Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Remove dead return code

Fix build:

- Use %ll instead of %q for explicit long long casts;
- Use %j instead of %q in XFS and cast to intmax_t.

Tested with: make universe

Consistently set RPCGEN_CPP when running rpcgen, so the C preprocessor
set via ${CPP} is used, instead of always using hardcoded /usr/bin/cpp.

MFC after: 1 week

Spelling fixes for usr.sbin/

Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.

Reviewed by: jhb
MFC after: 2 weeks

rpc.lockd(8) WARNS cleanup

- Provide function prototype for nlm_syscall
- Don't assign a variable from the stack to a global var[1]
- Remove unused vars

Found by: clang static analyser [1]
Reviewed by: dfr

Fix the include path for nfs_lock.h.

MFC after: 2 weeks

The last big commit: let usr.sbin/ use WARNS=6 by default.

Don't use sys/nfs/rpcv2.h - it is part of the old kernel RPC implementation
and will be removed.

Re-implement the client side of rpc.lockd in the kernel. This implementation
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).

Sponsored by: Isilon Systems
PR: 94256
MFC after: 2 weeks

Add a missing call to init_nsm().

MFC after: 1 week

If we can't find or load the kernel NLM support, don't just go ahead and
try to use it anyway.

Call listen(2) on bound tcp sockets before passing them to svc_tli_create.

Remove the '-k' option.

Add kernel module support for nfslockd and krpc. Use the module system
to detect (or load) kernel NLM support in rpc.lockd. Remove the '-k'
option to rpc.lockd and make kernel NLM the default. A user can still
force the use of the old user NLM by building a kernel without NFSLOCKD
and/or removing the nfslockd.ko module.

Add the new kernel-mode NFS Lock Manager. To use it instead of the
user-mode lock manager, build a kernel with the NFSLOCKD option and
add '-k' to 'rpc_lockd_flags' in rc.conf.

Highlights include:

* Thread-safe kernel RPC client - many threads can use the same RPC
client handle safely with replies being de-multiplexed at the socket
upcall (typically driven directly by the NIC interrupt) and handed
off to whichever thread matches the reply. For UDP sockets, many RPC
clients can share the same socket. This allows the use of a single
privileged UDP port number to talk to an arbitrary number of remote
hosts.

* Single-threaded kernel RPC server. Adding support for multi-threaded
server would be relatively straightforward and would follow
approximately the Solaris KPI. A single thread should be sufficient
for the NLM since it should rarely block in normal operation.

* Kernel mode NLM server supporting cancel requests and granted
callbacks. I've tested the NLM server reasonably extensively - it
passes both my own tests and the NFS Connectathon locking tests
running on Solaris, Mac OS X and Ubuntu Linux.

* Userland NLM client supported. While the NLM server doesn't have
support for the local NFS client's locking needs, it does have to
field async replies and granted callbacks from remote NLMs that the
local client has contacted. We relay these replies to the userland
rpc.lockd over a local domain RPC socket.

* Robust deadlock detection for the local lock manager. In particular
it will detect deadlocks caused by a lock request that covers more
than one blocking request. As required by the NLM protocol, all
deadlock detection happens synchronously - a user is guaranteed that
if a lock request isn't rejected immediately, the lock will
eventually be granted. The old system allowed for a 'deferred
deadlock' condition where a blocked lock request could wake up and
find that some other deadlock-causing lock owner had beaten them to
the lock.

* Since both local and remote locks are managed by the same kernel
locking code, local and remote processes can safely use file locks
for mutual exclusion. Local processes have no fairness advantage
compared to remote processes when contending to lock a region that
has just been unlocked - the local lock manager enforces a strict
first-come first-served model for both local and remote lockers.

Sponsored by: Isilon Systems
PR: 95247 107555 115524 116679
MFC after: 2 weeks

Check the correct variables for malloc failures.

Submitted by: Michiel Boland <michiel@boland.org>

Add the -h <bindip> option to rpc.lockd, similar to the one in
nfsd(8), in mountd(8), and in rpc.statd(8)

-h bindip
Specify specific IP addresses to bind to for TCP and UDP requests.
This option may be specified multiple times. If no -h option is
specified, rpc.lockd will bind to INADDR_ANY. Note that when specifying
IP addresses with -h, rpc.lockd will automatically add 127.0.0.1 and
if IPv6 is enabled, ::1 to the list.

PR: bin/98500
MFC after: 1 week

- Fix compilaton with DUMP_FILELOCK_VERBOSE.
- Use consistent "get_lock_matching_unlock" function name in
debuglog().

Add the "-p" option, which allows to specify a port which the daemon
should bind to.

PR: bin/100969
Reviewed by: alfred@
MFC after: 1 week

Fix a typo in a comment, introduced in rev. 1.19.

some whitespace cleanup (which I usually don't bother with)
so I could note that the previous delta was:

Reviewed by: Mohan

Add a function that checks for duplicate requests (based
on some fairly tight criteria) so we avoid having broken
clients spam rpc.lockd to death.

PR: 107530
Obtained from: Doug Rudoff
MFC after: 1 week

Set alarm timer for grace period from the grace_period variable, instead
of hard-coding a value of 10 seconds. Command line flag -g is thus now
correctly taken into account.

PR: bin/102176
MFC after: 1 week

o Style previous.

Use setproctitle(3) to provide identification of the client and server
processes created by rpc.lockd.

MFC after: 1 week

Remove extraneous trailing \0 in string literal.

MFC after: 2 weeks

Move call to ignore SIGPIPE signals before calling fork(),
so that both parent and child processes ignore this signal.

PR: bin/97768
Submitted by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw>
MFC after: 3 days

Ignore SIGPIPE signals on write() failures.
We already check for write() failures and handle EPIPE.
Failure to handle SIGPIPE was resulting in rpc.lockd terminating.

PR: bin/97768
Reported by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw>
MFC after: 1 day

When a user is in more than 16 groups the call to authunix_create() will
result in abort() beeing called. This is because there is a limit of
the number of groups in the RPC which is 16. When the actual number of
groups is too large it results in xdr_array() returning an error which,
in turn, authunix_create() handles by just calling abort().

Fix this by passing only the first 16 groups to authunix_create().

Add FBSDID. Add missing prototypes. Remove unused variables. Give variable
an initial value to silent compiler.

Consumers of nfslockdans() seems to think it should return 0 on success, so
make it so.

Fixed the misplaced $FreeBSD$.

- Use svc_getrpccaller() rather than svc_getcaller() for using
xt_rtaddr member of SVCXPRT structure. This allows to use IPv6
address stored in "struct sockaddr_storage" in "struct netbuf".
- Output the reason of getnameinfo() error.

Reviewed by: alfred

Sort sections.

Userland change corresponding to the change in kernel/userland communication
for NFS locking.

Include <unistd.h> for {g,s}eteuid().

After talking to Colin,
apply the patch of bin/61718 (which should include/elimatate kern/61122 also).
It seems to fix a few annoying bugs.

PR: bin/61718, kern/61122
Submitted by: bg@sics.se ohartman@mail.physik.uni-mainz.de

Remove spurious semicolons. Outside of functions they are actually errors but
GCC doesn't warn about them without -pedantic.

Approved by: das (mentor)
PR: 56649
Reviewed by: md5

Make rpc.lockd bind to a reserved port, since there are NFS clients
which ignore NLM requests not coming from a reserved port.

PR: 56500
Submitted by: Jonathan Lennox <lennox@cs.columbia.edu>
MFC after: 1 week

The callrpc call to unmonitor hosts was passing the wrong xdr
decode/encode functions for the arguments to the statd unmonitor
call. Fix it.

Make this compile cleanly. It passes WARNS=2, but I haven't checked
it is so on more platforms.

When getting back an NLM DENIED response for a requested lock from the
server, map it to EAGAIN locally rather than EACCES. The NLM spec
indicates the DENIED corresponds to lock contention, not a permission
failure. This fixes O_EXLOCK/O_SHLOCK with O_NONBLOCK, which would
previously give a permission error, which in turn fixes things
like mailq(8) and lockf(1) over NFS.

Approved by: scottl (re)
Reviewed by: truckman, Andrew P Lentvorski, Jr. <bsder@allcaps.org>
Idea from: truckman

Avoid registering for a lock on the server in the event the NFS client
has requested the lock in a non-blocking form, instead returning an
immediate failure. This appears to help reduce one of my "locks get
lost" symptoms involving lockf(1), which attempts a non-blocking lock
attempt before actually blocking on the lock. At this point the client
still gets back EACCES, which is an issue we're still working.

Approved by: re (scottl)
Submitted by: Andrew P. Lentvorski, Jr. <bsder@allcaps.org>

When receiving NLM_GRANTED_RES or NLM4_GRANTED_RES lock granted messages
from the NFS server, following contention on a lock by this or another
client, immediately notify the waiting process that the lock has been
granted via a wakeup. Without this change, the client rpc.lockd will
not wakeup the waiting process until it next re-polls the lock (sometime
in the next ten seconds), which can lead to marked latency across all
potential lockers, as the lock is held by the client for the duration.

Approved by: re (scottl)
Submitted by: truckman
Reviewed by: Andrew P. Lentvorski, Jr <bsder@allcaps.org>

init_nsm() is executed after a call to daemon(*, 0), so error and
warning messages should be logged rather than sent to /dev/null.

PR: bin/45461

style.Makefile(5)

Implement nonblocking tpc-connections. rpcgen -m does still
produce backcompatible code.

Reviewed by: rwatson
Obtained from: NetBSD
MFC after: 1 day

Remove a case of exposing 'struct ucred' to userspace. Use a struct xucred
for LOCKD_MSG instead.

Requested by: rwatson

Add IPv6 support.

Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>

The .Nm utility

When binding to transports if getnetconfigent() fails then actually
print out the correct transport it failed on rather than always
spitting out 'udp', also call nc_sperror() to give a more verbose
error message detailing the problem.

Use char foo[] = "BAR" to avoid direct assignment of const char * into char *.
rpcgen can't really make those fields const because the remote side might
want to munge them, so we need to pass non-const in. Hackish, but should
work.

Const fix.

Remove cast that's not needed.

WARNS from 3 to 4. still some warnings about assigning const char * to
char *, but we'll fix those later.

constify log_from_addr() parameter.

Bring code to WARNS=3 level. Mostly fix unused variables.

Remove main() prototype.

Remove __P.

Fix boundry condition in lock management:

Alfred, I took a look at retry_blockingfilelocklist() and the
solution seemed simple enough. Please correct me if I am wrong.
It seems said routine doesn't take into account boundary conditions
when putting back file_lock entries into the blocked lock-list.
Specifically, it fails when the file_lock being put back is the
last element in the list, and when it is the only element in the
list. I've included a patch below.

Basically, it introduces another variable: pfl, which keeps track
of the list item before ifl. That way if nfl is NULL, ifl gets
inserted after pfl. If pfl is also NULL, then it gets inserted
at the head of the list (since it was the only element in the
list).

Submitted by: Mike Makonnen <mike_makonnen@yahoo.com>
Tested by: Thomas Quinot <thomas@cuivre.fr.eu.org>

prototype functions and fix some line wrapping

Fold ANDREW_LOCKD into -current.

Turn on NO_WERROR and set WARNS to 1.

Fix the WARNS 1 warnings except unused variables.

Add prototype for log_netobj().
Don't compare signed/unsigned.
Cast u_int64_t to 'unsigned long long' and print using %llu.
Fix constness of string arrays.
Use a cast to avoid an unused parameter in a signal handler.
alarm(2) can't fail, so don't check for it.
ANSI'ify some functions.

fix parameters to lock_answer().

Submitted by: Timo Geusch <freebsd@unix-consult.com>

Fixup for WARNS.

Drop privs while servicing kernel lock requests.
Restore umask used before FIFO creation.
If opening the FIFO fails, exit.
Properly check the return value of open (use == -1 instead of < 0).

leverage fixed fifo implementation (rev 1.56 of
src/sys/fs/fifofs/fifo_vnops.c) to serve locks better, my previous
workaround for lack of decent fifo system wasn't cutting it,
particularly the kernel would send a message down the fifo and
immediately close it, this would lead to delayed unlock requests
being seen by the lockd causing all sorts of badness.

Basically, don't reopen the fifo, just select(2) on it.

use syslog rather than printf so we can see what's going on in debug mode

style fixes, fix line wrap and function declaration

Implement partial-file NFS lock testing.

Submitted by: "Andrew P. Lentvorski" <andrewl@io.com>

Userland part of nfs client/server split and cleanup.

Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.

Distinguish between rpc version numbers in the client cache to avoid
replying on the wrong port.

handles.c belonged to the old stub lockd, nuke it.

procs.c belonged to the old stub lockd, nuke it.

mdoc(7) police: Removed forgotten .Pp.

Fix compiling without -O, some dead code was using non-existant functions,
make the code not automatically dead but actually use the debug level
in order to determine if output is needed. Fix non-existant from_addr()
by #define'ing it to inet_ntoa().

Remove hardcoded -g from Makefile.

Reported by: "John W. De Boskey" <jwd@bsdwins.com>
Tested by: "John W. De Boskey" <jwd@bsdwins.com>

Remove section from bugs that says we don't support client locks.

Pointed out by: Martin Blapp <mb@imp.ch>

remove debug code left in by accident

Implement client side NFS locks.

Obtained from: BSD/os
Import Ok'd by: mckusick, jkh, motd on builder.freebsd.org

- Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.

Set the default manual section for usr.sbin/ to 8.

Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

Bring in required TLI library routines to support this.

Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.

This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).

The submitter has agreed to continue on and bring us up to the
1999 release.

Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.

Many userland updates were done to bring the code up to par with
the recent RPC API.

There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.

While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.

New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.

Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.

Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul

mdoc(7) police: use the new features of the Nm macro.

Use Fx macro wherever possible.

Don't call syslog() without a format string.

$Id$ -> $FreeBSD$

Add $Id$, to make it simpler for members of the translation teams to
track.

The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

.\" $Id$
.\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by: bde

Removed bogus dependencies of generated .c files on generated headers.

Fixed `make -jN' for large N, as usual.

Use err(3). Add usage() and #includes.

Typo fix: ${.DESTDIR} -> ${DESTDIR}.

Reviewed by: bde

Fixed type mismatch caused by bogus prototypes. rpcgen for some reason
doesn't generate any prototypes for the functions to be registered.

Typo police.

Partially obtained from: NetBSD PR# 3333

Revert $FreeBSD$ to $Id$

Sort cross references.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

rpc.rstatd -> rpc.lockd typo

Noticed by: tholo@sigmasoft.com (Thorsten Lockert)

Correct the rpc.lockd and rpc.statd man pages to not reference
their path names in the synopsis line (especially since they
referenced the wrong path!). Corrected some other minor problems
with the rpc.lockd man page.

Tweaks for the stub lockd.
- Use rpcgen to generate the unmodified boilerplate code rather than
having it in the repository.
- Eliminate the conflicting function names by changing them to their
"natural" rpcgen generated names

This commit was generated by cvs2svn to compensate for changes in r14123,
which included commits to RCS files with non-trunk default branches.