From 516ab00b2f0c16c7a332c881b4032895cf16f29e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 15:49:14 +0000 Subject: import autofs-5.0.7-54.el7 --- diff --git a/SOURCES/autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch b/SOURCES/autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch new file mode 100644 index 0000000..cdccc46 --- /dev/null +++ b/SOURCES/autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch @@ -0,0 +1,216 @@ +autofs-5.1.0 - add a prefix to program map stdvars + +From: Ian Kent + +When a program map uses an interpreted languages like python it's +possible to load and execute arbitray code from a user home directory. +This is because the standard environment variables are used to locate +and load modules when using these languages. + +To avoid that we need to add a prefix to these environment names so +they aren't used for this purpose. The prefix used is "AUTOFS_" and +is not configurable. +--- + CHANGELOG | 1 + include/mounts.h | 4 +- + lib/mounts.c | 84 +++++++++++++++++++++++++++++++++++++++-------- + modules/lookup_program.c | 2 - + modules/parse_sun.c | 8 ++-- + 5 files changed, 78 insertions(+), 21 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -162,6 +162,7 @@ + - make negative cache update consistent for all lookup modules. + - ensure negative cache isn't updated on remount. + - dont add wildcard to negative cache. ++- add a prefix to program map stdvars. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/include/mounts.h ++++ autofs-5.0.7/include/mounts.h +@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin + + struct amd_entry; + +-struct substvar *addstdenv(struct substvar *sv); +-struct substvar *removestdenv(struct substvar *sv); ++struct substvar *addstdenv(struct substvar *sv, const char *prefix); ++struct substvar *removestdenv(struct substvar *sv, const char *prefix); + void add_std_amd_vars(struct substvar *sv); + void remove_std_amd_vars(void); + struct amd_entry *new_amd_entry(const struct substvar *sv); +--- autofs-5.0.7.orig/lib/mounts.c ++++ autofs-5.0.7/lib/mounts.c +@@ -32,6 +32,7 @@ + + #define MAX_OPTIONS_LEN 80 + #define MAX_MNT_NAME_LEN 30 ++#define MAX_ENV_NAME 15 + + #define EBUFSIZ 1024 + +@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m + } + #endif + +-struct substvar *addstdenv(struct substvar *sv) ++static char *set_env_name(const char *prefix, const char *name, char *buf) ++{ ++ size_t len; ++ ++ len = strlen(name); ++ if (prefix) ++ len += strlen(prefix); ++ len++; ++ ++ if (len > MAX_ENV_NAME) ++ return NULL; ++ ++ if (!prefix) ++ strcpy(buf, name); ++ else { ++ strcpy(buf, prefix); ++ strcat(buf, name); ++ } ++ return buf; ++} ++ ++static struct substvar *do_macro_addvar(struct substvar *list, ++ const char *prefix, ++ const char *name, ++ const char *val) ++{ ++ char buf[MAX_ENV_NAME + 1]; ++ char *new; ++ size_t len; ++ ++ new = set_env_name(prefix, name, buf); ++ if (new) { ++ len = strlen(new); ++ list = macro_addvar(list, new, len, val); ++ } ++ return list; ++} ++ ++static struct substvar *do_macro_removevar(struct substvar *list, ++ const char *prefix, ++ const char *name) ++{ ++ char buf[MAX_ENV_NAME + 1]; ++ char *new; ++ size_t len; ++ ++ new = set_env_name(prefix, name, buf); ++ if (new) { ++ len = strlen(new); ++ list = macro_removevar(list, new, len); ++ } ++ return list; ++} ++ ++struct substvar *addstdenv(struct substvar *sv, const char *prefix) + { + struct substvar *list = sv; + struct thread_stdenv_vars *tsv; +@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv + num = (long) tsv->uid; + ret = sprintf(numbuf, "%ld", num); + if (ret > 0) +- list = macro_addvar(list, "UID", 3, numbuf); ++ list = do_macro_addvar(list, prefix, "UID", numbuf); + num = (long) tsv->gid; + ret = sprintf(numbuf, "%ld", num); + if (ret > 0) +- list = macro_addvar(list, "GID", 3, numbuf); +- list = macro_addvar(list, "USER", 4, tsv->user); +- list = macro_addvar(list, "GROUP", 5, tsv->group); +- list = macro_addvar(list, "HOME", 4, tsv->home); ++ list = do_macro_addvar(list, prefix, "GID", numbuf); ++ list = do_macro_addvar(list, prefix, "USER", tsv->user); ++ list = do_macro_addvar(list, prefix, "GROUP", tsv->group); ++ list = do_macro_addvar(list, prefix, "HOME", tsv->home); + mv = macro_findvar(list, "HOST", 4); + if (mv) { + char *shost = strdup(mv->val); +@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv + char *dot = strchr(shost, '.'); + if (dot) + *dot = '\0'; +- list = macro_addvar(list, "SHOST", 5, shost); ++ list = do_macro_addvar(list, ++ prefix, "SHOST", shost); + free(shost); + } + } +@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv + return list; + } + +-struct substvar *removestdenv(struct substvar *sv) ++struct substvar *removestdenv(struct substvar *sv, const char *prefix) + { + struct substvar *list = sv; + +- list = macro_removevar(list, "UID", 3); +- list = macro_removevar(list, "USER", 4); +- list = macro_removevar(list, "HOME", 4); +- list = macro_removevar(list, "GID", 3); +- list = macro_removevar(list, "GROUP", 5); +- list = macro_removevar(list, "SHOST", 5); ++ list = do_macro_removevar(list, prefix, "UID"); ++ list = do_macro_removevar(list, prefix, "USER"); ++ list = do_macro_removevar(list, prefix, "HOME"); ++ list = do_macro_removevar(list, prefix, "GID"); ++ list = do_macro_removevar(list, prefix, "GROUP"); ++ list = do_macro_removevar(list, prefix, "SHOST"); + return list; + } + +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po + if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) { + struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context; + /* Add standard environment as seen by sun map parser */ +- pctxt->subst = addstdenv(pctxt->subst); ++ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_"); + macro_setenv(pctxt->subst); + } + execl(ctxt->mapname, ctxt->mapname, name, NULL); +--- autofs-5.0.7.orig/modules/parse_sun.c ++++ autofs-5.0.7/modules/parse_sun.c +@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap, + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state); + macro_lock(); + +- ctxt->subst = addstdenv(ctxt->subst); ++ ctxt->subst = addstdenv(ctxt->subst, NULL); + + mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify); + if (mapent_len == 0) { + error(ap->logopt, MODPREFIX "failed to expand map entry"); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); + return 1; +@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap, + if (!pmapent) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + logerr(MODPREFIX "alloca: %s", estr); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); + return 1; +@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap, + pmapent[mapent_len] = '\0'; + + expandsunent(mapent, pmapent, name, ctxt->subst, slashify); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); diff --git a/SOURCES/autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch b/SOURCES/autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch new file mode 100644 index 0000000..d1be23d --- /dev/null +++ b/SOURCES/autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch @@ -0,0 +1,186 @@ +autofs-5.1.0 - add config option to force use of program map stdvars + +From: Ian Kent + +Enabling the extended environment (including $HOME, for example) for +program maps opens automount(8) to a privilege escalation. + +Rather than just removing the entended environment a configuration +option is added to disable it by default so that those who wish to +use it can do so if they wish. +--- + CHANGELOG | 1 + + include/defaults.h | 2 ++ + lib/defaults.c | 12 ++++++++++++ + man/autofs.5 | 5 +++++ + man/autofs.conf.5.in | 9 +++++++++ + modules/lookup_program.c | 14 +++++++++++++- + redhat/autofs.conf.default.in | 11 +++++++++++ + samples/autofs.conf.default.in | 11 +++++++++++ + 8 files changed, 64 insertions(+), 1 deletion(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -163,6 +163,7 @@ + - ensure negative cache isn't updated on remount. + - dont add wildcard to negative cache. + - add a prefix to program map stdvars. ++- add config option to force use of program map stdvars. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/include/defaults.h ++++ autofs-5.0.7/include/defaults.h +@@ -30,6 +30,7 @@ + #define DEFAULT_UMOUNT_WAIT "12" + #define DEFAULT_BROWSE_MODE "1" + #define DEFAULT_LOGGING "none" ++#define DEFAULT_FORCE_STD_PROG_MAP_ENV "0" + + #define DEFAULT_LDAP_TIMEOUT "-1" + #define DEFAULT_LDAP_NETWORK_TIMEOUT "8" +@@ -151,6 +152,7 @@ unsigned int defaults_get_timeout(void); + unsigned int defaults_get_negative_timeout(void); + unsigned int defaults_get_browse_mode(void); + unsigned int defaults_get_logging(void); ++unsigned int defaults_force_std_prog_map_env(void); + const char *defaults_get_ldap_server(void); + unsigned int defaults_get_ldap_timeout(void); + unsigned int defaults_get_ldap_network_timeout(void); +--- autofs-5.0.7.orig/lib/defaults.c ++++ autofs-5.0.7/lib/defaults.c +@@ -50,6 +50,7 @@ + #define NAME_NEGATIVE_TIMEOUT "negative_timeout" + #define NAME_BROWSE_MODE "browse_mode" + #define NAME_LOGGING "logging" ++#define NAME_FORCE_STD_PROG_MAP_ENV "force_standard_program_map_env" + + #define NAME_LDAP_URI "ldap_uri" + #define NAME_LDAP_TIMEOUT "ldap_timeout" +@@ -1589,6 +1590,17 @@ unsigned int defaults_get_logging(void) + return logging; + } + ++unsigned int defaults_force_std_prog_map_env(void) ++{ ++ int res; ++ ++ res = conf_get_yesno(autofs_gbl_sec, NAME_FORCE_STD_PROG_MAP_ENV); ++ if (res < 0) ++ res = atoi(DEFAULT_FORCE_STD_PROG_MAP_ENV); ++ ++ return res; ++} ++ + unsigned int defaults_get_ldap_timeout(void) + { + int res; +--- autofs-5.0.7.orig/man/autofs.5 ++++ autofs-5.0.7/man/autofs.5 +@@ -190,6 +190,11 @@ SHOST Short hostname (domain part remove + .fi + .RE + .sp ++If a program map is used these standard environment variables will have ++a prefix of "AUTOFS_" to prevent interpreted languages like python from ++being able to load and execute arbitray code from a user home directory. ++.RE ++.sp + Additional entries can be defined with the -Dvariable=Value map-option to + .BR automount (8). + .SS Executable Maps +--- autofs-5.0.7.orig/man/autofs.conf.5.in ++++ autofs-5.0.7/man/autofs.conf.5.in +@@ -71,6 +71,15 @@ options replace the global options (prog + .B logging + .br + set default log level "none", "verbose" or "debug" (program default "none"). ++.TP ++.B force_standard_program_map_env ++.br ++override the use of a prefix with standard environment variables when a ++program map is executed. Since program maps are run as the privileded ++user setting these standard environment variables opens automount(8) to ++potential user privilege escalation when the program map is written in a ++language that can load components from, for example, a user home directory ++(program default "no"). + .SS LDAP Configuration + .P + Configuration settings available are: +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -129,6 +129,7 @@ static char *lookup_one(struct autofs_po + int distance; + int alloci = 1; + int status; ++ char *prefix; + + mapent = (char *) malloc(MAPENT_MAX_LEN + 1); + if (!mapent) { +@@ -174,6 +175,17 @@ static char *lookup_one(struct autofs_po + warn(ap->logopt, + MODPREFIX "failed to set PWD to %s for map %s", + ap->path, ctxt->mapname); ++ ++ /* ++ * By default use a prefix with standard environment ++ * variables to prevent system subversion by interpreted ++ * languages. ++ */ ++ if (defaults_force_std_prog_map_env()) ++ prefix = NULL; ++ else ++ prefix = "AUTOFS_"; ++ + /* + * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup + * the macro table. +@@ -181,7 +193,7 @@ static char *lookup_one(struct autofs_po + if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) { + struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context; + /* Add standard environment as seen by sun map parser */ +- pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_"); ++ pctxt->subst = addstdenv(pctxt->subst, prefix); + macro_setenv(pctxt->subst); + } + execl(ctxt->mapname, ctxt->mapname, name, NULL); +--- autofs-5.0.7.orig/redhat/autofs.conf.default.in ++++ autofs-5.0.7/redhat/autofs.conf.default.in +@@ -53,6 +53,17 @@ mount_nfs_default_protocol = 4 + # + #logging = none + # ++# force_standard_program_map_env - disable the use of the "AUTOFS_" ++# prefix for standard environemt variables when ++# executing a program map. Since program maps ++# are run as the privileded user this opens ++# automount(8) to potential user privilege ++# escalation when the program map is written ++# in a language that can load components from, ++# for example, a user home directory. ++# ++# force_standard_program_map_env = no ++# + # Define base dn for map dn lookup. + # + # Define server URIs +--- autofs-5.0.7.orig/samples/autofs.conf.default.in ++++ autofs-5.0.7/samples/autofs.conf.default.in +@@ -52,6 +52,17 @@ browse_mode = no + # + #logging = none + # ++# force_standard_program_map_env - disable the use of the "AUTOFS_" ++# prefix for standard environemt variables when ++# executing a program map. Since program maps ++# are run as the privileded user this opens ++# automount(8) to potential user privilege ++# escalation when the program map is written ++# in a language that can load components from, ++# for example, a user home directory. ++# ++# force_standard_program_map_env = no ++# + # Define base dn for map dn lookup. + # + # Define server URIs diff --git a/SOURCES/autofs-5.1.0-dont-add-wildcard-to-negative-cache.patch b/SOURCES/autofs-5.1.0-dont-add-wildcard-to-negative-cache.patch new file mode 100644 index 0000000..5e9392f --- /dev/null +++ b/SOURCES/autofs-5.1.0-dont-add-wildcard-to-negative-cache.patch @@ -0,0 +1,48 @@ +autofs-5.1.0 - dont add wildcard to negative cache + +From: Ian Kent + +If the wilcard is added to the negative cache it prevents any +further matching of the wildcard for the given map. +--- + CHANGELOG | 1 + + daemon/lookup.c | 4 ++++ + lib/cache.c | 4 ++++ + 3 files changed, 9 insertions(+) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -161,6 +161,7 @@ + - fix hosts map update on reload. + - make negative cache update consistent for all lookup modules. + - ensure negative cache isn't updated on remount. ++- dont add wildcard to negative cache. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/daemon/lookup.c ++++ autofs-5.0.7/daemon/lookup.c +@@ -1057,6 +1057,10 @@ static void update_negative_cache(struct + if (source && source->depth) + return; + ++ /* Don't update the wildcard */ ++ if (strlen(name) == 1 && *name == '*') ++ return; ++ + /* Have we recorded the lookup fail for negative caching? */ + me = lookup_source_mapent(ap, name, LKP_DISTINCT); + if (me) +--- autofs-5.0.7.orig/lib/cache.c ++++ autofs-5.0.7/lib/cache.c +@@ -762,6 +762,10 @@ void cache_update_negative(struct mapent + struct mapent *me; + int rv = CHE_OK; + ++ /* Don't update the wildcard */ ++ if (strlen(key) == 1 && *key == '*') ++ return; ++ + me = cache_lookup_distinct(mc, key); + if (me) + rv = cache_push_mapent(me, NULL); diff --git a/SOURCES/autofs-5.1.0-ensure-negative-cache-isnt-updated-on-remount.patch b/SOURCES/autofs-5.1.0-ensure-negative-cache-isnt-updated-on-remount.patch new file mode 100644 index 0000000..baa753a --- /dev/null +++ b/SOURCES/autofs-5.1.0-ensure-negative-cache-isnt-updated-on-remount.patch @@ -0,0 +1,47 @@ +autofs-5.1.0 - ensure negative cache isn't updated on remount + +From: Ian Kent + +The negative cache shouldn't be updated when re-connecting at +startup but a couple of lookup modules didn't check for this +case. +--- + CHANGELOG | 1 + + modules/lookup_hosts.c | 3 +++ + modules/lookup_program.c | 3 +++ + 3 files changed, 7 insertions(+) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -160,6 +160,7 @@ + - fix typo in update_hosts_mounts(). + - fix hosts map update on reload. + - make negative cache update consistent for all lookup modules. ++- ensure negative cache isn't updated on remount. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_hosts.c ++++ autofs-5.0.7/modules/lookup_hosts.c +@@ -151,6 +151,9 @@ static int do_parse_mount(struct autofs_ + if (ret) { + struct mapent_cache *mc = source->mc; + ++ /* Don't update negative cache when re-connecting */ ++ if (ap->flags & MOUNT_FLAG_REMOUNT) ++ return NSS_STATUS_TRYAGAIN; + cache_writelock(mc); + cache_update_negative(mc, source, name, ap->negative_timeout); + cache_unlock(mc); +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -622,6 +622,9 @@ out_free: + free(mapent); + + if (ret) { ++ /* Don't update negative cache when re-connecting */ ++ if (ap->flags & MOUNT_FLAG_REMOUNT) ++ return NSS_STATUS_TRYAGAIN; + cache_writelock(mc); + cache_update_negative(mc, source, name, ap->negative_timeout); + cache_unlock(mc); diff --git a/SOURCES/autofs-5.1.0-fix-incorrect-check-in-parse_mount.patch b/SOURCES/autofs-5.1.0-fix-incorrect-check-in-parse_mount.patch new file mode 100644 index 0000000..d1e52a4 --- /dev/null +++ b/SOURCES/autofs-5.1.0-fix-incorrect-check-in-parse_mount.patch @@ -0,0 +1,171 @@ +autofs-5.1.0 - fix incorrect check in parse_mount() + +From: Ian Kent + +The change to allow the use of the hosts map in map entries introduced +an invalid check into parse_mount(). The case attempts to check the +contents of an options string that is always invalid for the return +value case in which it is checked, not to mention the check itself is +incorrect. +--- + CHANGELOG | 1 + modules/parse_sun.c | 70 ++++++++++++++++++++++++++++++++-------------------- + 2 files changed, 45 insertions(+), 26 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -164,6 +164,7 @@ + - dont add wildcard to negative cache. + - add a prefix to program map stdvars. + - add config option to force use of program map stdvars. ++- fix incorrect check in parse_mount(). + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/parse_sun.c ++++ autofs-5.0.7/modules/parse_sun.c +@@ -756,6 +756,8 @@ update_offset_entry(struct autofs_point + + mc = source->mc; + ++ memset(m_mapent, 0, MAPENT_MAX_LEN + 1); ++ + /* Internal hosts map may have loc == NULL */ + if (!*path) { + error(ap->logopt, +@@ -782,7 +784,7 @@ update_offset_entry(struct autofs_point + if (*myoptions) + m_options_len = strlen(myoptions) + 2; + +- m_mapent_len = strlen(loc); ++ m_mapent_len = loc ? strlen(loc) : 0; + if (m_mapent_len + m_options_len > MAPENT_MAX_LEN) { + error(ap->logopt, MODPREFIX "multi mount mapent too long"); + return CHE_FAIL; +@@ -793,10 +795,13 @@ update_offset_entry(struct autofs_point + strcat(m_mapent, myoptions); + if (loc) { + strcat(m_mapent, " "); +- strcat(m_mapent, loc); ++ if (loc) ++ strcat(m_mapent, loc); + } +- } else +- strcpy(m_mapent, loc); ++ } else { ++ if (loc) ++ strcpy(m_mapent, loc); ++ } + + ret = cache_update_offset(mc, name, m_key, m_mapent, age); + if (ret == CHE_DUPLICATE) +@@ -923,9 +928,15 @@ static int parse_mapent(const char *ent, + l = chunklen(p, check_colon(p)); + loc = dequote(p, l, logopt); + if (!loc) { +- warn(logopt, MODPREFIX "possible missing location"); +- free(myoptions); +- return 0; ++ if (strstr(myoptions, "fstype=autofs") && ++ strstr(myoptions, "hosts")) { ++ warn(logopt, MODPREFIX "possible missing location"); ++ free(myoptions); ++ return 0; ++ } ++ *options = myoptions; ++ *location = NULL; ++ return (p - ent); + } + + /* Location can't begin with a '/' */ +@@ -953,10 +964,15 @@ static int parse_mapent(const char *ent, + l = chunklen(p, check_colon(p)); + ent_chunk = dequote(p, l, logopt); + if (!ent_chunk) { +- warn(logopt, MODPREFIX "null location or out of memory"); +- free(myoptions); +- free(loc); +- return 0; ++ if (strstr(myoptions, "fstype=autofs") && ++ strstr(myoptions, "hosts")) { ++ warn(logopt, MODPREFIX ++ "null location or out of memory"); ++ free(myoptions); ++ free(loc); ++ return 0; ++ } ++ goto next; + } + + /* Location can't begin with a '/' */ +@@ -992,7 +1008,7 @@ static int parse_mapent(const char *ent, + strcat(loc, ent_chunk); + + free(ent_chunk); +- ++next: + p += l; + p = skipspace(p); + } +@@ -1093,7 +1109,9 @@ static int mount_subtree(struct autofs_p + cache_delete_offset_list(me->mc, name); + return 1; + } +- ro_len = strlen(ro_loc); ++ ro_len = 0; ++ if (ro_loc) ++ ro_len = strlen(ro_loc); + + tmp = alloca(mnt_root_len + 2); + strcpy(tmp, mnt_root); +@@ -1104,7 +1122,8 @@ static int mount_subtree(struct autofs_p + rv = sun_mount(ap, root, name, namelen, ro_loc, ro_len, myoptions, ctxt); + + free(myoptions); +- free(ro_loc); ++ if (ro_loc) ++ free(ro_loc); + } + + if (ro && rv == 0) { +@@ -1420,16 +1439,13 @@ int parse_mount(struct autofs_point *ap, + + l = parse_mapent(p, options, &myoptions, &loc, ap->logopt); + if (!l) { +- if (!(strstr(myoptions, "fstype=autofs") && +- strstr(myoptions, "hosts"))) { +- cache_delete_offset_list(mc, name); +- cache_multi_unlock(me); +- cache_unlock(mc); +- free(path); +- free(options); +- pthread_setcancelstate(cur_state, NULL); +- return 1; +- } ++ cache_delete_offset_list(mc, name); ++ cache_multi_unlock(me); ++ cache_unlock(mc); ++ free(path); ++ free(options); ++ pthread_setcancelstate(cur_state, NULL); ++ return 1; + } + + p += l; +@@ -1450,12 +1466,14 @@ int parse_mount(struct autofs_point *ap, + free(path); + free(options); + free(myoptions); +- free(loc); ++ if (loc) ++ free(loc); + pthread_setcancelstate(cur_state, NULL); + return 1; + } + +- free(loc); ++ if (loc) ++ free(loc); + free(path); + free(myoptions); + } while (*p == '/' || (*p == '"' && *(p + 1) == '/')); diff --git a/SOURCES/autofs-5.1.0-fix-macro-usage-in-lookup_program_c.patch b/SOURCES/autofs-5.1.0-fix-macro-usage-in-lookup_program_c.patch new file mode 100644 index 0000000..7416db1 --- /dev/null +++ b/SOURCES/autofs-5.1.0-fix-macro-usage-in-lookup_program_c.patch @@ -0,0 +1,34 @@ +autofs-5.1.0 - fix macro usage in lookup_program.c + +From: Ian Kent + +The macro MAPFMT_DEFAULT is used incorrectly in a comparison in +modules/lookup_program.c:lookup_one(). + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_program.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -166,6 +166,7 @@ + - add config option to force use of program map stdvars. + - fix incorrect check in parse_mount(). + - handle duplicates in multi mounts. ++- fix macro usage in lookup_program.c. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -190,7 +190,7 @@ static char *lookup_one(struct autofs_po + * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup + * the macro table. + */ +- if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) { ++ if (ctxt->mapfmt && !strcmp(ctxt->mapfmt, MAPFMT_DEFAULT)) { + struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context; + /* Add standard environment as seen by sun map parser */ + pctxt->subst = addstdenv(pctxt->subst, prefix); diff --git a/SOURCES/autofs-5.1.0-fix-mount-as-you-go-offset-selection.patch b/SOURCES/autofs-5.1.0-fix-mount-as-you-go-offset-selection.patch new file mode 100644 index 0000000..42989cf --- /dev/null +++ b/SOURCES/autofs-5.1.0-fix-mount-as-you-go-offset-selection.patch @@ -0,0 +1,84 @@ +autofs-5.1.0 - fix mount as you go offset selection + +From: Ian Kent + +The function cache_get_offset() returns offsets to be mounted that +are within the current current subtree for the mount-as-you-go +functionality used for nested multi-mount map entries. + +However, the function was returning offsets from the subree below +nesting points which prevented the mount at the containing nesting +point from being mounted. This is because the kernel will see a +non-empty directory and conclude it isn't a mount point. +--- + CHANGELOG | 1 + + lib/cache.c | 27 ++++++++++++++++++++++++--- + 2 files changed, 25 insertions(+), 3 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -168,6 +168,7 @@ + - handle duplicates in multi mounts. + - fix macro usage in lookup_program.c. + - remove unused offset handling code. ++- fix mount as you go offset selection. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/lib/cache.c ++++ autofs-5.0.7/lib/cache.c +@@ -1183,7 +1183,6 @@ struct mapent *cache_enumerate(struct ma + * Get each offset from list head under prefix. + * Maintain traversal current position in pos for subsequent calls. + * Return each offset into offset. +- * TODO: length check on offset. + */ + /* cache must be read locked by caller */ + char *cache_get_offset(const char *prefix, char *offset, int start, +@@ -1212,6 +1211,9 @@ char *cache_get_offset(const char *prefi + continue; + + if (!strncmp(prefix, offset_start, plen)) { ++ struct mapent *np = NULL; ++ char pe[PATH_MAX + 1]; ++ + /* "/" doesn't count for root offset */ + if (plen == 1) + pstart = &offset_start[plen - 1]; +@@ -1224,7 +1226,24 @@ char *cache_get_offset(const char *prefi + + /* get next offset */ + pend = pstart; +- while (*pend++) ; ++ while (*pend++) { ++ size_t nest_pt_offset; ++ ++ if (*pend != '/') ++ continue; ++ ++ nest_pt_offset = start + pend - pstart; ++ if (plen > 1) ++ nest_pt_offset += plen; ++ strcpy(pe, this->key); ++ pe[nest_pt_offset] = '\0'; ++ ++ np = cache_lookup_distinct(this->mc, pe); ++ if (np) ++ break; ++ } ++ if (np) ++ continue; + len = pend - pstart - 1; + strncpy(offset, pstart, len); + offset[len] ='\0'; +@@ -1257,7 +1276,9 @@ char *cache_get_offset(const char *prefi + break; + + /* compare offset */ +- if (pstart[len] != '/' || strncmp(offset, pstart, len)) ++ if (pstart[len] != '/' || ++ strlen(pstart) != len || ++ strncmp(offset, pstart, len)) + break; + + *pos = next; diff --git a/SOURCES/autofs-5.1.0-handle-duplicates-in-multi-mounts.patch b/SOURCES/autofs-5.1.0-handle-duplicates-in-multi-mounts.patch new file mode 100644 index 0000000..48bbd5f --- /dev/null +++ b/SOURCES/autofs-5.1.0-handle-duplicates-in-multi-mounts.patch @@ -0,0 +1,76 @@ +autofs-5.1.0 - handle duplicates in multi mounts + +From: Ian Kent + +Duplicate entries in multi-mounts are a syntax error however some +other automount implementations allow them and attempt to continue +with the mount anyway. + +This patch turns a detected duplicate error into a success return +in order to continue. + +Since it can't be known if the first or the later entry is the +correct one to use the later replaces the old unless a memory +allocation error occures in which case the old entry is retained +and the change is noted in the log. +--- + CHANGELOG | 1 + + lib/cache.c | 19 ++++++++++++++++++- + modules/parse_sun.c | 5 +++-- + 3 files changed, 22 insertions(+), 3 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -165,6 +165,7 @@ + - add a prefix to program map stdvars. + - add config option to force use of program map stdvars. + - fix incorrect check in parse_mount(). ++- handle duplicates in multi mounts. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/lib/cache.c ++++ autofs-5.0.7/lib/cache.c +@@ -733,8 +733,25 @@ int cache_update_offset(struct mapent_ca + + me = cache_lookup_distinct(mc, key); + if (me && me->age == age) { +- if (me == owner || strcmp(me->key, key) == 0) ++ if (me == owner || strcmp(me->key, key) == 0) { ++ char *pent; ++ ++ warn(logopt, ++ "duplcate offset detected for key %s", me->key); ++ ++ pent = malloc(strlen(mapent) + 1); ++ if (!pent) ++ warn(logopt, ++ "map entry not updated: %s", me->mapent); ++ else { ++ if (me->mapent) ++ free(me->mapent); ++ me->mapent = strcpy(pent, mapent); ++ warn(logopt, ++ "map entry updated with: %s", mapent); ++ } + return CHE_DUPLICATE; ++ } + } + + ret = cache_update(mc, owner->source, key, mapent, age); +--- autofs-5.0.7.orig/modules/parse_sun.c ++++ autofs-5.0.7/modules/parse_sun.c +@@ -804,10 +804,11 @@ update_offset_entry(struct autofs_point + } + + ret = cache_update_offset(mc, name, m_key, m_mapent, age); +- if (ret == CHE_DUPLICATE) ++ if (ret == CHE_DUPLICATE) { + warn(ap->logopt, MODPREFIX + "syntax error or duplicate offset %s -> %s", path, loc); +- else if (ret == CHE_FAIL) ++ ret = CHE_OK; ++ } else if (ret == CHE_FAIL) + debug(ap->logopt, MODPREFIX + "failed to update multi-mount offset %s -> %s", path, m_mapent); + else { diff --git a/SOURCES/autofs-5.1.0-init-qdn-before-use.patch b/SOURCES/autofs-5.1.0-init-qdn-before-use.patch new file mode 100644 index 0000000..ae83a4b --- /dev/null +++ b/SOURCES/autofs-5.1.0-init-qdn-before-use.patch @@ -0,0 +1,31 @@ +autofs-5.1.0 - init qdn before use in get_query_dn() + +From: Ian Kent + +Ensure qdn is initialized before use in case there's garbage in it. +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -169,6 +169,7 @@ + - fix macro usage in lookup_program.c. + - remove unused offset handling code. + - fix mount as you go offset selection. ++- init qdn before use in get_query_dn(). + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -335,7 +335,7 @@ LDAP *init_ldap_connection(unsigned logo + static int get_query_dn(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt, const char *class, const char *key) + { + char buf[MAX_ERR_BUF]; +- char *query, *dn, *qdn; ++ char *query, *dn, *qdn = NULL; + LDAPMessage *result = NULL, *e; + char *attrs[2]; + struct berval **value; diff --git a/SOURCES/autofs-5.1.0-make-negative-cache-update-consistent-for-all-lookup-modules.patch b/SOURCES/autofs-5.1.0-make-negative-cache-update-consistent-for-all-lookup-modules.patch new file mode 100644 index 0000000..928c1ce --- /dev/null +++ b/SOURCES/autofs-5.1.0-make-negative-cache-update-consistent-for-all-lookup-modules.patch @@ -0,0 +1,100 @@ +autofs-5.1.0 - make negative cache update consistent for all lookup modules + +From: Ian Kent + +Use common function for negative cache update everywhere to ensure consistency. +--- + CHANGELOG | 1 + + modules/lookup_hosts.c | 14 +------------- + modules/lookup_nisplus.c | 13 +------------ + modules/lookup_program.c | 14 +------------- + 4 files changed, 4 insertions(+), 38 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -159,6 +159,7 @@ + - fix fix master map type check. + - fix typo in update_hosts_mounts(). + - fix hosts map update on reload. ++- make negative cache update consistent for all lookup modules. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_hosts.c ++++ autofs-5.0.7/modules/lookup_hosts.c +@@ -149,22 +149,10 @@ static int do_parse_mount(struct autofs_ + ret = ctxt->parse->parse_mount(ap, name, name_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); + struct mapent_cache *mc = source->mc; +- struct mapent *me; +- int rv = CHE_OK; + + cache_writelock(mc); +- me = cache_lookup_distinct(mc, name); +- if (me) +- rv = cache_push_mapent(me, NULL); +- else +- rv = cache_update(mc, source, name, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, name); +- if (me) +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, name, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } +--- autofs-5.0.7.orig/modules/lookup_nisplus.c ++++ autofs-5.0.7/modules/lookup_nisplus.c +@@ -777,24 +777,13 @@ int lookup_mount(struct autofs_point *ap + ret = ctxt->parse->parse_mount(ap, key, key_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- + free(mapent); + + /* Don't update negative cache when re-connecting */ + if (ap->flags & MOUNT_FLAG_REMOUNT) + return NSS_STATUS_TRYAGAIN; + cache_writelock(mc); +- me = cache_lookup_distinct(mc, key); +- if (me) +- rv = cache_push_mapent(me, NULL); +- else +- rv = cache_update(mc, source, key, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, key); +- me->status = time(NULL) + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, key, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -622,20 +622,8 @@ out_free: + free(mapent); + + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- + cache_writelock(mc); +- me = cache_lookup_distinct(mc, name); +- if (me) +- rv = cache_push_mapent(me, NULL); +- else +- rv = cache_update(mc, source, name, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, name); +- if (me) +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, name, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } diff --git a/SOURCES/autofs-5.1.0-remove-unused-offset-handling-code.patch b/SOURCES/autofs-5.1.0-remove-unused-offset-handling-code.patch new file mode 100644 index 0000000..0af84f7 --- /dev/null +++ b/SOURCES/autofs-5.1.0-remove-unused-offset-handling-code.patch @@ -0,0 +1,157 @@ +autofs-5.1.0 - remove unused offset handling code + +From: Ian Kent + +Some offset handling functions were moved into the cache module +a while ago and are now unused. +--- + CHANGELOG | 1 + include/mounts.h | 8 ---- + lib/mounts.c | 95 ------------------------------------------------------- + 3 files changed, 1 insertion(+), 103 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -167,6 +167,7 @@ + - fix incorrect check in parse_mount(). + - handle duplicates in multi mounts. + - fix macro usage in lookup_program.c. ++- remove unused offset handling code. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/include/mounts.h ++++ autofs-5.0.7/include/mounts.h +@@ -68,11 +68,6 @@ struct mnt_list { + struct list_head list; + struct list_head entries; + struct list_head sublist; +- /* +- * Offset mount handling ie. add_ordered_list +- * and get_offset. +- */ +- struct list_head ordered; + }; + + +@@ -109,9 +104,6 @@ void free_mnt_list(struct mnt_list *list + int contained_in_local_fs(const char *path); + int is_mounted(const char *table, const char *path, unsigned int type); + int has_fstab_option(const char *opt); +-char *get_offset(const char *prefix, char *offset, +- struct list_head *head, struct list_head **pos); +-void add_ordered_list(struct mnt_list *ent, struct list_head *head); + void tree_free_mnt_tree(struct mnt_list *tree); + struct mnt_list *tree_make_mnt_tree(const char *table, const char *path); + int tree_get_mnt_list(struct mnt_list *mnts, struct list_head *list, const char *path, int include); +--- autofs-5.0.7.orig/lib/mounts.c ++++ autofs-5.0.7/lib/mounts.c +@@ -1090,100 +1090,6 @@ int has_fstab_option(const char *opt) + return ret; + } + +-char *get_offset(const char *prefix, char *offset, +- struct list_head *head, struct list_head **pos) +-{ +- struct list_head *next; +- struct mnt_list *this; +- size_t plen = strlen(prefix); +- size_t len = 0; +- +- *offset = '\0'; +- next = *pos ? (*pos)->next : head->next; +- while (next != head) { +- char *pstart, *pend; +- +- this = list_entry(next, struct mnt_list, ordered); +- *pos = next; +- next = next->next; +- +- if (strlen(this->path) <= plen) +- continue; +- +- if (!strncmp(prefix, this->path, plen)) { +- pstart = &this->path[plen]; +- +- /* not part of this sub-tree */ +- if (*pstart != '/') +- continue; +- +- /* get next offset */ +- pend = pstart; +- while (*pend++) ; +- len = pend - pstart - 1; +- strncpy(offset, pstart, len); +- offset[len] ='\0'; +- break; +- } +- } +- +- while (next != head) { +- char *pstart; +- +- this = list_entry(next, struct mnt_list, ordered); +- +- if (strlen(this->path) <= plen + len) +- break; +- +- pstart = &this->path[plen]; +- +- /* not part of this sub-tree */ +- if (*pstart != '/') +- break; +- +- /* new offset */ +- if (!*(pstart + len + 1)) +- break; +- +- /* compare next offset */ +- if (pstart[len] != '/' || strncmp(offset, pstart, len)) +- break; +- +- *pos = next; +- next = next->next; +- } +- +- return *offset ? offset : NULL; +-} +- +-void add_ordered_list(struct mnt_list *ent, struct list_head *head) +-{ +- struct list_head *p; +- struct mnt_list *this; +- +- list_for_each(p, head) { +- size_t tlen; +- int eq; +- +- this = list_entry(p, struct mnt_list, ordered); +- tlen = strlen(this->path); +- +- eq = strncmp(this->path, ent->path, tlen); +- if (!eq && tlen == strlen(ent->path)) +- return; +- +- if (eq > 0) { +- INIT_LIST_HEAD(&ent->ordered); +- list_add_tail(&ent->ordered, p); +- return; +- } +- } +- INIT_LIST_HEAD(&ent->ordered); +- list_add_tail(&ent->ordered, p); +- +- return; +-} +- + /* + * Since we have to look at the entire mount tree for direct + * mounts (all mounts under "/") and we may have a large number +@@ -1283,7 +1189,6 @@ struct mnt_list *tree_make_mnt_tree(cons + INIT_LIST_HEAD(&ent->list); + INIT_LIST_HEAD(&ent->entries); + INIT_LIST_HEAD(&ent->sublist); +- INIT_LIST_HEAD(&ent->ordered); + + ent->path = malloc(len + 1); + if (!ent->path) { diff --git a/SOURCES/autofs-5.1.1-fix-direct-map-expire-not-set-for-initial-empty-map.patch b/SOURCES/autofs-5.1.1-fix-direct-map-expire-not-set-for-initial-empty-map.patch new file mode 100644 index 0000000..392b238 --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-direct-map-expire-not-set-for-initial-empty-map.patch @@ -0,0 +1,52 @@ +autofs-5.1.1 - fix direct map expire not set for initial empty map + +From: Ian Kent + +If an empty direct map is present at startup the expire alarm can't be +set because the expire run frequency isn't known. But if the map is +re-read and is no longer empty the expire alarm wasn't being set. + +Fix suggested by xuw at redhat dot com, thanks. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/state.c | 10 ++++++++++ + 2 files changed, 11 insertions(+) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -179,6 +179,7 @@ + - make find_server() return a status. + - fix return handling of do_reconnect() in ldap module. + - fix direct mount stale instance flag reset. ++- fix direct map expire not set for initail empty map. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/daemon/state.c ++++ autofs-5.0.7/daemon/state.c +@@ -488,6 +488,7 @@ static void *do_readmap(void *arg) + status = lookup_ghost(ap, ap->path); + } else { + struct mapent *me; ++ unsigned int append_alarm = !ap->exp_runfreq; + + mnts = tree_make_mnt_tree(_PROC_MOUNTS, "/"); + pthread_cleanup_push(tree_mnts_cleanup, mnts); +@@ -517,6 +518,15 @@ static void *do_readmap(void *arg) + map->stale = 0; + map = map->next; + } ++ ++ /* If the direct mount map was empty at startup no expire ++ * alarm will have been added. So add it here if there are ++ * now map entries. ++ */ ++ if (append_alarm && ap->exp_runfreq) ++ alarm_add(ap, ap->exp_runfreq + ++ rand() % ap->exp_runfreq); ++ + pthread_cleanup_pop(1); + pthread_cleanup_pop(1); + pthread_cleanup_pop(1); diff --git a/SOURCES/autofs-5.1.1-fix-direct-mount-stale-instance-flag-reset.patch b/SOURCES/autofs-5.1.1-fix-direct-mount-stale-instance-flag-reset.patch new file mode 100644 index 0000000..3bcfb36 --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-direct-mount-stale-instance-flag-reset.patch @@ -0,0 +1,34 @@ +autofs-5.1.1 - fix direct mount stale instance flag reset + +From: Ian Kent + +When re-reading a direct map the stale map instance flag was not being +reset. This caused the map to be seen as stale on subsequent lookups +thereby triggering a map re-read. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/state.c | 1 + + 2 files changed, 2 insertions(+) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -178,6 +178,7 @@ + - make find_dc_server() return a status. + - make find_server() return a status. + - fix return handling of do_reconnect() in ldap module. ++- fix direct mount stale instance flag reset. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/daemon/state.c ++++ autofs-5.0.7/daemon/state.c +@@ -513,6 +513,7 @@ static void *do_readmap(void *arg) + } + lookup_prune_one_cache(ap, map->mc, now); + pthread_cleanup_pop(1); ++ clear_stale_instances(map); + map->stale = 0; + map = map->next; + } diff --git a/SOURCES/autofs-5.1.1-fix-left-mount-count-return.patch b/SOURCES/autofs-5.1.1-fix-left-mount-count-return.patch new file mode 100644 index 0000000..0d0a01e --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-left-mount-count-return.patch @@ -0,0 +1,37 @@ +autofs-5.1.1 - fix left mount count return from umount_multi_triggers() + +From: Xu Wang + +If a umount of an NFS mount at the root of a multi-mount fails +umount_multi_triggers() will return an zero (success) when it should +return 1 (a fail). In this case do_expire_direct() will close the +me->ioctlfd fd used for expires stopping further expires of the +direct mount. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + lib/mounts.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -170,6 +170,7 @@ + - remove unused offset handling code. + - fix mount as you go offset selection. + - init qdn before use in get_query_dn(). ++- fix left mount count return from umount_multi_triggers(). + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/lib/mounts.c ++++ autofs-5.0.7/lib/mounts.c +@@ -2130,7 +2130,7 @@ int umount_multi_triggers(struct autofs_ + if (mount_multi_triggers(ap, me, root, strlen(root), "/") < 0) + warn(ap->logopt, + "failed to remount offset triggers"); +- return left++; ++ return ++left; + } + } + diff --git a/SOURCES/autofs-5.1.1-fix-out-of-order-call-in-program-map-lookup.patch b/SOURCES/autofs-5.1.1-fix-out-of-order-call-in-program-map-lookup.patch new file mode 100644 index 0000000..b2b9a5b --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-out-of-order-call-in-program-map-lookup.patch @@ -0,0 +1,65 @@ +autofs-5.1.1 - fix out of order call in program map lookup + +From: Ian Kent + +Commit 91e42e58b4 fixed a problem with program map environment variable +naming and commit 743deb0e4e added a configuration option to force use +of the old environment names for those who need it and are sure it is +safe to continue to use them. + +But the call to get the configuration entry was placed after a fork() +so the state of the mutex used when querying the configuration is +undefined and can lead to a deadlock. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_program.c | 20 ++++++++++---------- + 2 files changed, 11 insertions(+), 10 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -181,6 +181,7 @@ + - fix direct mount stale instance flag reset. + - fix direct map expire not set for initail empty map. + - update map_hash_table_size description. ++- fix out of order call in program map lookup. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_program.c ++++ autofs-5.0.7/modules/lookup_program.c +@@ -139,6 +139,16 @@ static char *lookup_one(struct autofs_po + } + + /* ++ * By default use a prefix with standard environment ++ * variables to prevent system subversion by interpreted ++ * languages. ++ */ ++ if (defaults_force_std_prog_map_env()) ++ prefix = NULL; ++ else ++ prefix = "AUTOFS_"; ++ ++ /* + * We don't use popen because we don't want to run /bin/sh plus we + * want to send stderr to the syslog, and we don't use spawnl() + * because we need the pipe hooks +@@ -177,16 +187,6 @@ static char *lookup_one(struct autofs_po + ap->path, ctxt->mapname); + + /* +- * By default use a prefix with standard environment +- * variables to prevent system subversion by interpreted +- * languages. +- */ +- if (defaults_force_std_prog_map_env()) +- prefix = NULL; +- else +- prefix = "AUTOFS_"; +- +- /* + * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup + * the macro table. + */ diff --git a/SOURCES/autofs-5.1.1-fix-return-handling-in-sss-lookup-module.patch b/SOURCES/autofs-5.1.1-fix-return-handling-in-sss-lookup-module.patch new file mode 100644 index 0000000..fefa268 --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-return-handling-in-sss-lookup-module.patch @@ -0,0 +1,94 @@ +autofs-5.1.1 - fix return handling in sss lookup module + +From: Ian Kent + +In the sss lookup module some of the calls don't distinguish between +no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_sss.c | 24 +++++++++++++++++------- + 2 files changed, 18 insertions(+), 7 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -171,6 +171,7 @@ + - fix mount as you go offset selection. + - init qdn before use in get_query_dn(). + - fix left mount count return from umount_multi_triggers(). ++- fix return handling in sss lookup module. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_sss.c ++++ autofs-5.0.7/modules/lookup_sss.c +@@ -148,9 +148,8 @@ static int setautomntent(unsigned int lo + error(logopt, MODPREFIX "setautomntent: %s", estr); + if (*sss_ctxt) + free(*sss_ctxt); +- return 0; + } +- return 1; ++ return ret; + } + + static int endautomntent(unsigned int logopt, +@@ -161,9 +160,8 @@ static int endautomntent(unsigned int lo + char buf[MAX_ERR_BUF]; + char *estr = strerror_r(ret, buf, MAX_ERR_BUF); + error(logopt, MODPREFIX "endautomntent: %s", estr); +- return 0; + } +- return 1; ++ return ret; + } + + int lookup_read_master(struct master *master, time_t age, void *context) +@@ -180,8 +178,12 @@ int lookup_read_master(struct master *ma + char *value = NULL; + int count, ret; + +- if (!setautomntent(logopt, ctxt, ctxt->mapname, &sss_ctxt)) ++ ret = setautomntent(logopt, ctxt, ctxt->mapname, &sss_ctxt); ++ if (ret) { ++ if (ret == ENOENT) ++ return NSS_STATUS_NOTFOUND; + return NSS_STATUS_UNAVAIL; ++ } + + count = 0; + while (1) { +@@ -280,8 +282,12 @@ int lookup_read_map(struct autofs_point + return NSS_STATUS_SUCCESS; + } + +- if (!setautomntent(ap->logopt, ctxt, ctxt->mapname, &sss_ctxt)) ++ ret = setautomntent(ap->logopt, ctxt, ctxt->mapname, &sss_ctxt); ++ if (ret) { ++ if (ret == ENOENT) ++ return NSS_STATUS_NOTFOUND; + return NSS_STATUS_UNAVAIL; ++ } + + count = 0; + while (1) { +@@ -386,8 +392,12 @@ static int lookup_one(struct autofs_poin + + mc = source->mc; + +- if (!setautomntent(ap->logopt, ctxt, ctxt->mapname, &sss_ctxt)) ++ ret = setautomntent(ap->logopt, ctxt, ctxt->mapname, &sss_ctxt); ++ if (ret) { ++ if (ret == ENOENT) ++ return NSS_STATUS_NOTFOUND; + return NSS_STATUS_UNAVAIL; ++ } + + ret = ctxt->getautomntbyname_r(qKey, &value, sss_ctxt); + if (ret && ret != ENOENT) { diff --git a/SOURCES/autofs-5.1.1-fix-return-handling-of-do_reconnect-in-ldap-module.patch b/SOURCES/autofs-5.1.1-fix-return-handling-of-do_reconnect-in-ldap-module.patch new file mode 100644 index 0000000..6dd78d6 --- /dev/null +++ b/SOURCES/autofs-5.1.1-fix-return-handling-of-do_reconnect-in-ldap-module.patch @@ -0,0 +1,204 @@ +autofs-5.1.1 - fix return handling of do_reconnect() in ldap module + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Finally make do_reconnect() return a status instead of an LDAP handle +and pass back the LDAP handle via a function parameter. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + modules/lookup_ldap.c | 78 ++++++++++++++++++++++++++++---------------------- + 2 files changed, 46 insertions(+), 33 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -177,6 +177,7 @@ + - make connect_to_server() return a status. + - make find_dc_server() return a status. + - make find_server() return a status. ++- fix return handling of do_reconnect() in ldap module. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -961,31 +961,33 @@ static int find_server(unsigned logopt, + return ret; + } + +-static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt) ++static int do_reconnect(unsigned logopt, ++ LDAP **ldap, struct lookup_context *ctxt) + { +- LDAP *ldap = NULL; +- int ret; ++ int ret = NSS_STATUS_UNAVAIL; ++ int dcrv = NSS_STATUS_SUCCESS; ++ int rv = NSS_STATUS_SUCCESS; + + if (ctxt->server || !ctxt->uris) { +- ret = do_connect(logopt, &ldap, ctxt->server, ctxt); ++ ret = do_connect(logopt, ldap, ctxt->server, ctxt); + #ifdef WITH_SASL + /* Dispose of the sasl authentication connection and try again. */ +- if (ret != NSS_STATUS_SUCCESS && +- ctxt->auth_required & LDAP_NEED_AUTH) { ++ if (ctxt->auth_required & LDAP_NEED_AUTH && ++ ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) { + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); +- ret = connect_to_server(logopt, &ldap, ++ ret = connect_to_server(logopt, ldap, + ctxt->server, ctxt); + } + #endif +- return ldap; ++ return ret; + } + + if (ctxt->dclist) { +- ret = find_dc_server(logopt, &ldap, ctxt->dclist->uri, ctxt); +- if (ret == NSS_STATUS_SUCCESS) +- return ldap; ++ dcrv = find_dc_server(logopt, ldap, ctxt->dclist->uri, ctxt); ++ if (dcrv == NSS_STATUS_SUCCESS) ++ return dcrv; + } + + uris_mutex_lock(ctxt); +@@ -1004,22 +1006,22 @@ static LDAP *do_reconnect(unsigned logop + if (!ctxt->uri) + goto find_server; + +- ret = do_connect(logopt, &ldap, ctxt->uri->uri, ctxt); ++ rv = do_connect(logopt, ldap, ctxt->uri->uri, ctxt); + #ifdef WITH_SASL + /* + * Dispose of the sasl authentication connection and try the + * current server again before trying other servers in the list. + */ +- if (ret != NSS_STATUS_SUCCESS && +- ctxt->auth_required & LDAP_NEED_AUTH) { ++ if (ctxt->auth_required & LDAP_NEED_AUTH && ++ rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) { + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); +- ret = connect_to_server(logopt, &ldap, ctxt->uri->uri, ctxt); ++ rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt); + } + #endif +- if (ldap) +- return ldap; ++ if (rv == NSS_STATUS_SUCCESS) ++ return rv; + + /* Failed to connect, try to find a new server */ + +@@ -1031,11 +1033,16 @@ find_server: + #endif + + /* Current server failed, try the rest or dc connection */ +- ret = find_server(logopt, &ldap, ctxt); +- if (ret != NSS_STATUS_SUCCESS) ++ ret = find_server(logopt, ldap, ctxt); ++ if (ret != NSS_STATUS_SUCCESS) { ++ if (ret == NSS_STATUS_NOTFOUND || ++ dcrv == NSS_STATUS_NOTFOUND || ++ rv == NSS_STATUS_NOTFOUND) ++ ret = NSS_STATUS_NOTFOUND; + error(logopt, MODPREFIX "failed to find available server"); ++ } + +- return ldap; ++ return ret; + } + + int get_property(unsigned logopt, xmlNodePtr node, const char *prop, char **value) +@@ -1841,12 +1848,12 @@ int lookup_read_master(struct master *ma + char **values = NULL; + char *attrs[3]; + int scope = LDAP_SCOPE_SUBTREE; +- LDAP *ldap; ++ LDAP *ldap = NULL; + + /* Initialize the LDAP context. */ +- ldap = do_reconnect(logopt, ctxt); +- if (!ldap) +- return NSS_STATUS_UNAVAIL; ++ rv = do_reconnect(logopt, &ldap, ctxt); ++ if (rv) ++ return rv; + + class = ctxt->schema->entry_class; + entry = ctxt->schema->entry_attr; +@@ -2754,9 +2761,10 @@ static int read_one_map(struct autofs_po + sp.age = age; + + /* Initialize the LDAP context. */ +- sp.ldap = do_reconnect(ap->logopt, ctxt); +- if (!sp.ldap) +- return NSS_STATUS_UNAVAIL; ++ sp.ldap = NULL; ++ rv = do_reconnect(ap->logopt, &sp.ldap, ctxt); ++ if (rv) ++ return rv; + + class = ctxt->schema->entry_class; + entry = ctxt->schema->entry_attr; +@@ -2908,7 +2916,7 @@ static int lookup_one(struct autofs_poin + struct berval **bvValues; + char *attrs[3]; + int scope = LDAP_SCOPE_SUBTREE; +- LDAP *ldap; ++ LDAP *ldap = NULL; + struct mapent *we; + unsigned int wild = 0; + int ret = CHE_MISSING; +@@ -2921,9 +2929,11 @@ static int lookup_one(struct autofs_poin + } + + /* Initialize the LDAP context. */ +- ldap = do_reconnect(ap->logopt, ctxt); +- if (!ldap) ++ rv = do_reconnect(ap->logopt, &ldap, ctxt); ++ if (rv == NSS_STATUS_UNAVAIL) + return CHE_UNAVAIL; ++ if (rv == NSS_STATUS_NOTFOUND) ++ return ret; + + class = ctxt->schema->entry_class; + entry = ctxt->schema->entry_attr; +@@ -3252,7 +3262,7 @@ static int lookup_one_amd(struct autofs_ + struct lookup_context *ctxt) + { + struct mapent_cache *mc = source->mc; +- LDAP *ldap; ++ LDAP *ldap = NULL; + LDAPMessage *result = NULL, *e; + char *query; + int scope = LDAP_SCOPE_SUBTREE; +@@ -3271,9 +3281,11 @@ static int lookup_one_amd(struct autofs_ + } + + /* Initialize the LDAP context. */ +- ldap = do_reconnect(ap->logopt, ctxt); +- if (!ldap) ++ rv = do_reconnect(ap->logopt, &ldap, ctxt); ++ if (rv == NSS_STATUS_UNAVAIL) + return CHE_UNAVAIL; ++ if (rv == NSS_STATUS_NOTFOUND) ++ return ret; + + map = ctxt->schema->map_attr; + class = ctxt->schema->entry_class; diff --git a/SOURCES/autofs-5.1.1-make-connect_to_server-return-a-status.patch b/SOURCES/autofs-5.1.1-make-connect_to_server-return-a-status.patch new file mode 100644 index 0000000..786b5db --- /dev/null +++ b/SOURCES/autofs-5.1.1-make-connect_to_server-return-a-status.patch @@ -0,0 +1,111 @@ +autofs-5.1.1 - make connect_to_server() return a status + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Next step in the update of do_reconnect() is to make connect_to_server() +return a status instead of an LDAP handle and pass back the LDAP handle +via a function parameter. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 25 ++++++++++++++----------- + 2 files changed, 15 insertions(+), 11 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -174,6 +174,7 @@ + - fix return handling in sss lookup module. + - move query dn calculation from do_bind() to do_connect(). + - make do_connect() return a status. ++- make connect_to_server() return a status. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -824,20 +824,19 @@ next: + return timestamp; + } + +-static LDAP *connect_to_server(unsigned logopt, const char *uri, struct lookup_context *ctxt) ++static int connect_to_server(unsigned logopt, LDAP **ldap, ++ const char *uri, struct lookup_context *ctxt) + { +- LDAP *ldap; + int ret; + +- ret = do_connect(logopt, &ldap, uri, ctxt); ++ ret = do_connect(logopt, ldap, uri, ctxt); + if (ret != NSS_STATUS_SUCCESS) { + warn(logopt, + MODPREFIX "couldn't connect to server %s", + uri ? uri : "default"); +- return NULL; + } + +- return ldap; ++ return ret; + } + + static LDAP *find_dc_server(unsigned logopt, const char *uri, struct lookup_context *ctxt) +@@ -852,9 +851,11 @@ static LDAP *find_dc_server(unsigned log + tok = strtok_r(str, " ", &ptr); + while (tok) { + const char *this = (const char *) tok; ++ int ret; ++ + debug(logopt, "trying server uri %s", this); +- ldap = connect_to_server(logopt, this, ctxt); +- if (ldap) { ++ ret = connect_to_server(logopt, &ldap, this, ctxt); ++ if (ret == NSS_STATUS_SUCCESS) { + info(logopt, "connected to uri %s", this); + free(str); + return ldap; +@@ -874,6 +875,7 @@ static LDAP *find_server(unsigned logopt + struct list_head *p, *first; + struct dclist *dclist; + char *uri = NULL; ++ int ret; + + uris_mutex_lock(ctxt); + dclist = ctxt->dclist; +@@ -896,8 +898,8 @@ static LDAP *find_server(unsigned logopt + if (!strstr(this->uri, ":///")) { + uri = strdup(this->uri); + debug(logopt, "trying server uri %s", uri); +- ldap = connect_to_server(logopt, uri, ctxt); +- if (ldap) { ++ ret = connect_to_server(logopt, &ldap, uri, ctxt); ++ if (ret == NSS_STATUS_SUCCESS) { + info(logopt, "connected to uri %s", uri); + free(uri); + break; +@@ -962,7 +964,8 @@ static LDAP *do_reconnect(unsigned logop + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); +- ldap = connect_to_server(logopt, ctxt->server, ctxt); ++ ret = connect_to_server(logopt, &ldap, ++ ctxt->server, ctxt); + } + #endif + return ldap; +@@ -1001,7 +1004,7 @@ static LDAP *do_reconnect(unsigned logop + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); +- ldap = connect_to_server(logopt, ctxt->uri->uri, ctxt); ++ ret = connect_to_server(logopt, &ldap, ctxt->uri->uri, ctxt); + } + #endif + if (ldap) diff --git a/SOURCES/autofs-5.1.1-make-do_connect-return-a-status.patch b/SOURCES/autofs-5.1.1-make-do_connect-return-a-status.patch new file mode 100644 index 0000000..4eb2792 --- /dev/null +++ b/SOURCES/autofs-5.1.1-make-do_connect-return-a-status.patch @@ -0,0 +1,180 @@ +autofs-5.1.1 - make do_connect() return a status + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +The next step in the update of do_reconnect() is to make do_connect() +return a status instead of an LDAP handle and pass back the LDAP handle +via a function parameter. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + modules/lookup_ldap.c | 60 ++++++++++++++++++++++++++++++-------------------- + 2 files changed, 38 insertions(+), 23 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -173,6 +173,7 @@ + - fix left mount count return from umount_multi_triggers(). + - fix return handling in sss lookup module. + - move query dn calculation from do_bind() to do_connect(). ++- make do_connect() return a status. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -631,10 +631,14 @@ static int do_bind(unsigned logopt, LDAP + return 1; + } + +-static LDAP *do_connect(unsigned logopt, const char *uri, struct lookup_context *ctxt) ++static int do_connect(unsigned logopt, LDAP **ldap, ++ const char *uri, struct lookup_context *ctxt) + { + char *cur_host = NULL; +- LDAP *ldap; ++ LDAP *handle; ++ int ret = NSS_STATUS_SUCCESS; ++ ++ *ldap = NULL; + + #ifdef WITH_SASL + if (ctxt->extern_cert && ctxt->extern_key) { +@@ -643,18 +647,20 @@ static LDAP *do_connect(unsigned logopt, + } + #endif + +- ldap = init_ldap_connection(logopt, uri, ctxt); +- if (!ldap) ++ handle = init_ldap_connection(logopt, uri, ctxt); ++ if (!handle) { ++ ret = NSS_STATUS_UNAVAIL; + goto out; ++ } + + uris_mutex_lock(ctxt); + if (ctxt->cur_host) + cur_host = ctxt->cur_host; + uris_mutex_unlock(ctxt); + +- if (!do_bind(logopt, ldap, uri, ctxt)) { +- unbind_ldap_connection(logopt, ldap, ctxt); +- ldap = NULL; ++ if (!do_bind(logopt, handle, uri, ctxt)) { ++ unbind_ldap_connection(logopt, handle, ctxt); ++ ret = NSS_STATUS_UNAVAIL; + goto out; + } + +@@ -664,7 +670,8 @@ static LDAP *do_connect(unsigned logopt, + uris_mutex_lock(ctxt); + if (ctxt->schema && ctxt->qdn && (cur_host == ctxt->cur_host)) { + uris_mutex_unlock(ctxt); +- return ldap; ++ *ldap = handle; ++ goto out; + } + uris_mutex_unlock(ctxt); + +@@ -674,9 +681,9 @@ static LDAP *do_connect(unsigned logopt, + * base dn for searches. + */ + if (!ctxt->schema) { +- if (!find_query_dn(logopt, ldap, ctxt)) { +- unbind_ldap_connection(logopt, ldap, ctxt); +- ldap = NULL; ++ if (!find_query_dn(logopt, handle, ctxt)) { ++ unbind_ldap_connection(logopt, handle, ctxt); ++ ret = NSS_STATUS_NOTFOUND; + warn(logopt, + MODPREFIX "failed to find valid query dn"); + goto out; +@@ -684,14 +691,17 @@ static LDAP *do_connect(unsigned logopt, + } else if (!(ctxt->format & MAP_FLAG_FORMAT_AMD)) { + const char *class = ctxt->schema->map_class; + const char *key = ctxt->schema->map_attr; +- if (!get_query_dn(logopt, ldap, ctxt, class, key)) { +- unbind_ldap_connection(logopt, ldap, ctxt); +- ldap = NULL; ++ if (!get_query_dn(logopt, handle, ctxt, class, key)) { ++ unbind_ldap_connection(logopt, handle, ctxt); ++ ret = NSS_STATUS_NOTFOUND; + error(logopt, MODPREFIX "failed to get query dn"); ++ goto out; + } + } ++ ++ *ldap = handle; + out: +- return ldap; ++ return ret; + } + + static unsigned long get_amd_timestamp(struct lookup_context *ctxt) +@@ -706,8 +716,8 @@ static unsigned long get_amd_timestamp(s + unsigned long timestamp = 0; + int rv, l, ql; + +- ldap = do_connect(LOGOPT_ANY, ctxt->server, ctxt); +- if (!ldap) ++ rv = do_connect(LOGOPT_ANY, &ldap, ctxt->server, ctxt); ++ if (rv != NSS_STATUS_SUCCESS) + return 0; + + map = amd_timestamp.map_attr; +@@ -817,9 +827,10 @@ next: + static LDAP *connect_to_server(unsigned logopt, const char *uri, struct lookup_context *ctxt) + { + LDAP *ldap; ++ int ret; + +- ldap = do_connect(logopt, uri, ctxt); +- if (!ldap) { ++ ret = do_connect(logopt, &ldap, uri, ctxt); ++ if (ret != NSS_STATUS_SUCCESS) { + warn(logopt, + MODPREFIX "couldn't connect to server %s", + uri ? uri : "default"); +@@ -940,12 +951,14 @@ static LDAP *find_server(unsigned logopt + static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt) + { + LDAP *ldap = NULL; ++ int ret; + + if (ctxt->server || !ctxt->uris) { +- ldap = do_connect(logopt, ctxt->server, ctxt); ++ ret = do_connect(logopt, &ldap, ctxt->server, ctxt); + #ifdef WITH_SASL + /* Dispose of the sasl authentication connection and try again. */ +- if (!ldap && ctxt->auth_required & LDAP_NEED_AUTH) { ++ if (ret != NSS_STATUS_SUCCESS && ++ ctxt->auth_required & LDAP_NEED_AUTH) { + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); +@@ -977,13 +990,14 @@ static LDAP *do_reconnect(unsigned logop + if (!ctxt->uri) + goto find_server; + +- ldap = do_connect(logopt, ctxt->uri->uri, ctxt); ++ ret = do_connect(logopt, &ldap, ctxt->uri->uri, ctxt); + #ifdef WITH_SASL + /* + * Dispose of the sasl authentication connection and try the + * current server again before trying other servers in the list. + */ +- if (!ldap && ctxt->auth_required & LDAP_NEED_AUTH) { ++ if (ret != NSS_STATUS_SUCCESS && ++ ctxt->auth_required & LDAP_NEED_AUTH) { + ldapinit_mutex_lock(); + autofs_sasl_dispose(ctxt); + ldapinit_mutex_unlock(); diff --git a/SOURCES/autofs-5.1.1-make-find_dc_server-return-a-status.patch b/SOURCES/autofs-5.1.1-make-find_dc_server-return-a-status.patch new file mode 100644 index 0000000..0dac8e4 --- /dev/null +++ b/SOURCES/autofs-5.1.1-make-find_dc_server-return-a-status.patch @@ -0,0 +1,101 @@ +autofs-5.1.1 - make find_dc_server() return a status + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Next step in the update of do_reconnect() is to make find_dc_server() +return a status instead of an LDAP handle and pass back the LDAP handle +via a function parameter. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 27 +++++++++++++++------------ + 2 files changed, 16 insertions(+), 12 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -175,6 +175,7 @@ + - move query dn calculation from do_bind() to do_connect(). + - make do_connect() return a status. + - make connect_to_server() return a status. ++- make find_dc_server() return a status. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -839,33 +839,36 @@ static int connect_to_server(unsigned lo + return ret; + } + +-static LDAP *find_dc_server(unsigned logopt, const char *uri, struct lookup_context *ctxt) ++static int find_dc_server(unsigned logopt, LDAP **ldap, ++ const char *uri, struct lookup_context *ctxt) + { + char *str, *tok, *ptr = NULL; +- LDAP *ldap = NULL; ++ int ret = NSS_STATUS_UNAVAIL; + + str = strdup(uri); + if (!str) +- return NULL; ++ return ret; + + tok = strtok_r(str, " ", &ptr); + while (tok) { + const char *this = (const char *) tok; +- int ret; ++ int rv; + + debug(logopt, "trying server uri %s", this); +- ret = connect_to_server(logopt, &ldap, this, ctxt); +- if (ret == NSS_STATUS_SUCCESS) { ++ rv = connect_to_server(logopt, ldap, this, ctxt); ++ if (rv == NSS_STATUS_SUCCESS) { + info(logopt, "connected to uri %s", this); + free(str); +- return ldap; ++ return rv; + } ++ if (rv == NSS_STATUS_NOTFOUND) ++ ret = NSS_STATUS_NOTFOUND; + tok = strtok_r(NULL, " ", &ptr); + } + + free(str); + +- return NULL; ++ return ret; + } + + static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt) +@@ -917,8 +920,8 @@ static LDAP *find_server(unsigned logopt + dclist = tmp; + uri = strdup(dclist->uri); + } +- ldap = find_dc_server(logopt, uri, ctxt); +- if (ldap) { ++ ret = find_dc_server(logopt, &ldap, uri, ctxt); ++ if (ret == NSS_STATUS_SUCCESS) { + free(uri); + break; + } +@@ -972,8 +975,8 @@ static LDAP *do_reconnect(unsigned logop + } + + if (ctxt->dclist) { +- ldap = find_dc_server(logopt, ctxt->dclist->uri, ctxt); +- if (ldap) ++ ret = find_dc_server(logopt, &ldap, ctxt->dclist->uri, ctxt); ++ if (ret == NSS_STATUS_SUCCESS) + return ldap; + } + diff --git a/SOURCES/autofs-5.1.1-make-find_server-return-a-status.patch b/SOURCES/autofs-5.1.1-make-find_server-return-a-status.patch new file mode 100644 index 0000000..34afed1 --- /dev/null +++ b/SOURCES/autofs-5.1.1-make-find_server-return-a-status.patch @@ -0,0 +1,117 @@ +autofs-5.1.1 - make find_server() return a status + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Next step in the update of do_reconnect() is to make find_server() +return a status instead of an LDAP handle and pass back the LDAP handle +via a function parameter. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 30 +++++++++++++++++++----------- + 2 files changed, 20 insertions(+), 11 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -176,6 +176,7 @@ + - make do_connect() return a status. + - make connect_to_server() return a status. + - make find_dc_server() return a status. ++- make find_server() return a status. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -871,14 +871,14 @@ static int find_dc_server(unsigned logop + return ret; + } + +-static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt) ++static int find_server(unsigned logopt, ++ LDAP **ldap, struct lookup_context *ctxt) + { +- LDAP *ldap = NULL; +- struct ldap_uri *this; ++ struct ldap_uri *this = NULL; + struct list_head *p, *first; + struct dclist *dclist; + char *uri = NULL; +- int ret; ++ int ret = NSS_STATUS_UNAVAIL; + + uris_mutex_lock(ctxt); + dclist = ctxt->dclist; +@@ -892,6 +892,8 @@ static LDAP *find_server(unsigned logopt + /* Try each uri, save point in server list upon success */ + p = first->next; + while(p != first) { ++ int rv; ++ + /* Skip list head */ + if (p == ctxt->uris) { + p = p->next; +@@ -901,12 +903,15 @@ static LDAP *find_server(unsigned logopt + if (!strstr(this->uri, ":///")) { + uri = strdup(this->uri); + debug(logopt, "trying server uri %s", uri); +- ret = connect_to_server(logopt, &ldap, uri, ctxt); +- if (ret == NSS_STATUS_SUCCESS) { ++ rv = connect_to_server(logopt, ldap, uri, ctxt); ++ if (rv == NSS_STATUS_SUCCESS) { ++ ret = NSS_STATUS_SUCCESS; + info(logopt, "connected to uri %s", uri); + free(uri); + break; + } ++ if (rv == NSS_STATUS_NOTFOUND) ++ ret = NSS_STATUS_NOTFOUND; + } else { + if (dclist) + uri = strdup(dclist->uri); +@@ -920,11 +925,14 @@ static LDAP *find_server(unsigned logopt + dclist = tmp; + uri = strdup(dclist->uri); + } +- ret = find_dc_server(logopt, &ldap, uri, ctxt); +- if (ret == NSS_STATUS_SUCCESS) { ++ rv = find_dc_server(logopt, ldap, uri, ctxt); ++ if (rv == NSS_STATUS_SUCCESS) { ++ ret = NSS_STATUS_SUCCESS; + free(uri); + break; + } ++ if (rv == NSS_STATUS_NOTFOUND) ++ ret = NSS_STATUS_NOTFOUND; + } + free(uri); + uri = NULL; +@@ -950,7 +958,7 @@ static LDAP *find_server(unsigned logopt + } + uris_mutex_unlock(ctxt); + +- return ldap; ++ return ret; + } + + static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt) +@@ -1023,8 +1031,8 @@ find_server: + #endif + + /* Current server failed, try the rest or dc connection */ +- ldap = find_server(logopt, ctxt); +- if (!ldap) ++ ret = find_server(logopt, &ldap, ctxt); ++ if (ret != NSS_STATUS_SUCCESS) + error(logopt, MODPREFIX "failed to find available server"); + + return ldap; diff --git a/SOURCES/autofs-5.1.1-move-query-dn-calculation-from-do_bind-to-do_connect.patch b/SOURCES/autofs-5.1.1-move-query-dn-calculation-from-do_bind-to-do_connect.patch new file mode 100644 index 0000000..51c5d0c --- /dev/null +++ b/SOURCES/autofs-5.1.1-move-query-dn-calculation-from-do_bind-to-do_connect.patch @@ -0,0 +1,156 @@ +autofs-5.1.1 - move query dn calculation from do_bind() to do_connect() + +From: Ian Kent + +In the ldap lookup module the do_reconnect() call doesn't distinguish +between no entry found and service unavailable. + +If service unavailable gets returned from a master map read it results +in autofs not updating the mounts. A notfound return doesn't because it +indicates the map doesn't exist so updating the mounts isn't a problem +as it can be when the source is unavailable. + +Start the update of do_reconnect() by moving the query dn calculation +from do_bind() to do_connect(). + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + modules/lookup_ldap.c | 81 ++++++++++++++++++++++++++++++-------------------- + 2 files changed, 51 insertions(+), 31 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -172,6 +172,7 @@ + - init qdn before use in get_query_dn(). + - fix left mount count return from umount_multi_triggers(). + - fix return handling in sss lookup module. ++- move query dn calculation from do_bind() to do_connect(). + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/modules/lookup_ldap.c ++++ autofs-5.0.7/modules/lookup_ldap.c +@@ -574,7 +574,7 @@ static int find_query_dn(unsigned logopt + static int do_bind(unsigned logopt, LDAP *ldap, const char *uri, struct lookup_context *ctxt) + { + char *host = NULL, *nhost; +- int rv, need_base = 1; ++ int rv; + + #ifdef WITH_SASL + debug(logopt, MODPREFIX "auth_required: %d, sasl_mech %s", +@@ -610,6 +610,7 @@ static int do_bind(unsigned logopt, LDAP + } + ldap_memfree(host); + ++ uris_mutex_lock(ctxt); + if (!ctxt->cur_host) { + ctxt->cur_host = nhost; + if (!(ctxt->format & MAP_FLAG_FORMAT_AMD)) { +@@ -618,43 +619,21 @@ static int do_bind(unsigned logopt, LDAP + } + } else { + /* If connection host has changed update */ +- if (strcmp(ctxt->cur_host, nhost)) { ++ if (!strcmp(ctxt->cur_host, nhost)) ++ free(nhost); ++ else { + free(ctxt->cur_host); + ctxt->cur_host = nhost; +- } else { +- free(nhost); +- need_base = 0; +- } +- } +- +- if (ctxt->schema && ctxt->qdn && !need_base) +- return 1; +- +- /* +- * If the schema isn't defined in the configuration then check for +- * presence of a map dn with a the common schema. Then calculate the +- * base dn for searches. +- */ +- if (!ctxt->schema) { +- if (!find_query_dn(logopt, ldap, ctxt)) { +- warn(logopt, +- MODPREFIX "failed to find valid query dn"); +- return 0; +- } +- } else if (!(ctxt->format & MAP_FLAG_FORMAT_AMD)) { +- const char *class = ctxt->schema->map_class; +- const char *key = ctxt->schema->map_attr; +- if (!get_query_dn(logopt, ldap, ctxt, class, key)) { +- error(logopt, MODPREFIX "failed to get query dn"); +- return 0; + } + } ++ uris_mutex_unlock(ctxt); + + return 1; + } + + static LDAP *do_connect(unsigned logopt, const char *uri, struct lookup_context *ctxt) + { ++ char *cur_host = NULL; + LDAP *ldap; + + #ifdef WITH_SASL +@@ -665,13 +644,53 @@ static LDAP *do_connect(unsigned logopt, + #endif + + ldap = init_ldap_connection(logopt, uri, ctxt); +- if (ldap) { +- if (!do_bind(logopt, ldap, uri, ctxt)) { ++ if (!ldap) ++ goto out; ++ ++ uris_mutex_lock(ctxt); ++ if (ctxt->cur_host) ++ cur_host = ctxt->cur_host; ++ uris_mutex_unlock(ctxt); ++ ++ if (!do_bind(logopt, ldap, uri, ctxt)) { ++ unbind_ldap_connection(logopt, ldap, ctxt); ++ ldap = NULL; ++ goto out; ++ } ++ ++ /* If the lookup schema and the query dn are set and the ++ * ldap host hasn't changed return. ++ */ ++ uris_mutex_lock(ctxt); ++ if (ctxt->schema && ctxt->qdn && (cur_host == ctxt->cur_host)) { ++ uris_mutex_unlock(ctxt); ++ return ldap; ++ } ++ uris_mutex_unlock(ctxt); ++ ++ /* ++ * If the schema isn't defined in the configuration then check for ++ * presence of a map dn with a the common schema. Then calculate the ++ * base dn for searches. ++ */ ++ if (!ctxt->schema) { ++ if (!find_query_dn(logopt, ldap, ctxt)) { + unbind_ldap_connection(logopt, ldap, ctxt); + ldap = NULL; ++ warn(logopt, ++ MODPREFIX "failed to find valid query dn"); ++ goto out; ++ } ++ } else if (!(ctxt->format & MAP_FLAG_FORMAT_AMD)) { ++ const char *class = ctxt->schema->map_class; ++ const char *key = ctxt->schema->map_attr; ++ if (!get_query_dn(logopt, ldap, ctxt, class, key)) { ++ unbind_ldap_connection(logopt, ldap, ctxt); ++ ldap = NULL; ++ error(logopt, MODPREFIX "failed to get query dn"); + } + } +- ++out: + return ldap; + } + diff --git a/SOURCES/autofs-5.1.1-update-map_hash_table_size-description.patch b/SOURCES/autofs-5.1.1-update-map_hash_table_size-description.patch new file mode 100644 index 0000000..bdc206b --- /dev/null +++ b/SOURCES/autofs-5.1.1-update-map_hash_table_size-description.patch @@ -0,0 +1,100 @@ +autofs-5.1.1 - update map_hash_table_size description + +From: Ian Kent + +The configuration parameter map_hash_table_size has been ommitted +from the autofs.conf(5) man page and it's description in the +configuration file comments is poor. + +Add a description of the parameter to autofs.conf(5) and update +the configuration file comments to direct people to the map page +for more information. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + man/autofs.conf.5.in | 31 +++++++++++++++++++++++++++++++ + redhat/autofs.conf.default.in | 6 ++++-- + samples/autofs.conf.default.in | 6 ++++-- + 4 files changed, 40 insertions(+), 4 deletions(-) + +--- autofs-5.0.7.orig/CHANGELOG ++++ autofs-5.0.7/CHANGELOG +@@ -180,6 +180,7 @@ + - fix return handling of do_reconnect() in ldap module. + - fix direct mount stale instance flag reset. + - fix direct map expire not set for initail empty map. ++- update map_hash_table_size description. + + 25/07/2012 autofs-5.0.7 + ======================= +--- autofs-5.0.7.orig/man/autofs.conf.5.in ++++ autofs-5.0.7/man/autofs.conf.5.in +@@ -80,6 +80,37 @@ user setting these standard environment + potential user privilege escalation when the program map is written in a + language that can load components from, for example, a user home directory + (program default "no"). ++.TP ++.B map_hash_table_size ++.br ++This configuration option may be used to change the number of hash ++table slots (default 1024). ++ ++This configuration option affects the overhead of searching the map ++entry cache for map entries when there are a large number of entries. ++It affects the number of entries that must be looked at to locate a ++map entry in the map entry cache. For example, the default of 1024 ++and a direct map with 8000 entries would result in each slot ++containing an average of 8 entries, which should be acceptable. ++ ++However, if excessive CPU usage is observed during automount lookups ++increasing this option can reduce the CPU overhead considerably becuase ++it reduces the length of the search chains. ++ ++Note that the number of entries in a map doesn't necessarily relate ++to the number of entries used in the map entry cache. ++ ++There are three distinct cases, direct maps and indirect maps that ++use the "browse" option must be read in their entirity at program ++start so, in these two cases the map size does retate directly to ++the map entry cache size. ++ ++For indirect maps that do not use the "browse" option entries are ++added to the map entry cache at lookup so the number of active cache ++entries, in this case, is usually much less than the number of entries ++in the map. In this last case it would be unusual for the map entry ++cache to grow large enough to warrant increasing the default before ++an event that cleans stale entries, a map re-read for example. + .SS LDAP Configuration + .P + Configuration settings available are: +--- autofs-5.0.7.orig/redhat/autofs.conf.default.in ++++ autofs-5.0.7/redhat/autofs.conf.default.in +@@ -135,8 +135,10 @@ mount_nfs_default_protocol = 4 + #auth_conf_file = @@autofsmapdir@@/autofs_ldap_auth.conf + # + # map_hash_table_size - set the map cache hash table size. +-# Should be a power of 2 with a ratio roughly +-# between 1:10 and 1:20 for each map. ++# Should be a power of 2 with a ratio of ++# close to 1:8 for acceptable performance ++# with maps up to around 8000 entries. ++# See autofs.conf(5) for more details. + # + #map_hash_table_size = 1024 + # +--- autofs-5.0.7.orig/samples/autofs.conf.default.in ++++ autofs-5.0.7/samples/autofs.conf.default.in +@@ -134,8 +134,10 @@ browse_mode = no + #auth_conf_file = @@autofsmapdir@@/autofs_ldap_auth.conf + # + # map_hash_table_size - set the map cache hash table size. +-# Should be a power of 2 with a ratio roughly +-# between 1:10 and 1:20 for each map. ++# Should be a power of 2 with a ratio of ++# close to 1:8 for acceptable performance ++# with maps up to around 8000 entries. ++# See autofs.conf(5) for more details. + # + #map_hash_table_size = 1024 + # diff --git a/SPECS/autofs.spec b/SPECS/autofs.spec index c430a86..71396d5 100644 --- a/SPECS/autofs.spec +++ b/SPECS/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.0.7 -Release: 48%{?dist} +Release: 54%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -272,6 +272,30 @@ Patch629: autofs-5.1.0-update-man-page-autofs-8-for-systemd.patch Patch630: autofs-5.1.0-fix-fix-master-map-type-check.patch Patch631: autofs-5.1.0-fix-typo-in-update_hosts_mounts.patch Patch632: autofs-5.1.0-fix-hosts-map-update-on-reload.patch +Patch633: autofs-5.1.0-make-negative-cache-update-consistent-for-all-lookup-modules.patch +Patch634: autofs-5.1.0-ensure-negative-cache-isnt-updated-on-remount.patch +Patch635: autofs-5.1.0-dont-add-wildcard-to-negative-cache.patch +Patch636: autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch +Patch637: autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch +Patch638: autofs-5.1.0-fix-incorrect-check-in-parse_mount.patch +Patch639: autofs-5.1.0-handle-duplicates-in-multi-mounts.patch +Patch640: autofs-5.1.0-fix-macro-usage-in-lookup_program_c.patch +Patch641: autofs-5.1.0-remove-unused-offset-handling-code.patch +Patch642: autofs-5.1.0-fix-mount-as-you-go-offset-selection.patch + +Patch643: autofs-5.1.0-init-qdn-before-use.patch +Patch644: autofs-5.1.1-fix-left-mount-count-return.patch +Patch645: autofs-5.1.1-fix-return-handling-in-sss-lookup-module.patch +Patch646: autofs-5.1.1-move-query-dn-calculation-from-do_bind-to-do_connect.patch +Patch647: autofs-5.1.1-make-do_connect-return-a-status.patch +Patch648: autofs-5.1.1-make-connect_to_server-return-a-status.patch +Patch649: autofs-5.1.1-make-find_dc_server-return-a-status.patch +Patch650: autofs-5.1.1-make-find_server-return-a-status.patch +Patch651: autofs-5.1.1-fix-return-handling-of-do_reconnect-in-ldap-module.patch +Patch652: autofs-5.1.1-fix-direct-mount-stale-instance-flag-reset.patch +Patch653: autofs-5.1.1-fix-direct-map-expire-not-set-for-initial-empty-map.patch +Patch654: autofs-5.1.1-update-map_hash_table_size-description.patch +Patch655: autofs-5.1.1-fix-out-of-order-call-in-program-map-lookup.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if %{with_systemd} @@ -582,6 +606,30 @@ echo %{version}-%{release} > .version %patch630 -p1 %patch631 -p1 %patch632 -p1 +%patch633 -p1 +%patch634 -p1 +%patch635 -p1 +%patch636 -p1 +%patch637 -p1 +%patch638 -p1 +%patch639 -p1 +%patch640 -p1 +%patch641 -p1 +%patch642 -p1 + +%patch643 -p1 +%patch644 -p1 +%patch645 -p1 +%patch646 -p1 +%patch647 -p1 +%patch648 -p1 +%patch649 -p1 +%patch650 -p1 +%patch651 -p1 +%patch652 -p1 +%patch653 -p1 +%patch654 -p1 +%patch655 -p1 %build LDFLAGS=-Wl,-z,now @@ -675,6 +723,64 @@ fi %dir /etc/auto.master.d %changelog +* Thu Sep 17 2015 Ian Kent - 1:5.0.7-54 +- bz1263508 - Heavy program map usage can lead to a hang + - fix out of order call in program map lookup. +- Resolves: rhbz#1263508 + +* Tue Jul 7 2015 Ian Kent - 1:5.0.7-53 +- bz1238573 - RFE: autofs MAP_HASH_TABLE_SIZE description + - update map_hash_table_size description. +- Resolves: rhbz#1238573 + +* Thu Jul 2 2015 Ian Kent - 1:5.0.7-52 +- bz1233069 - Direct map does not expire if map is initially empty + - update patch to fix expiry problem. +- Related: rhbz#1233069 + +* Tue Jun 23 2015 Ian Kent - 1:5.0.7-51 +- bz1233065 - 'service autofs reload' does not reloads new mounts only + when 'sss' or 'ldap' is used in '/etc/nsswitch.conf' file + - init qdn before use in get_query_dn(). + - fix left mount count return from umount_multi_triggers(). + - fix return handling in sss lookup module. + - move query dn calculation from do_bind() to do_connect(). + - make do_connect() return a status. + - make connect_to_server() return a status. + - make find_dc_server() return a status. + - make find_server() return a status. + - fix return handling of do_reconnect() in ldap module. +- bz1233067 - autofs is performing excessive direct mount map re-reads + - fix direct mount stale instance flag reset. +- bz1233069 - Direct map does not expire if map is initially empty + - fix direct map expire not set for initial empty map. +- Resolves: rhbz#1233065 rhbz#1233067 rhbz#1233069 + +* Tue May 26 2015 Ian Kent - 1:5.0.7-50 +- bz1218045 - Similar but unrelated NFS exports block proper mounting of + "parent" mount point + - remove unused offset handling code. + - fix mount as you go offset selection. +- Resolves: rhbz#1218045 + +* Mon May 25 2015 Ian Kent - 1:5.0.7-49 +- bz1166457 - Autofs unable to mount indirect after attempt to mount wildcard + - make negative cache update consistent for all lookup modules. + - ensure negative cache isn't updated on remount. + - dont add wildcard to negative cache. +- bz1162041 - priv escalation via interpreter load path for program based + automount maps + - add a prefix to program map stdvars. + - add config option to force use of program map stdvars. +- bz1161474 - automount segment fault in parse_sun.so for negative parser tests + - fix incorrect check in parse_mount(). +- bz1205600 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate + exports in the NFS server + - handle duplicates in multi mounts. +- bz1201582 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c + - fix macro usage in lookup_program.c. +- Resolves: rhbz#1166457 rhbz#1162041 rhbz#1161474 rhbz#1205600 rhbz#1201582 + * Fri Dec 19 2014 Ian Kent - 1:5.0.7-48 - bz1164957 - The default installed autofs.conf doesn't have default nfs protocol set to 4