.pm_prog = NFS_PROGRAM;
 		parms.pm_prot = rpc_info.proto;
 		parms.pm_vers = vers;
 		ret = rpc_portmap_getport(&pm_info, &parms, &rpc_info.port);
-		if (ret < 0)
+		if (ret < 0) {
+			debug(logopt, "failed to get service port");
 			goto done;
+		}
 	}
 
 	if (rpc_info.proto == IPPROTO_UDP)
@@ -633,6 +637,7 @@ static int get_supported_ver_and_cost(unsigned logopt, struct host *host,
 		status = rpc_tcp_getclient(&rpc_info, NFS_PROGRAM, vers);
 	if (status == -EHOSTUNREACH) {
 		status = 0;
+		debug(logopt, "host not reachable getting RPC client");
 		goto done;
 	} else if (!status) {
 		clock_gettime(CLOCK_MONOTONIC, &start);

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 18/35] autofs-5.1.3 - fix ipv6 proto option handling

[Ian Kent]

If the option proto=(tcp6|udp6) is given on the NFS mount command line
autofs does not properly recognise it needs to probe only the given
protocol for matching address type.

Signed-off-by: Ian Kent <raven@themaw.net>
Reported-by: Andreas Steinmetz <ast@domdv.de>
---
 CHANGELOG            |    1 +
 include/replicated.h |    2 ++
 modules/mount_nfs.c  |   15 ++++++++++++++-
 modules/replicated.c |   29 +++++++++++++++++++++++++++++
 4 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 94e79a0c..af8b099c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,7 @@ xx/xx/2017 autofs-5.1.4
 - fix some man page problems.
 - add some more debug logging to get_nfs_info().
 - add some more debug logging to get_supported_ver_and_cost().
+- fix ipv6 proto option handling.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/include/replicated.h b/include/replicated.h
index 5e142f4f..69ab7800 100644
--- a/include/replicated.h
+++ b/include/replicated.h
@@ -37,6 +37,8 @@
 #define UDP_SUPPORTED		0x0002
 #define TCP_REQUESTED		TCP_SUPPORTED
 #define UDP_REQUESTED		UDP_SUPPORTED
+#define TCP6_REQUESTED		0x0100
+#define UDP6_REQUESTED		0x0200
 #define NFS_PROTO_MASK		(TCP_SUPPORTED|UDP_SUPPORTED)
 
 #define NFS2_TCP_SUPPORTED	NFS2_SUPPORTED
diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
index 97f12c4d..63f16b19 100644
--- a/modules/mount_nfs.c
+++ b/modules/mount_nfs.c
@@ -172,9 +172,17 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
 				} else if (_strncmp("proto=udp", cp, o_len) == 0 ||
 					   _strncmp("udp", cp, o_len) == 0) {
 					vers &= ~TCP_SUPPORTED;
+				} else if (_strncmp("proto=udp6", cp, o_len) == 0 ||
+					   _strncmp("udp6", cp, o_len) == 0) {
+					vers &= ~TCP_SUPPORTED;
+					vers |= UDP6_REQUESTED;
 				} else if (_strncmp("proto=tcp", cp, o_len) == 0 ||
 					   _strncmp("tcp", cp, o_len) == 0) {
 					vers &= ~UDP_SUPPORTED;
+				} else if (_strncmp("proto=tcp6", cp, o_len) == 0 ||
+					   _strncmp("tcp6", cp, o_len) == 0) {
+					vers &= ~UDP_SUPPORTED;
+					vers |= TCP6_REQUESTED;
 				}
 				/* Check for options that also make sense
 				   with bind mounts */
@@ -214,11 +222,16 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
 	 * configuration only probe NFSv4 and let mount.nfs(8) do fallback
 	 * to NFSv3 (if it can). If the NFSv4 probe fails then probe as
 	 * normal.
+	 *
+	 * Note: some NFS servers consider it a protocol violation to use
+	 * NFSv4 over UDP so if it has been requested in the mount options
+	 * we can't use this at all.
 	 */
 	if ((hosts && !hosts->next) &&
 	    mount_default_proto == 4 &&
 	    (vers & NFS_VERS_MASK) != 0 &&
-	    (vers & NFS4_VERS_MASK) != 0) {
+	    (vers & NFS4_VERS_MASK) != 0 &&
+	    !(vers & UDP6_REQUESTED)) {
 		unsigned int v4_probe_ok = 0;
 		struct host *tmp = new_host(hosts->name,
 					    hosts->addr, hosts->addr_len,
diff --git a/modules/replicated.c b/modules/replicated.c
index 634275b8..de5a4b06 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -484,6 +484,29 @@ done_ver:
 	return supported;
 }
 
+static int check_address_proto(unsigned logopt,
+			       struct host *host, unsigned int version)
+{
+	int ipv6_requested = version & (TCP6_REQUESTED | UDP6_REQUESTED);
+	int ret = 1;
+
+	/* If a protocol has been explicitly requested then don't
+	 * consider addresses that don't match the requested protocol.
+	 */
+	if (ipv6_requested) {
+		if (host->addr_len == INET_ADDRSTRLEN)
+			ret = 0;
+	} else {
+		if (host->addr_len == INET6_ADDRSTRLEN)
+			ret = 0;
+	}
+
+	if (!ret)
+		debug(logopt, "requested protocol does not match address");
+
+	return ret;
+}
+
 static int get_vers_and_cost(unsigned logopt, struct host *host,
 			     unsigned int version, int port)
 {
@@ -492,6 +515,9 @@ static int get_vers_and_cost(unsigned logopt, struct host *host,
 	unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK);
 	int ret = 0;
 
+	if (!check_address_proto(logopt, host, version))
+		return 0;
+
 	memset(&pm_info, 0, sizeof(struct conn_info));
 	memset(&rpc_info, 0, sizeof(struct conn_info));
 
@@ -561,6 +587,9 @@ static int get_supported_ver_and_cost(unsigned logopt, struct host *host,
 		debug(logopt, "called with host %s version 0x%x",
 			host->name, version);
 
+	if (!check_address_proto(logopt, host, version))
+		return 0;
+
 	memset(&pm_info, 0, sizeof(struct conn_info));
 	memset(&rpc_info, 0, sizeof(struct conn_info));
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 19/35] autofs-5.1.3 - also check flag file exe name

[Ian Kent]

automount(8) uses a flag file if it needs to check for multiple
invocations of itself at startup.

The check to see if a flag file is owned by an existing automount(8)
process can return a false positive because it doesn't also check the
name of the executable of the given pid.

Signed-off-by: Ian Kent <raven@themaw.net>
Reported-by: Doron Cohen <doron@weka.io>
---
 CHANGELOG     |    1 +
 daemon/flag.c |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index af8b099c..1b5c69ee 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -17,6 +17,7 @@ xx/xx/2017 autofs-5.1.4
 - add some more debug logging to get_nfs_info().
 - add some more debug logging to get_supported_ver_and_cost().
 - fix ipv6 proto option handling.
+- also check flag file exe name.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/flag.c b/daemon/flag.c
index db9a4bde..99f26847 100644
--- a/daemon/flag.c
+++ b/daemon/flag.c
@@ -33,12 +33,43 @@
 #define MAX_PIDSIZE	20
 #define FLAG_FILE	AUTOFS_FLAG_DIR "/autofs-running"
 
+#define EXE_SELF	"/proc/self/exe"
+#define EXE_PID		"/proc/%u/exe"
+
 /* Flag for already existing flag file. */
 static int we_created_flagfile = 0;
 
 /* file descriptor of flag file */
 static int fd = -1;
 
+static int check_pid_exe_name(pid_t pid)
+{
+	char self_name[PATH_MAX + 1];
+	char pid_name[PATH_MAX + 1];
+	char exe_pid[MAX_PIDSIZE + 1];
+	int len, ret = 0;
+
+	len = readlink(EXE_SELF, self_name, PATH_MAX);
+	if (len == -1 || len == PATH_MAX)
+		goto out;
+	else
+		self_name[len] = 0;
+
+	len = snprintf(exe_pid, MAX_PIDSIZE, EXE_PID, pid);
+	if (len >= MAX_PIDSIZE)
+		goto out;
+
+	len = readlink(exe_pid, pid_name, PATH_MAX);
+	if (len == -1 || len == PATH_MAX)
+		goto out;
+	else
+		pid_name[len] = 0;
+
+	ret = !strcmp(self_name, pid_name);
+out:
+	return ret;
+}
+
 static int flag_is_owned(int fd)
 {
 	int pid = 0, tries = 3;
@@ -83,6 +114,10 @@ static int flag_is_owned(int fd)
 		 */
 		if (ret == -1 && errno == ESRCH)
 			return 0;
+
+		/* If there is a process check if it is automount */
+		if (!check_pid_exe_name(pid))
+			return 0;
 	} else {
 		/*
 		 * Odd, no pid in file - so what should we do?

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 20/35] autofs-5.1.3 - fix possible map instance memory leak

[Ian Kent]

When using a temporary map unconditionally updating the original map
instance pointer will lead to a memory leak when the instance pointer
is already set (among other problems).

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG       |    1 +
 daemon/lookup.c |    6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1b5c69ee..fab5ed49 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -18,6 +18,7 @@ xx/xx/2017 autofs-5.1.4
 - add some more debug logging to get_supported_ver_and_cost().
 - fix ipv6 proto option handling.
 - also check flag file exe name.
+- fix possible map instance memory leak.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/lookup.c b/daemon/lookup.c
index 583d3d37..569fffaf 100644
--- a/daemon/lookup.c
+++ b/daemon/lookup.c
@@ -536,7 +536,8 @@ static enum nsswitch_status read_map_source(struct nss_source *this,
 	result = read_file_source_instance(ap, &tmap, age);
 	pthread_cleanup_pop(1);
 
-	map->instance = tmap.instance;
+	if (!map->instance)
+		map->instance = tmap.instance;
 
 	return result;
 }
@@ -1089,7 +1090,8 @@ static enum nsswitch_status lookup_map_name(struct nss_source *this,
 
 	result = lookup_name_file_source_instance(ap, &tmap, name, name_len);
 
-	map->instance = tmap.instance;
+	if (!map->instance)
+		map->instance = tmap.instance;
 
 	/* path is freed in free_argv */
 	free_argv(tmap.argc, tmap.argv);

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 21/35] autofs-5.1.3 - check map instances for staleness on map update

[Ian Kent]

When there are multiple map source instances bypassing the cache update
when any one of the map sources returns NSS_STATUS_UNAVAIL is too strong.

When the map is marked not stale also check the instances before skipping
the cache update.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG        |    1 +
 daemon/lookup.c  |    5 +++--
 daemon/state.c   |    2 +-
 include/master.h |    1 +
 lib/master.c     |    2 +-
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index fab5ed49..9815da29 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -19,6 +19,7 @@ xx/xx/2017 autofs-5.1.4
 - fix ipv6 proto option handling.
 - also check flag file exe name.
 - fix possible map instance memory leak.
+- check map instances for staleness on map update.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/lookup.c b/daemon/lookup.c
index 569fffaf..cb67e7d9 100644
--- a/daemon/lookup.c
+++ b/daemon/lookup.c
@@ -633,7 +633,8 @@ int lookup_nss_read_map(struct autofs_point *ap, struct map_source *source, time
 			if (result == NSS_STATUS_UNKNOWN)
 				continue;
 
-			/* Don't try to update the map cache if it's unavailable */
+			/* Try to avoid updating the map cache if an instance
+			 * is unavailable */
 			if (result == NSS_STATUS_UNAVAIL)
 				map->stale = 0;
 
@@ -1453,7 +1454,7 @@ int lookup_prune_cache(struct autofs_point *ap, time_t age)
 	map = entry->maps;
 	while (map) {
 		/* Is the map stale */
-		if (!map->stale) {
+		if (!map->stale && !check_stale_instances(map)) {
 			map = map->next;
 			continue;
 		}
diff --git a/daemon/state.c b/daemon/state.c
index cd0dd939..72bba6af 100644
--- a/daemon/state.c
+++ b/daemon/state.c
@@ -512,7 +512,7 @@ static void *do_readmap(void *arg)
 		map = ap->entry->maps;
 		while (map) {
 			/* Is map source up to date or no longer valid */
-			if (!map->stale) {
+			if (!map->stale && !check_stale_instances(map)) {
 				map = map->next;
 				continue;
 			}
diff --git a/include/master.h b/include/master.h
index 087ddbe6..e1d272fb 100644
--- a/include/master.h
+++ b/include/master.h
@@ -97,6 +97,7 @@ struct map_source *
 master_find_source_instance(struct map_source *, const char *, const char *, int, const char **);
 struct map_source *
 master_add_source_instance(struct map_source *, const char *, const char *, time_t, int, const char **);
+int check_stale_instances(struct map_source *);
 void clear_stale_instances(struct map_source *);
 void send_map_update_request(struct autofs_point *);
 void master_source_writelock(struct master_mapent *);
diff --git a/lib/master.c b/lib/master.c
index 142f97ed..22b1522a 100644
--- a/lib/master.c
+++ b/lib/master.c
@@ -521,7 +521,7 @@ master_add_source_instance(struct map_source *source, const char *type, const ch
 	return new;
 }
 
-static int check_stale_instances(struct map_source *source)
+int check_stale_instances(struct map_source *source)
 {
 	struct map_source *map;
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 22/35] autofs-5.1.3 - allow dot in OPTIONSTR value lexer pattern

[Ian Kent]

The options string in master map entries doesn't allow dot in the
string value side of an option assignment. This prevents using an
option like vers=4.1 to apply to all entries of the map.

Add . to the options value portion of the regular expression used
for this field.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG        |    1 +
 lib/master_tok.l |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9815da29..1b61bb32 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -20,6 +20,7 @@ xx/xx/2017 autofs-5.1.4
 - also check flag file exe name.
 - fix possible map instance memory leak.
 - check map instances for staleness on map update.
+- allow dot in OPTIONSTR value lexer pattern.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/lib/master_tok.l b/lib/master_tok.l
index 63dab50d..41ac4995 100644
--- a/lib/master_tok.l
+++ b/lib/master_tok.l
@@ -91,7 +91,7 @@ OPTWS		[[:blank:]]*
 NL		\r?\n
 CONT		\\\n{OPTWS}
 
-OPTIONSTR	([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=(\"?([[:alnum:]_\-\:])+\"?))?)+)
+OPTIONSTR	([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=(\"?([[:alnum:]_\-\:\.])+\"?))?)+)
 MACROSTR	(-D{OPTWS}([[:alpha:]_]([[:alnum:]_\-\.])*)=([[:alnum:]_\-\.])+)
 SLASHIFYSTR	(--(no-)?slashify-colons)
 NUMBER		[0-9]+

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 23/35] autofs-5.1.3 - fix autofs_use_lofs description

[Ian Kent]

The autofs.conf man page and configuration comments claim the
autofs_use_lofs configuration option applies to amd "type:=auto"
map entries.

That's incorrect, this flag applies to "type:=link" mounts.

Also fix a typo in the dismount_interval man page description
above the autofs_use_lofs description.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                      |    1 +
 man/autofs.conf.5.in           |    4 ++--
 redhat/autofs.conf.default.in  |    2 +-
 samples/autofs.conf.default.in |    2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1b61bb32..25dc7301 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -21,6 +21,7 @@ xx/xx/2017 autofs-5.1.4
 - fix possible map instance memory leak.
 - check map instances for staleness on map update.
 - allow dot in OPTIONSTR value lexer pattern.
+- fix autofs_use_lofs description.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/autofs.conf.5.in b/man/autofs.conf.5.in
index ec2d4bb3..39e84fdb 100644
--- a/man/autofs.conf.5.in
+++ b/man/autofs.conf.5.in
@@ -429,12 +429,12 @@ as a full path.
 Is equivalent to the autofs timeout option. It is only possible
 to use this with type "auto" mounts due to the way the autofs
 kernel module performs expiry. It takes its default value from
-the autofs internal defaulti of 600 seconds.
+the autofs internal default of 600 seconds.
 .TP
 .B autofs_use_lofs
 .br
 If set to "yes" autofs will attempt to use bind mounts for type
-"auto" when possible.
+"link" entries when possible (default is "yes").
 .TP
 .B nis_domain
 .br
diff --git a/redhat/autofs.conf.default.in b/redhat/autofs.conf.default.in
index 86821de1..8de58f25 100644
--- a/redhat/autofs.conf.default.in
+++ b/redhat/autofs.conf.default.in
@@ -329,7 +329,7 @@ mount_nfs_default_protocol = 4
 #	implementation.
 #
 # autofs_use_lofs - if set to "yes" autofs will attempt to use bind
-#	mounts for type "auto" when possible.
+#	mounts for type "link" entries when possible.
 #
 # nis_domain - allows setting of a domain name other than the system
 #	default.
diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
index 411afe14..a04b56f9 100644
--- a/samples/autofs.conf.default.in
+++ b/samples/autofs.conf.default.in
@@ -328,7 +328,7 @@ browse_mode = no
 #	implementation.
 #
 # autofs_use_lofs - if set to "yes" autofs will attempt to use bind
-#	mounts for type "auto" when possible.
+#	mounts for type "link" entries when possible.
 #
 # nis_domain - allows setting of a domain name other than the system
 #	default.

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 24/35] autofs-5.1.3 - fix amd parser error buffer size

[Ian Kent]

There is an inconsistency between the error message buffer length
of the amd parser and the possible string length the bison generated
parser can pass to it.

Just increase the error buffer size to cover it.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 modules/amd_parse.y |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 25dc7301..90d06d59 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -22,6 +22,7 @@ xx/xx/2017 autofs-5.1.4
 - check map instances for staleness on map update.
 - allow dot in OPTIONSTR value lexer pattern.
 - fix autofs_use_lofs description.
+- fix amd parser error buffer size.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/amd_parse.y b/modules/amd_parse.y
index e99820b9..9694515d 100644
--- a/modules/amd_parse.y
+++ b/modules/amd_parse.y
@@ -31,7 +31,7 @@
 #include "log.h"
 
 #define MAX_OPTS_LEN	1024
-#define MAX_ERR_LEN	512
+#define MAX_ERR_LEN	3096
 
 static pthread_mutex_t parse_mutex = PTHREAD_MUTEX_INITIALIZER;
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 25/35] autofs-5.1.3 - make spawn_bind_mount() use mount_wait as well

[Ian Kent]

The spawn_bind_mount() waits forever for mount completion regardless
of the configuration setting of mount_wait.

Make spawn_bind_mount() use the mount_wait setting in the same way
the spawn_mount() finction does.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG      |    1 +
 daemon/spawn.c |    3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 90d06d59..6a18fd15 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -23,6 +23,7 @@ xx/xx/2017 autofs-5.1.4
 - allow dot in OPTIONSTR value lexer pattern.
 - fix autofs_use_lofs description.
 - fix amd parser error buffer size.
+- make spawn_bind_mount() use mount_wait as well.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/spawn.c b/daemon/spawn.c
index b931d678..7c56ba7b 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -501,6 +501,7 @@ int spawn_bind_mount(unsigned logopt, ...)
 	unsigned int options;
 	unsigned int retries = MTAB_LOCK_RETRIES;
 	int update_mtab = 1, ret, printed = 0;
+	unsigned int wait = defaults_get_mount_wait();
 	char buf[PATH_MAX + 1];
 
 	/* If we use mount locking we can't validate the location */
@@ -547,7 +548,7 @@ int spawn_bind_mount(unsigned logopt, ...)
 	va_end(arg);
 
 	while (retries--) {
-		ret = do_spawn(logopt, -1, options, prog, (const char **) argv);
+		ret = do_spawn(logopt, wait, options, prog, (const char **) argv);
 		if (ret == MTAB_NOTUPDATED) {
 			struct timespec tm = {3, 0};
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 26/35] autofs-5.1.3 - document ghost option in auto.master man page

[Ian Kent]

The --ghost pseudo option has been depricated for quite a while now
in favour of the browse option as descibed in auto.master(5).

However it isn't noted in the description of the browse option that
the --ghost option is the same as the browse option.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 man/auto.master.5.in |    3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6a18fd15..7457e620 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -24,6 +24,7 @@ xx/xx/2017 autofs-5.1.4
 - fix autofs_use_lofs description.
 - fix amd parser error buffer size.
 - make spawn_bind_mount() use mount_wait as well.
+- document ghost option in auto.master man page.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index c87fb7f4..4475186a 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -168,7 +168,8 @@ can cause performance problem if the indirect map is large so it should
 be used with caution. The internal program default is to enable browse
 mode for indirect mounts but the default installed configuration overrides
 this by setting BROWSE_MODE to "no" because of the potential performance
-problem.
+problem. This option does the same as the depricated --ghost option, the
+browse option is preferred because it is used by other autofs implementations.
 .TP
 .I "nobind"
 This is an autofs specific option that is a pseudo mount option and

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 27/35] autofs-5.1.3 - only take master map mutex for master map update

[Ian Kent]

When a map read is done it's neccessary to re-initialize the lookup
context which requires a write lock to be taken on the master map
entry source. Currently a map re-read also takes the master map lock
which will block new lookups.

If the lookup module thinks the map has been modified it will queue
a map read which will take these locks.

Now, when a bind mount (or symlink) is triggered by a lookup it's
necessary to trigger automounts that are included in the target path
for the dependent path to be valid.

When the target path triggers automounts in this way and refers to the
same master map entry, and a map re-read is scheduled and started and
manages to take the master map lock before the dependent lookup gets
past the master map lock check, the dependent path lookup will deadlock.

But the master map lock is meant to gaurd against master map entries
going away during lookups so isn't really needed for map reads as long
as the master map lock is held during the update of the mounted
automounts.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG      |    1 +
 daemon/state.c |    3 ---
 lib/master.c   |   45 +++++++++++++++++++++++++++++++++++++--------
 3 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7457e620..1ab2e966 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -25,6 +25,7 @@ xx/xx/2017 autofs-5.1.4
 - fix amd parser error buffer size.
 - make spawn_bind_mount() use mount_wait as well.
 - document ghost option in auto.master man page.
+- only take master map mutex for master map update.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/state.c b/daemon/state.c
index 72bba6af..cf835e05 100644
--- a/daemon/state.c
+++ b/daemon/state.c
@@ -484,12 +484,9 @@ static void *do_readmap(void *arg)
 
 	info(ap->logopt, "re-reading map for %s", ap->path);
 
-	pthread_cleanup_push(master_mutex_lock_cleanup, NULL);
-	master_mutex_lock();
 	status = lookup_nss_read_map(ap, NULL, now);
 	if (!status)
 		pthread_exit(NULL);
-	pthread_cleanup_pop(1);
 
 	if (ap->type == LKP_INDIRECT) {
 		struct ioctl_ops *ops = get_ioctl_ops();
diff --git a/lib/master.c b/lib/master.c
index 22b1522a..a144a39d 100644
--- a/lib/master.c
+++ b/lib/master.c
@@ -1090,6 +1090,39 @@ next:
 	free(paths);
 }
 
+static void wait_for_lookups_and_lock(struct master *master)
+{
+	struct list_head *p, *head;
+	int status;
+
+again:
+	master_mutex_lock();
+
+	head = &master->mounts;
+	p = head->next;
+	while (p != head) {
+		struct master_mapent *this;
+
+		this = list_entry(p, struct master_mapent, list);
+
+		status = pthread_rwlock_trywrlock(&this->source_lock);
+		if (status) {
+			struct timespec t = { 0, 200000000 };
+			struct timespec r;
+
+			master_mutex_unlock();
+
+			while (nanosleep(&t, &r) == -1 && errno == EINTR)
+				memcpy(&t, &r, sizeof(struct timespec));
+
+			goto again;
+		}
+		master_source_unlock(this);
+
+		p = p->next;
+	}
+}
+
 int master_read_master(struct master *master, time_t age, int readall)
 {
 	unsigned int logopt = master->logopt;
@@ -1099,7 +1132,7 @@ int master_read_master(struct master *master, time_t age, int readall)
 	 * We need to clear and re-populate the null map entry cache
 	 * before alowing anyone else to use it.
 	 */
-	master_mutex_lock();
+	wait_for_lookups_and_lock(master);
 	if (master->nc) {
 		cache_writelock(master->nc);
 		nc = master->nc;
@@ -1119,21 +1152,19 @@ int master_read_master(struct master *master, time_t age, int readall)
 	lookup_nss_read_master(master, age);
 	cache_unlock(nc);
 	master_add_amd_mount_section_mounts(master, age);
-	master_mutex_unlock();
 
 	if (!master->read_fail)
 		master_mount_mounts(master, age, readall);
 	else {
 		master->read_fail = 0;
 		/* HUP signal sets readall == 1 only */
-		if (!readall)
+		if (!readall) {
+			master_mutex_unlock();
 			return 0;
-		else
+		} else
 			master_mount_mounts(master, age, readall);
 	}
 
-	master_mutex_lock();
-
 	if (list_empty(&master->mounts))
 		warn(logopt, "no mounts in table");
 
@@ -1423,7 +1454,6 @@ int master_mount_mounts(struct master *master, time_t age, int readall)
 	int cur_state;
 
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
-	master_mutex_lock();
 
 	head = &master->mounts;
 	p = head->next;
@@ -1511,7 +1541,6 @@ cont:
 		}
 	}
 
-	master_mutex_unlock();
 	pthread_setcancelstate(cur_state, NULL);
 
 	return 1;

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 28/35] autofs-5.1.3 - revert fix argc off by one in mount_autofs.c

[Ian Kent]

Commit 6a44f715cf to fix an off by one error in the arguments calculation
when mounting an autofs submount actually introduced an off by one error
instead of fixing one.

Revert the change.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG              |    1 +
 modules/mount_autofs.c |    8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1ab2e966..6ac29220 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -26,6 +26,7 @@ xx/xx/2017 autofs-5.1.4
 - make spawn_bind_mount() use mount_wait as well.
 - document ghost option in auto.master man page.
 - only take master map mutex for master map update.
+- revert fix argc off by one in mount_autofs.c.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/mount_autofs.c b/modules/mount_autofs.c
index 076ab855..cd0631b8 100644
--- a/modules/mount_autofs.c
+++ b/modules/mount_autofs.c
@@ -181,11 +181,11 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name,
 
 	if (options) {
 		char *t = options;
-		while ((t = strchr(t, ',')) != NULL) {
+		do {
 			argc++;
 			if (*t == ',')
 				t++;
-		}
+		} while ((t = strchr(t, ',')) != NULL);
 	}
 	argv = (const char **) alloca((argc + 1) * sizeof(char *));
 
@@ -213,13 +213,13 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name,
 
 	if (options) {
 		p = options;
-		while ((p = strchr(p, ',')) != NULL) {
+		do {
 			if (*p == ',') {
 				*p = '\0';
 				p++;
 			}
 			argv[argc++] = p;
-		}
+		} while ((p = strchr(p, ',')) != NULL);
 	}
 	argv[argc] = NULL;
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 29/35] autofs-5.1.3 - fix nisplus lookup init not configured check

[Ian Kent]

If nisplus is not configured nis_local_directory() can return the domain
name "(none).".

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                |    1 +
 modules/lookup_nisplus.c |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6ac29220..5a2bf171 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,6 +27,7 @@ xx/xx/2017 autofs-5.1.4
 - document ghost option in auto.master man page.
 - only take master map mutex for master map update.
 - revert fix argc off by one in mount_autofs.c.
+- fix nisplus lookup init not configured check.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c
index 6430b890..5e80bfe1 100644
--- a/modules/lookup_nisplus.c
+++ b/modules/lookup_nisplus.c
@@ -48,7 +48,7 @@ static int do_init(const char *mapfmt,
 	 * We don't need to copy or free it.
 	 */
 	ctxt->domainname = nis_local_directory();
-	if (!ctxt->domainname) {
+	if (!ctxt->domainname || !strcmp(ctxt->domainname, "(none).")) {
 		logmsg(MODPREFIX "NIS+ domain not set");
 		ret = 1;
 		goto out;

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 30/35] autofs-5.1.3 - make open_lookup() error handling more consistent

[Ian Kent]

If the open of a lookup module fails then open_lookup() should return
an NSS status that causes the source to be skipped as it is most likely
due to the map source not being configured.

Currently open_lookup() returns NSS_STATUS_UNAVAIL for failures whereas
much of the other lookup code returns NSS_STATUS_UNKNOWN for similar
errors encountered by open_lookup().

But NSS_STATUS_UNAVAIL will result in waiting for the lookup module to
become avaiable when trying to read the master map at startup even
though it isn't likely to become available. So NSS_STATUS_UNKNOWN is
more appropriate becuase that will cause the source to be skipped and
is used for the same purpose elsewhere.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG       |    1 +
 daemon/module.c |   14 +++++++-------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 5a2bf171..25e5a8c7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -28,6 +28,7 @@ xx/xx/2017 autofs-5.1.4
 - only take master map mutex for master map update.
 - revert fix argc off by one in mount_autofs.c.
 - fix nisplus lookup init not configured check.
+- make open_lookup() error handling more consistent.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/daemon/module.c b/daemon/module.c
index 8879b64c..b1a94f56 100644
--- a/daemon/module.c
+++ b/daemon/module.c
@@ -73,7 +73,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 			char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
 			logerr("%s%s", err_prefix, estr);
 		}
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	type = strdup(name);
@@ -83,7 +83,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 			char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
 			logerr("%s%s", err_prefix, estr);
 		}
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	size = snprintf(fnbuf, sizeof(fnbuf),
@@ -95,7 +95,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 			char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
 			logerr("%s%s", err_prefix, estr);
 		}
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	if (!(dh = dlopen(fnbuf, RTLD_NOW))) {
@@ -104,7 +104,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 			       err_prefix, name, dlerror());
 		free(mod);
 		free(type);
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	if (!(ver = (int *) dlsym(dh, "lookup_version"))
@@ -115,7 +115,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 		dlclose(dh);
 		free(mod);
 		free(type);
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	if (!(mod->lookup_init = (lookup_init_t) dlsym(dh, "lookup_init")) ||
@@ -129,14 +129,14 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
 		dlclose(dh);
 		free(mod);
 		free(type);
-		return NSS_STATUS_UNAVAIL;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	if (mod->lookup_init(mapfmt, argc, argv, &mod->context)) {
 		dlclose(dh);
 		free(mod);
 		free(type);
-		return NSS_STATUS_NOTFOUND;
+		return NSS_STATUS_UNKNOWN;
 	}
 
 	mod->type = type;

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 31/35] autofs-5.1.3 - be silent about sss library not found

[Ian Kent]

When sss is set as an nsswitch source but the sss autofs shared library
isn't found then sssd is probably not installed so it's essentially an
unconfigured source.

So be silent about the library not being found.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 modules/lookup_sss.c |    4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 25e5a8c7..704f550a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -29,6 +29,7 @@ xx/xx/2017 autofs-5.1.4
 - revert fix argc off by one in mount_autofs.c.
 - fix nisplus lookup init not configured check.
 - make open_lookup() error handling more consistent.
+- be silent about sss library not found.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c
index 15a5ca48..88ec1693 100644
--- a/modules/lookup_sss.c
+++ b/modules/lookup_sss.c
@@ -74,10 +74,8 @@ static int open_sss_lib(struct lookup_context *ctxt)
 	}
 
 	dh = dlopen(dlbuf, RTLD_LAZY);
-	if (!dh) {
-		logerr(MODPREFIX "failed to open %s: %s", dlbuf, dlerror());
+	if (!dh)
 		return 1;
-	}
 	ctxt->dlhandle = dh;
 
 	ctxt->setautomntent = (setautomntent_t) dlsym(dh, "_sss_setautomntent");

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 32/35] autofs-5.1.3 - be silent about nis domain not set

[Ian Kent]

When initializing the lookup module for NIS or NISPLUS if the domain
is found to be not set then the service is not configured.

So be silent about the failure.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                |    1 +
 modules/lookup_nisplus.c |    1 -
 modules/lookup_yp.c      |    2 --
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 704f550a..56af6b94 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -30,6 +30,7 @@ xx/xx/2017 autofs-5.1.4
 - fix nisplus lookup init not configured check.
 - make open_lookup() error handling more consistent.
 - be silent about sss library not found.
+- be silent about nis domain not set.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c
index 5e80bfe1..398e8931 100644
--- a/modules/lookup_nisplus.c
+++ b/modules/lookup_nisplus.c
@@ -49,7 +49,6 @@ static int do_init(const char *mapfmt,
 	 */
 	ctxt->domainname = nis_local_directory();
 	if (!ctxt->domainname || !strcmp(ctxt->domainname, "(none).")) {
-		logmsg(MODPREFIX "NIS+ domain not set");
 		ret = 1;
 		goto out;
 	}
diff --git a/modules/lookup_yp.c b/modules/lookup_yp.c
index b139b287..9f186ac6 100644
--- a/modules/lookup_yp.c
+++ b/modules/lookup_yp.c
@@ -127,8 +127,6 @@ static int do_init(const char *mapfmt,
 		/* This should, but doesn't, take a const char ** */
 		err = yp_get_default_domain(&domainname);
 		if (err) {
-			logerr(MODPREFIX
-			      "map %s: %s", ctxt->mapname, yperr_string(err));
 			ret = 1;
 			goto out;
 		}

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 33/35] autofs-5.1.3 - make map source reference message debug only

[Ian Kent]

The message "map source used without taking reference" was added during
development of an additional amd format map feature.

It appears far too often but hasn't been seen to be a real problem so
make it a debug only message and postpone deeper investigation until
later.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG    |    1 +
 lib/master.c |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 56af6b94..37816bce 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -31,6 +31,7 @@ xx/xx/2017 autofs-5.1.4
 - make open_lookup() error handling more consistent.
 - be silent about sss library not found.
 - be silent about nis domain not set.
+- make map source reference message debug only.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/lib/master.c b/lib/master.c
index a144a39d..76717d57 100644
--- a/lib/master.c
+++ b/lib/master.c
@@ -234,7 +234,7 @@ master_add_map_source(struct master_mapent *entry,
 
 		this = __master_find_map_source(entry, type, format, argc, tmpargv);
 		if (this) {
-			error(entry->ap->logopt,
+			debug(entry->ap->logopt,
 			      "map source used without taking reference");
 			this->age = age;
 			master_free_map_source(source, 0);

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 34/35] autofs-5.1.3 - improve description of mount_nfs_default_protocol

[Ian Kent]

The description of the mount_nfs_default_protocol protocol is not
clear so try and improve it.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG                      |    1 +
 man/autofs.conf.5.in           |    7 +++++--
 redhat/autofs.conf.default.in  |    9 ++++++---
 samples/autofs.conf.default.in |    9 ++++++---
 4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 37816bce..c0af0ff6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -32,6 +32,7 @@ xx/xx/2017 autofs-5.1.4
 - be silent about sss library not found.
 - be silent about nis domain not set.
 - make map source reference message debug only.
+- improve description of mount_nfs_default_protocol.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/autofs.conf.5.in b/man/autofs.conf.5.in
index 39e84fdb..76ee27a5 100644
--- a/man/autofs.conf.5.in
+++ b/man/autofs.conf.5.in
@@ -64,8 +64,11 @@ Maps are browsable by default (program default "yes").
 .br
 Specify the default protocol used by
 .BR mount.nfs (8)
-(program default 3). Since we can't identify this default automatically
-we need to set it in the autofs configuration.
+(program default 3). Autofs needs to know the default NFS protocol that
+.BR mount.nfs(8)
+will use so it can do special case handling for different NFS protocols.
+Since we can't identify this default automatically we need to set it in
+the autofs configuration.
 .TP
 .B append_options
 .br
diff --git a/redhat/autofs.conf.default.in b/redhat/autofs.conf.default.in
index 8de58f25..56148436 100644
--- a/redhat/autofs.conf.default.in
+++ b/redhat/autofs.conf.default.in
@@ -45,9 +45,12 @@ timeout = 300
 browse_mode = no
 #
 # mount_nfs_default_protocol - specify the default protocol used by
-# 			       mount.nfs(8). Since we can't identify
-# 			       the default automatically we need to
-# 			       set it in our configuration.
+# 			       mount.nfs(8). Autofs needs to know the
+# 			       default NFS protocol that mount.nfs(8)
+# 			       will use so it can do special case handling
+# 			       for different NFS protocols .Since we can't
+# 			       identify the default automatically we need
+# 			       to set it in our configuration.
 #
 #mount_nfs_default_protocol = 3
 mount_nfs_default_protocol = 4
diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
index a04b56f9..4bbecc64 100644
--- a/samples/autofs.conf.default.in
+++ b/samples/autofs.conf.default.in
@@ -45,9 +45,12 @@ timeout = 300
 browse_mode = no
 #
 # mount_nfs_default_protocol - specify the default protocol used by
-# 			       mount.nfs(8). Since we can't identify
-# 			       the default automatically we need to
-# 			       set it in our configuration.
+# 			       mount.nfs(8). Autofs needs to know the
+# 			       default NFS protocol that mount.nfs(8)
+# 			       will use so it can do special case handling
+# 			       for different NFS protocols .Since we can't
+# 			       identify the default automatically we need
+# 			       to set it in our configuration.
 #
 #mount_nfs_default_protocol = 3
 #

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

[PATCH 35/35] autofs-5.1.3 - port option should not behave like nobind option

[Ian Kent]

The "port=" option currently prevents bind mounting when the host
corresponds to localhost or a local interface.

But this interferes with cases where the "port" option needs to be
used and bind mounting of local mounts is also required.

So remove the age old hack of the "port" option preventing this in
favour of explicitly requiring the "nobind" option.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG            |    1 +
 man/auto.master.5.in |    6 +++---
 modules/mount_nfs.c  |   13 +------------
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c0af0ff6..7134c805 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -33,6 +33,7 @@ xx/xx/2017 autofs-5.1.4
 - be silent about nis domain not set.
 - make map source reference message debug only.
 - improve description of mount_nfs_default_protocol.
+- the port option should not behave like nobind option.
 
 24/05/2017 autofs-5.1.3
 =======================
diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index 4475186a..581fc966 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -179,9 +179,9 @@ entries to prevent bind mounting of local NFS filesystems. For direct
 mount maps the option is only effective if specified on the first direct
 map entry and is applied to all direct mount maps in the master map. It
 is ignored if given on subsequent direct map entries. It may be used
-on individual map entries of both types. Bind mounting of NFS file
-systems can also be prevented for specific map entrys by adding the
-"port=" mount option to the entries.
+on individual map entries of both types. Preventing bind mounts of NFS
+file systems can no longer be done by using the "port=" option, the
+nobind option must be used instead.
 .TP
 .I "symlink"
 This option makes bind mounting use a symlink instead of an actual bind
diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
index 63f16b19..5245d960 100644
--- a/modules/mount_nfs.c
+++ b/modules/mount_nfs.c
@@ -68,7 +68,6 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
 	struct host *this, *hosts = NULL;
 	unsigned int mount_default_proto, vers;
 	char *nfsoptions = NULL;
-	const char *port_opt = NULL;
 	unsigned int flags = ap->flags &
 			(MOUNT_FLAG_RANDOM_SELECT | MOUNT_FLAG_USE_WEIGHT_ONLY);
 	int nobind = ap->flags & MOUNT_FLAG_NOBIND;
@@ -168,7 +167,6 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
 					port = atoi(optport);
 					if (port < 0)
 						port = 0;
-					port_opt = cp;
 				} else if (_strncmp("proto=udp", cp, o_len) == 0 ||
 					   _strncmp("udp", cp, o_len) == 0) {
 					vers &= ~TCP_SUPPORTED;
@@ -286,22 +284,13 @@ dont_probe:
 	if (!status)
 		existed = 0;
 
-	/*
-	 * If any *port= option is specified, then we don't want
-	 * a bind mount. Use the "port" option if you want to
-	 * avoid attempting a local bind mount, such as when
-	 * tunneling NFS via localhost.
-	 */
-	if (nfsoptions && *nfsoptions && !port_opt)
-		port_opt = strstr(nfsoptions, "port=");
-
 	this = hosts;
 	while (this) {
 		char *loc;
 
 		/* Port option specified, don't try to bind */
 		if (!(nosymlink || nobind) &&
-		    !port_opt && this->proximity == PROXIMITY_LOCAL) {
+		    this->proximity == PROXIMITY_LOCAL) {
 			/* Local host -- do a "bind" */
 			const char *bind_options = ro ? "ro" : "";
 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 34/35] autofs-5.1.3 - improve description of mount_nfs_default_protocol

[Vincent McIntyre]

On Mon, Oct 16, 2017 at 01:09:35PM +0800, Ian Kent wrote:

nitpicking

>  # mount_nfs_default_protocol - specify the default protocol used by
> -# 			       mount.nfs(8). Since we can't identify
> -# 			       the default automatically we need to
> -# 			       set it in our configuration.
> +# 			       mount.nfs(8). Autofs needs to know the
> +# 			       default NFS protocol that mount.nfs(8)
> +# 			       will use so it can do special case handling
> +# 			       for different NFS protocols .Since we can't
I think you want
 +# 			       for different NFS protocols. Since we can't

> +# 			       identify the default automatically we need
> +# 			       to set it in our configuration.
>  #
>  #mount_nfs_default_protocol = 3
>  mount_nfs_default_protocol = 4
> diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
> index a04b56f9..4bbecc64 100644
> --- a/samples/autofs.conf.default.in
> +++ b/samples/autofs.conf.default.in
> @@ -45,9 +45,12 @@ timeout = 300
>  browse_mode = no
>  #
>  # mount_nfs_default_protocol - specify the default protocol used by
> -# 			       mount.nfs(8). Since we can't identify
> -# 			       the default automatically we need to
> -# 			       set it in our configuration.
> +# 			       mount.nfs(8). Autofs needs to know the
> +# 			       default NFS protocol that mount.nfs(8)
> +# 			       will use so it can do special case handling
> +# 			       for different NFS protocols .Since we can't

ditto
 +# 			       for different NFS protocols. Since we can't

> +# 			       identify the default automatically we need
> +# 			       to set it in our configuration.
>  #
>  #mount_nfs_default_protocol = 3
>  #

Vince
--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 16/35] autofs-5.1.3 - add some more debug logging to get_nfs_info()

[Vincent McIntyre]

On Mon, Oct 16, 2017 at 01:07:37PM +0800, Ian Kent wrote:
> Add some additional debug logging to get_nfs_info() for failure cases.
> 
> Signed-off-by: Ian Kent <raven@themaw.net>
> ---
>  CHANGELOG            |    1 +
>  modules/replicated.c |   36 +++++++++++++++++++++++++++++++-----
>  2 files changed, 32 insertions(+), 5 deletions(-)
> 
> diff --git a/CHANGELOG b/CHANGELOG
> index c6423ce8..a21da121 100644
> --- a/CHANGELOG
> +++ b/CHANGELOG
> @@ -14,6 +14,7 @@ xx/xx/2017 autofs-5.1.4
>  - set systemd KillMode to process.
>  - fix mount.nfs blocks on first mount.
>  - fix some man page problems.
> +- add some more debug logging to get_nfs_info().
>  
>  24/05/2017 autofs-5.1.3
>  =======================
> diff --git a/modules/replicated.c b/modules/replicated.c
> index c5c4f392..c44ed466 100644
> --- a/modules/replicated.c
> +++ b/modules/replicated.c
> @@ -266,20 +266,29 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>  				host->name, host->addr, host->addr_len,
>  				proto, RPC_CLOSE_DEFAULT);
>  		if (status == -EHOSTUNREACH) {
> +			debug(logopt,
> +			      "host not reachable getting portmap client");
>  			supported = status;
>  			goto done_ver;
> -		} else if (status)
> +		} else if (status) {
> +			debug(logopt, "error 0x%d getting portmap client");
>  			goto done_ver;
> +		}
>  		parms.pm_vers = NFS4_VERSION;
>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
> +			debug(logopt,
> +			      "host not reachable or timedout getting service port");

nit:
"timed out" instead of "timedout" ? The latter isn't English, methinks.

>  			supported = status;
>  			goto done_ver;
>  		} else if (status < 0) {
>  			if (version & NFS_VERS_MASK)
>  				goto v3_ver; /* MOUNT_NFS_DEFAULT_PROTOCOL=4 */
> -			else
> +			else {
> +				debug(logopt,
> +				      "error 0x%d getting service port");
>  				goto done_ver;
> +			}
>  		}
>  	}
>  
> @@ -288,6 +297,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>  	else
>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS4_VERSION);
>  	if (status == -EHOSTUNREACH) {
> +		debug(logopt, "host not reachable getting RPC client");
>  		supported = status;
>  		goto done_ver;
>  	} else if (!status) {
> @@ -295,6 +305,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>  		status = rpc_ping_proto(rpc_info);
>  		clock_gettime(CLOCK_MONOTONIC, &end);
>  		if (status == -ETIMEDOUT) {
> +			debug(logopt, "host NFS ping timed out");
>  			supported = status;
>  			goto done_ver;
>  		} else if (status > 0) {
> @@ -326,16 +337,23 @@ v3_ver:
>  				host->name, host->addr, host->addr_len,
>  				proto, RPC_CLOSE_DEFAULT);
>  		if (status == -EHOSTUNREACH) {
> +			debug(logopt,
> +			      "host not reachable getting portmap client");
>  			supported = status;
>  			goto done_ver;
> -		} else if (status)
> +		} else if (status) {
> +			debug(logopt,
> +			      "error 0x%d getting getting portmap client");
>  			goto done_ver;
> +		}
>  	}
>  
>  	if (!port) {
>  		parms.pm_vers = NFS3_VERSION;
>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
> +			debug(logopt,
> +			      "host not reachable or timedout getting service port");

ditto:
"timed out" instead of "timedout" ?

>  			supported = status;
>  			goto done_ver;
>  		} else if (status < 0)
> @@ -347,6 +365,7 @@ v3_ver:
>  	else
>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS3_VERSION);
>  	if (status == -EHOSTUNREACH) {
> +		debug(logopt, "host not reachable getting RPC client");
>  		supported = status;
>  		goto done_ver;
>  	} else if (!status) {
> @@ -354,6 +373,7 @@ v3_ver:
>  		status = rpc_ping_proto(rpc_info);
>  		clock_gettime(CLOCK_MONOTONIC, &end);
>  		if (status == -ETIMEDOUT) {
> +			debug(logopt, "host NFS ping timed out");
>  			supported = status;
>  			goto done_ver;
>  		} else if (status > 0) {
> @@ -382,6 +402,8 @@ v2_ver:
>  				host->name, host->addr, host->addr_len,
>  				proto, RPC_CLOSE_DEFAULT);
>  		if (status == -EHOSTUNREACH) {
> +			debug(logopt,
> +			      "host not reachable getting portmap client");
>  			supported = status;
>  			goto done_ver;
>  		} else if (status)
> @@ -392,6 +414,8 @@ v2_ver:
>  		parms.pm_vers = NFS2_VERSION;
>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
> +			debug(logopt,
> +			      "host not reachable or timedout getting service port");

ditto:
"timed out" instead of "timedout" ?

>  			supported = status;
>  			goto done_ver;
>  		} else if (status < 0)
> @@ -403,15 +427,17 @@ v2_ver:
>  	else
>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS2_VERSION);
>  	if (status == -EHOSTUNREACH) {
> +		debug(logopt, "host not reachable getting RPC client");
>  		supported = status;
>  		goto done_ver;
>  	} else if (!status) {
>  		clock_gettime(CLOCK_MONOTONIC, &start);
>  		status = rpc_ping_proto(rpc_info);
>  		clock_gettime(CLOCK_MONOTONIC, &end);
> -		if (status == -ETIMEDOUT)
> +		if (status == -ETIMEDOUT) {
> +			debug(logopt, "host NFS ping timed out");
>  			supported = status;
> -		else if (status > 0) {
> +		} else if (status > 0) {
>  			double reply;
>  			if (random_selection) {
>  				/* Random value between 0 and 1 */
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 

Vince
--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 34/35] autofs-5.1.3 - improve description of mount_nfs_default_protocol

[Ian Kent]

On 16/10/17 13:37, Vincent McIntyre wrote:
> On Mon, Oct 16, 2017 at 01:09:35PM +0800, Ian Kent wrote:
> 
> nitpicking
> 
>>  # mount_nfs_default_protocol - specify the default protocol used by
>> -# 			       mount.nfs(8). Since we can't identify
>> -# 			       the default automatically we need to
>> -# 			       set it in our configuration.
>> +# 			       mount.nfs(8). Autofs needs to know the
>> +# 			       default NFS protocol that mount.nfs(8)
>> +# 			       will use so it can do special case handling
>> +# 			       for different NFS protocols .Since we can't
> I think you want
>  +# 			       for different NFS protocols. Since we can't

LOL, indeed yes.

It might need a little more work too.

Apparently a casual read still conveys the impression it is meant to
change the default NFS protocol used by mount.nfs(8) which is what
the change is trying to resolve ....


> 
>> +# 			       identify the default automatically we need
>> +# 			       to set it in our configuration.
>>  #
>>  #mount_nfs_default_protocol = 3
>>  mount_nfs_default_protocol = 4
>> diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
>> index a04b56f9..4bbecc64 100644
>> --- a/samples/autofs.conf.default.in
>> +++ b/samples/autofs.conf.default.in
>> @@ -45,9 +45,12 @@ timeout = 300
>>  browse_mode = no
>>  #
>>  # mount_nfs_default_protocol - specify the default protocol used by
>> -# 			       mount.nfs(8). Since we can't identify
>> -# 			       the default automatically we need to
>> -# 			       set it in our configuration.
>> +# 			       mount.nfs(8). Autofs needs to know the
>> +# 			       default NFS protocol that mount.nfs(8)
>> +# 			       will use so it can do special case handling
>> +# 			       for different NFS protocols .Since we can't
> 
> ditto
>  +# 			       for different NFS protocols. Since we can't
> 
>> +# 			       identify the default automatically we need
>> +# 			       to set it in our configuration.
>>  #
>>  #mount_nfs_default_protocol = 3
>>  #
> 
> Vince
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 16/35] autofs-5.1.3 - add some more debug logging to get_nfs_info()

[Ian Kent]

On 16/10/17 13:46, Vincent McIntyre wrote:
> On Mon, Oct 16, 2017 at 01:07:37PM +0800, Ian Kent wrote:
>> Add some additional debug logging to get_nfs_info() for failure cases.
>>
>> Signed-off-by: Ian Kent <raven@themaw.net>
>> ---
>>  CHANGELOG            |    1 +
>>  modules/replicated.c |   36 +++++++++++++++++++++++++++++++-----
>>  2 files changed, 32 insertions(+), 5 deletions(-)
>>
>> diff --git a/CHANGELOG b/CHANGELOG
>> index c6423ce8..a21da121 100644
>> --- a/CHANGELOG
>> +++ b/CHANGELOG
>> @@ -14,6 +14,7 @@ xx/xx/2017 autofs-5.1.4
>>  - set systemd KillMode to process.
>>  - fix mount.nfs blocks on first mount.
>>  - fix some man page problems.
>> +- add some more debug logging to get_nfs_info().
>>  
>>  24/05/2017 autofs-5.1.3
>>  =======================
>> diff --git a/modules/replicated.c b/modules/replicated.c
>> index c5c4f392..c44ed466 100644
>> --- a/modules/replicated.c
>> +++ b/modules/replicated.c
>> @@ -266,20 +266,29 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>>  				host->name, host->addr, host->addr_len,
>>  				proto, RPC_CLOSE_DEFAULT);
>>  		if (status == -EHOSTUNREACH) {
>> +			debug(logopt,
>> +			      "host not reachable getting portmap client");
>>  			supported = status;
>>  			goto done_ver;
>> -		} else if (status)
>> +		} else if (status) {
>> +			debug(logopt, "error 0x%d getting portmap client");
>>  			goto done_ver;
>> +		}
>>  		parms.pm_vers = NFS4_VERSION;
>>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
>> +			debug(logopt,
>> +			      "host not reachable or timedout getting service port");
> 
> nit:
> "timed out" instead of "timedout" ? The latter isn't English, methinks.

Yep, agree with all these, thanks.

> 
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status < 0) {
>>  			if (version & NFS_VERS_MASK)
>>  				goto v3_ver; /* MOUNT_NFS_DEFAULT_PROTOCOL=4 */
>> -			else
>> +			else {
>> +				debug(logopt,
>> +				      "error 0x%d getting service port");
>>  				goto done_ver;
>> +			}
>>  		}
>>  	}
>>  
>> @@ -288,6 +297,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>>  	else
>>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS4_VERSION);
>>  	if (status == -EHOSTUNREACH) {
>> +		debug(logopt, "host not reachable getting RPC client");
>>  		supported = status;
>>  		goto done_ver;
>>  	} else if (!status) {
>> @@ -295,6 +305,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
>>  		status = rpc_ping_proto(rpc_info);
>>  		clock_gettime(CLOCK_MONOTONIC, &end);
>>  		if (status == -ETIMEDOUT) {
>> +			debug(logopt, "host NFS ping timed out");
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status > 0) {
>> @@ -326,16 +337,23 @@ v3_ver:
>>  				host->name, host->addr, host->addr_len,
>>  				proto, RPC_CLOSE_DEFAULT);
>>  		if (status == -EHOSTUNREACH) {
>> +			debug(logopt,
>> +			      "host not reachable getting portmap client");
>>  			supported = status;
>>  			goto done_ver;
>> -		} else if (status)
>> +		} else if (status) {
>> +			debug(logopt,
>> +			      "error 0x%d getting getting portmap client");
>>  			goto done_ver;
>> +		}
>>  	}
>>  
>>  	if (!port) {
>>  		parms.pm_vers = NFS3_VERSION;
>>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
>> +			debug(logopt,
>> +			      "host not reachable or timedout getting service port");
> 
> ditto:
> "timed out" instead of "timedout" ?
> 
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status < 0)
>> @@ -347,6 +365,7 @@ v3_ver:
>>  	else
>>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS3_VERSION);
>>  	if (status == -EHOSTUNREACH) {
>> +		debug(logopt, "host not reachable getting RPC client");
>>  		supported = status;
>>  		goto done_ver;
>>  	} else if (!status) {
>> @@ -354,6 +373,7 @@ v3_ver:
>>  		status = rpc_ping_proto(rpc_info);
>>  		clock_gettime(CLOCK_MONOTONIC, &end);
>>  		if (status == -ETIMEDOUT) {
>> +			debug(logopt, "host NFS ping timed out");
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status > 0) {
>> @@ -382,6 +402,8 @@ v2_ver:
>>  				host->name, host->addr, host->addr_len,
>>  				proto, RPC_CLOSE_DEFAULT);
>>  		if (status == -EHOSTUNREACH) {
>> +			debug(logopt,
>> +			      "host not reachable getting portmap client");
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status)
>> @@ -392,6 +414,8 @@ v2_ver:
>>  		parms.pm_vers = NFS2_VERSION;
>>  		status = rpc_portmap_getport(pm_info, &parms, &rpc_info->port);
>>  		if (status == -EHOSTUNREACH || status == -ETIMEDOUT) {
>> +			debug(logopt,
>> +			      "host not reachable or timedout getting service port");
> 
> ditto:
> "timed out" instead of "timedout" ?
> 
>>  			supported = status;
>>  			goto done_ver;
>>  		} else if (status < 0)
>> @@ -403,15 +427,17 @@ v2_ver:
>>  	else
>>  		status = rpc_tcp_getclient(rpc_info, NFS_PROGRAM, NFS2_VERSION);
>>  	if (status == -EHOSTUNREACH) {
>> +		debug(logopt, "host not reachable getting RPC client");
>>  		supported = status;
>>  		goto done_ver;
>>  	} else if (!status) {
>>  		clock_gettime(CLOCK_MONOTONIC, &start);
>>  		status = rpc_ping_proto(rpc_info);
>>  		clock_gettime(CLOCK_MONOTONIC, &end);
>> -		if (status == -ETIMEDOUT)
>> +		if (status == -ETIMEDOUT) {
>> +			debug(logopt, "host NFS ping timed out");
>>  			supported = status;
>> -		else if (status > 0) {
>> +		} else if (status > 0) {
>>  			double reply;
>>  			if (random_selection) {
>>  				/* Random value between 0 and 1 */
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe autofs" in
>>
> 
> Vince
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 26/35] autofs-5.1.3 - document ghost option in auto.master man page

[Vincent McIntyre]

On Mon, Oct 16, 2017 at 01:08:42PM +0800, Ian Kent wrote:
> The --ghost pseudo option has been depricated for quite a while now
> in favour of the browse option as descibed in auto.master(5).
> 
> However it isn't noted in the description of the browse option that
> the --ghost option is the same as the browse option.
> 
> Signed-off-by: Ian Kent <raven@themaw.net>
> ---
>  CHANGELOG            |    1 +
>  man/auto.master.5.in |    3 ++-
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/CHANGELOG b/CHANGELOG
> index 6a18fd15..7457e620 100644
> --- a/CHANGELOG
> +++ b/CHANGELOG
> @@ -24,6 +24,7 @@ xx/xx/2017 autofs-5.1.4
>  - fix autofs_use_lofs description.
>  - fix amd parser error buffer size.
>  - make spawn_bind_mount() use mount_wait as well.
> +- document ghost option in auto.master man page.
>  
>  24/05/2017 autofs-5.1.3
>  =======================
> diff --git a/man/auto.master.5.in b/man/auto.master.5.in
> index c87fb7f4..4475186a 100644
> --- a/man/auto.master.5.in
> +++ b/man/auto.master.5.in
> @@ -168,7 +168,8 @@ can cause performance problem if the indirect map is large so it should
>  be used with caution. The internal program default is to enable browse
>  mode for indirect mounts but the default installed configuration overrides
>  this by setting BROWSE_MODE to "no" because of the potential performance
> -problem.
> +problem. This option does the same as the depricated --ghost option, the

nit:
s/depricated/deprecated/g

> +browse option is preferred because it is used by other autofs implementations.
>  .TP
>  .I "nobind"
>  This is an autofs specific option that is a pseudo mount option and
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 

Vince
--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 26/35] autofs-5.1.3 - document ghost option in auto.master man page

[Ian Kent]

On 16/10/17 14:00, Vincent McIntyre wrote:
> On Mon, Oct 16, 2017 at 01:08:42PM +0800, Ian Kent wrote:
>> The --ghost pseudo option has been depricated for quite a while now
>> in favour of the browse option as descibed in auto.master(5).
>>
>> However it isn't noted in the description of the browse option that
>> the --ghost option is the same as the browse option.
>>
>> Signed-off-by: Ian Kent <raven@themaw.net>
>> ---
>>  CHANGELOG            |    1 +
>>  man/auto.master.5.in |    3 ++-
>>  2 files changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/CHANGELOG b/CHANGELOG
>> index 6a18fd15..7457e620 100644
>> --- a/CHANGELOG
>> +++ b/CHANGELOG
>> @@ -24,6 +24,7 @@ xx/xx/2017 autofs-5.1.4
>>  - fix autofs_use_lofs description.
>>  - fix amd parser error buffer size.
>>  - make spawn_bind_mount() use mount_wait as well.
>> +- document ghost option in auto.master man page.
>>  
>>  24/05/2017 autofs-5.1.3
>>  =======================
>> diff --git a/man/auto.master.5.in b/man/auto.master.5.in
>> index c87fb7f4..4475186a 100644
>> --- a/man/auto.master.5.in
>> +++ b/man/auto.master.5.in
>> @@ -168,7 +168,8 @@ can cause performance problem if the indirect map is large so it should
>>  be used with caution. The internal program default is to enable browse
>>  mode for indirect mounts but the default installed configuration overrides
>>  this by setting BROWSE_MODE to "no" because of the potential performance
>> -problem.
>> +problem. This option does the same as the depricated --ghost option, the
> 
> nit:
> s/depricated/deprecated/g

And again, yes.

> 
>> +browse option is preferred because it is used by other autofs implementations.
>>  .TP
>>  .I "nobind"
>>  This is an autofs specific option that is a pseudo mount option and
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe autofs" in
>>
> 
> Vince
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH 12/35] autofs-5.1.3 - fix a couple of compiler warnings

[Jeff Mahoney]

[-- Attachment #1.1: Type: text/plain, Size: 1420 bytes --]

On 10/16/17 1:07 AM, Ian Kent wrote:
> Fix a few compiler warnings that have been around far too long.

Hi Ian -
> diff --git a/daemon/spawn.c b/daemon/spawn.c
> index 4515607b..b931d678 100644
> --- a/daemon/spawn.c
> +++ b/daemon/spawn.c
> @@ -195,8 +195,14 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>  			 * program group to trigger mount
>  			 */
>  			if (euid) {
> -				seteuid(euid);
> -				setegid(egid);
> +				if (seteuid(euid) == -1)
> +					fprintf(stderr,
> +						"warning: seteuid: %s\n",
> +						strerror(errno));
> +				if (setegid(egid) == -1)
> +					fprintf(stderr,
> +						"warning: setegid: %s\n",
> +						strerror(errno));
>  			}
>  			setpgrp();


This one fixes the warning but there are a few issues with it, but none
of them are new.

1) We'll see that second warning *every* time since we just dropped root
privs and no longer have permission to change groups.  That's a bug
that's been lurking there for a while but now we're informed of it.

2) We're only changing the primary group and not the supplementary
groups, so the open is being performed with root's other group
membership (if any) and none of the user's other groups.

3) Do we really want to continue if we couldn't setuid?

I'll post a patch to address the first two as a reply to this post.
What's your take on point 3?

-Jeff

-- 
Jeff Mahoney
SUSE Labs


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

[PATCH] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Jeff Mahoney]

In do_spawn, We call seteuid() prior to calling setegid() which means
that, when we're using an unprivileged uid, we won't have permissions
to set the effective group anymore.

We also don't touch the group memberships so the permissions used to
open the directory will will include all of root's supplementary groups
and none of the user's.

This patch reverses the ordering and uses initgroups() to reset the
supplementary groups to the unprivileged user's groups.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 daemon/spawn.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/daemon/spawn.c b/daemon/spawn.c
index c640d97..62e9f02 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -20,6 +20,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <dirent.h>
+#include <grp.h>
 #include <time.h>
 #include <poll.h>
 #include <sys/wait.h>
@@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
 			 * program group to trigger mount
 			 */
 			if (euid) {
-				seteuid(euid);
-				setegid(egid);
+				if (initgroups(rsv->user, egid) == -1)
+					fprintf(stderr,
+						"warning: initgroups: %s\n",
+						strerror(errno));
+				if (setegid(egid) == -1)
+					fprintf(stderr,
+						"warning: setegid: %s\n",
+						strerror(errno));
+				if (seteuid(euid) == -1)
+					fprintf(stderr,
+						"warning: seteuid: %s\n",
+						strerror(errno));
 			}
 			setpgrp();
 


--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Jeff Mahoney]

[-- Attachment #1.1: Type: text/plain, Size: 1787 bytes --]

On 10/18/17 4:57 PM, Jeff Mahoney wrote:
> In do_spawn, We call seteuid() prior to calling setegid() which means
> that, when we're using an unprivileged uid, we won't have permissions
> to set the effective group anymore.
> 
> We also don't touch the group memberships so the permissions used to
> open the directory will will include all of root's supplementary groups
> and none of the user's.
> 
> This patch reverses the ordering and uses initgroups() to reset the
> supplementary groups to the unprivileged user's groups.
> 
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>  daemon/spawn.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/daemon/spawn.c b/daemon/spawn.c
> index c640d97..62e9f02 100644
> --- a/daemon/spawn.c
> +++ b/daemon/spawn.c
> @@ -20,6 +20,7 @@
>  #include <string.h>
>  #include <sys/types.h>
>  #include <dirent.h>
> +#include <grp.h>
>  #include <time.h>
>  #include <poll.h>
>  #include <sys/wait.h>

Whoops:

> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>  			 * program group to trigger mount
>  			 */
>  			if (euid) {
> -				seteuid(euid);
> -				setegid(egid);
> +				if (initgroups(rsv->user, egid) == -1)
					       tsv->user

> +					fprintf(stderr,
> +						"warning: initgroups: %s\n",
> +						strerror(errno));
> +				if (setegid(egid) == -1)
> +					fprintf(stderr,
> +						"warning: setegid: %s\n",
> +						strerror(errno));
> +				if (seteuid(euid) == -1)
> +					fprintf(stderr,
> +						"warning: seteuid: %s\n",
> +						strerror(errno));
>  			}
>  			setpgrp();
>  
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 


-- 
Jeff Mahoney
SUSE Labs


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

[PATCH v2] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Jeff Mahoney]

In do_spawn, We call seteuid() prior to calling setegid() which means
that, when we're using an unprivileged uid, we won't have permissions
to set the effective group anymore.

We also don't touch the group memberships so the permissions used to
open the directory will will include all of root's supplementary groups
and none of the user's.

This patch reverses the ordering and uses initgroups() to reset the
supplementary groups to the unprivileged user's groups.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 daemon/spawn.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/daemon/spawn.c b/daemon/spawn.c
index c640d97..62e9f02 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -20,6 +20,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <dirent.h>
+#include <grp.h>
 #include <time.h>
 #include <poll.h>
 #include <sys/wait.h>
@@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
 			 * program group to trigger mount
 			 */
 			if (euid) {
-				seteuid(euid);
-				setegid(egid);
+				if (initgroups(tsv->user, egid) == -1)
+					fprintf(stderr,
+						"warning: initgroups: %s\n",
+						strerror(errno));
+				if (setegid(egid) == -1)
+					fprintf(stderr,
+						"warning: setegid: %s\n",
+						strerror(errno));
+				if (seteuid(euid) == -1)
+					fprintf(stderr,
+						"warning: seteuid: %s\n",
+						strerror(errno));
 			}
 			setpgrp();
 


--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Ian Kent]

On 19/10/17 04:57, Jeff Mahoney wrote:
> In do_spawn, We call seteuid() prior to calling setegid() which means
> that, when we're using an unprivileged uid, we won't have permissions
> to set the effective group anymore.
> 
> We also don't touch the group memberships so the permissions used to
> open the directory will will include all of root's supplementary groups
> and none of the user's.
> 
> This patch reverses the ordering and uses initgroups() to reset the
> supplementary groups to the unprivileged user's groups.
> 
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>  daemon/spawn.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/daemon/spawn.c b/daemon/spawn.c
> index c640d97..62e9f02 100644
> --- a/daemon/spawn.c
> +++ b/daemon/spawn.c
> @@ -20,6 +20,7 @@
>  #include <string.h>
>  #include <sys/types.h>
>  #include <dirent.h>
> +#include <grp.h>
>  #include <time.h>
>  #include <poll.h>
>  #include <sys/wait.h>
> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>  			 * program group to trigger mount
>  			 */
>  			if (euid) {
> -				seteuid(euid);
> -				setegid(egid);
> +				if (initgroups(rsv->user, egid) == -1)

I've changed this to use tsv as that's what it is in my source.
Also I added a NULL check on tsv->user, it should be set but you never know.

Other than that, thanks Jeff.

> +					fprintf(stderr,
> +						"warning: initgroups: %s\n",
> +						strerror(errno));
> +				if (setegid(egid) == -1)
> +					fprintf(stderr,
> +						"warning: setegid: %s\n",
> +						strerror(errno));
> +				if (seteuid(euid) == -1)
> +					fprintf(stderr,
> +						"warning: seteuid: %s\n",
> +						strerror(errno));
>  			}
>  			setpgrp();
>  
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH v2] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Ian Kent]

On 19/10/17 05:12, Jeff Mahoney wrote:
> In do_spawn, We call seteuid() prior to calling setegid() which means
> that, when we're using an unprivileged uid, we won't have permissions
> to set the effective group anymore.
> 
> We also don't touch the group memberships so the permissions used to
> open the directory will will include all of root's supplementary groups
> and none of the user's.
> 
> This patch reverses the ordering and uses initgroups() to reset the
> supplementary groups to the unprivileged user's groups.
> 
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>  daemon/spawn.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/daemon/spawn.c b/daemon/spawn.c
> index c640d97..62e9f02 100644
> --- a/daemon/spawn.c
> +++ b/daemon/spawn.c
> @@ -20,6 +20,7 @@
>  #include <string.h>
>  #include <sys/types.h>
>  #include <dirent.h>
> +#include <grp.h>
>  #include <time.h>
>  #include <poll.h>
>  #include <sys/wait.h>
> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>  			 * program group to trigger mount
>  			 */
>  			if (euid) {
> -				seteuid(euid);
> -				setegid(egid);
> +				if (initgroups(tsv->user, egid) == -1)

LOL, you spotted that one.

I was wondering if the groups need to be restored after the open() ....
before the mount is executed.

> +					fprintf(stderr,
> +						"warning: initgroups: %s\n",
> +						strerror(errno));
> +				if (setegid(egid) == -1)
> +					fprintf(stderr,
> +						"warning: setegid: %s\n",
> +						strerror(errno));
> +				if (seteuid(euid) == -1)
> +					fprintf(stderr,
> +						"warning: seteuid: %s\n",
> +						strerror(errno));
>  			}
>  			setpgrp();
>  
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH v2] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Jeff Mahoney]

I wondered that too but decided against it since it’s happening with root privs anyway.

-Jeff

--
Jeff Mahoney
(apologies for the top post -- from my mobile)

> On Oct 18, 2017, at 10:07 PM, Ian Kent <raven@themaw.net> wrote:
> 
>> On 19/10/17 05:12, Jeff Mahoney wrote:
>> In do_spawn, We call seteuid() prior to calling setegid() which means
>> that, when we're using an unprivileged uid, we won't have permissions
>> to set the effective group anymore.
>> 
>> We also don't touch the group memberships so the permissions used to
>> open the directory will will include all of root's supplementary groups
>> and none of the user's.
>> 
>> This patch reverses the ordering and uses initgroups() to reset the
>> supplementary groups to the unprivileged user's groups.
>> 
>> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
>> ---
>> daemon/spawn.c | 15 +++++++++++++--
>> 1 file changed, 13 insertions(+), 2 deletions(-)
>> 
>> diff --git a/daemon/spawn.c b/daemon/spawn.c
>> index c640d97..62e9f02 100644
>> --- a/daemon/spawn.c
>> +++ b/daemon/spawn.c
>> @@ -20,6 +20,7 @@
>> #include <string.h>
>> #include <sys/types.h>
>> #include <dirent.h>
>> +#include <grp.h>
>> #include <time.h>
>> #include <poll.h>
>> #include <sys/wait.h>
>> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>>             * program group to trigger mount
>>             */
>>            if (euid) {
>> -                seteuid(euid);
>> -                setegid(egid);
>> +                if (initgroups(tsv->user, egid) == -1)
> 
> LOL, you spotted that one.
> 
> I was wondering if the groups need to be restored after the open() ....
> before the mount is executed.
> 
>> +                    fprintf(stderr,
>> +                        "warning: initgroups: %s\n",
>> +                        strerror(errno));
>> +                if (setegid(egid) == -1)
>> +                    fprintf(stderr,
>> +                        "warning: setegid: %s\n",
>> +                        strerror(errno));
>> +                if (seteuid(euid) == -1)
>> +                    fprintf(stderr,
>> +                        "warning: seteuid: %s\n",
>> +                        strerror(errno));
>>            }
>>            setpgrp();
>> 
>> 
>> 
>> --
>> To unsubscribe from this list: send the line "unsubscribe autofs" in
>> 
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

Re: [PATCH v2] autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn

[Ian Kent]

On 19/10/17 10:20, Jeff Mahoney wrote:
> I wondered that too but decided against it since it’s happening with root privs anyway.

Right, it's probably not a problem, lets go with it how it is and see.

Whether to continue if seteuid() fails is a good question.
The assumption is it always succeeds but I guess it might not.

It probably shouldn't continue because if automounts in a dependent path
can't be mounted (via the open()) then the requested mount can't work
properly.

> 
> -Jeff
> 
> --
> Jeff Mahoney
> (apologies for the top post -- from my mobile)
> 
>> On Oct 18, 2017, at 10:07 PM, Ian Kent <raven@themaw.net> wrote:
>>
>>> On 19/10/17 05:12, Jeff Mahoney wrote:
>>> In do_spawn, We call seteuid() prior to calling setegid() which means
>>> that, when we're using an unprivileged uid, we won't have permissions
>>> to set the effective group anymore.
>>>
>>> We also don't touch the group memberships so the permissions used to
>>> open the directory will will include all of root's supplementary groups
>>> and none of the user's.
>>>
>>> This patch reverses the ordering and uses initgroups() to reset the
>>> supplementary groups to the unprivileged user's groups.
>>>
>>> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
>>> ---
>>> daemon/spawn.c | 15 +++++++++++++--
>>> 1 file changed, 13 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/daemon/spawn.c b/daemon/spawn.c
>>> index c640d97..62e9f02 100644
>>> --- a/daemon/spawn.c
>>> +++ b/daemon/spawn.c
>>> @@ -20,6 +20,7 @@
>>> #include <string.h>
>>> #include <sys/types.h>
>>> #include <dirent.h>
>>> +#include <grp.h>
>>> #include <time.h>
>>> #include <poll.h>
>>> #include <sys/wait.h>
>>> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
>>>             * program group to trigger mount
>>>             */
>>>            if (euid) {
>>> -                seteuid(euid);
>>> -                setegid(egid);
>>> +                if (initgroups(tsv->user, egid) == -1)
>>
>> LOL, you spotted that one.
>>
>> I was wondering if the groups need to be restored after the open() ....
>> before the mount is executed.
>>
>>> +                    fprintf(stderr,
>>> +                        "warning: initgroups: %s\n",
>>> +                        strerror(errno));
>>> +                if (setegid(egid) == -1)
>>> +                    fprintf(stderr,
>>> +                        "warning: setegid: %s\n",
>>> +                        strerror(errno));
>>> +                if (seteuid(euid) == -1)
>>> +                    fprintf(stderr,
>>> +                        "warning: seteuid: %s\n",
>>> +                        strerror(errno));
>>>            }
>>>            setpgrp();
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe autofs" in
>>>
>>
>>
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> 

--
To unsubscribe from this list: send the line "unsubscribe autofs" in