Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2942319pxb; Sun, 28 Feb 2021 19:24:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJw0DXvLIFrCVEnepN0OzJP3oqAqOXpV6YYtZkdLHxmy/34Bbu1SAcfDN5NE08G1V90AoFAU X-Received: by 2002:aa7:c441:: with SMTP id n1mr7715946edr.203.1614569039995; Sun, 28 Feb 2021 19:23:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614569039; cv=none; d=google.com; s=arc-20160816; b=Knl4Ndb2HmlVMAqjV0sxQsJBENMuyTIrKi3ml6Op1Dr21BJQCMsIG8PCHjU3pEOyKX JSo44XcrHU6a+cDYHbs49NVE+qwn0snoJQmrKJif4tJI1vbyDTj2/T2cJ+B+loTBLmll 2nwd1eWYEZXEiPhUuhF5J8Ndudg7FfWqDBQEtQpYgltR9ra2fknZxypvLEmfvHUdWT1k PKJw21+L5ho4XoIz8DpHyIXiVYpRA32la/yuY0RrG8ae9CHcTy30n+l2VTqlCx3JricZ +WIIo3wHf3dGh3Jcl4D88TCbnzjToSTzyXPOYjXzWiOEFIf8syg1Rikw8PRS25av8ddX vggg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:cc:subject:date:to:from; bh=muA+QH/c+JRnWC+mM1xYmAIF4/N02bEaka3foLcPmvs=; b=gslHRaYT+clTWkXdQ2INzqCBA8+4iBs1OqIxm4tzMHEGFDszSAt00NcwWjzgHjNFgs op8s21mamKCfgOmWLzv6vSRY58XMElVfOlEa34RtmT0HNnAk89Bmdb2R+U4echCUMKgB rw7NxcviIfJ5lKvpEI1R0/6h+3N53XuP0W2g0NEecWgAdrT3+jBig45+xTVj8/8nzjAB IQmg5Kk6RrtSA0W3n3VFUEYcsYNma9VdOe+huLxuAOtjMMw+E7OPIH81QzlNQ0sfn8LP 5UbbgXq6QwkBkgwk6SXOs9hNXfmJ4D86M6qXJ1kcVRS7dPLRkb4vjYEW1OKLDY8oJl53 h09Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w26si10938964ejf.489.2021.02.28.19.23.25; Sun, 28 Feb 2021 19:23:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231735AbhCACSW (ORCPT + 99 others); Sun, 28 Feb 2021 21:18:22 -0500 Received: from mx2.suse.de ([195.135.220.15]:58424 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231802AbhCACSV (ORCPT ); Sun, 28 Feb 2021 21:18:21 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 92D3EAC6F; Mon, 1 Mar 2021 02:17:39 +0000 (UTC) From: NeilBrown To: Steve Dickson Date: Mon, 01 Mar 2021 13:17:15 +1100 Subject: [PATCH 0/5 v2] nfs-utils: provide audit-logging of NFSv4 access Cc: Linux NFS Mailing list Message-ID: <161456493684.22801.323431390819102360.stgit@noble> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org V1 of this series didn't update the usage() message for mountd, and omited the required ':' after the 'T' sort-option. This series fixes those two omissions. Original series comment: When NFSv3 is used mountd provides logs of successful and failed mount attempts which can be used for auditing. When NFSv4 is used there are no such logs as NFSv4 does not have a distinct "mount" request. However mountd still knows about which filesysytems are being accessed from which clients, and can actually provide more reliable logs than it currently does, though they must be more verbose - with periodic "is being accessed" message replacing a single "was mounted" message. This series adds support for that logging, and adds some related improvements to make the logs as useful as possible. NeilBrown --- NeilBrown (5): mountd: reject unknown client IP when !use_ipaddr. mountd: Don't proactively add export info when fh info is requested. mountd: add logging for authentication results for accesses. mountd: add --cache-use-ipaddr option to force use_ipaddr mountd: make default ttl settable by option support/export/auth.c | 4 +++ support/export/cache.c | 32 +++++++++++------ support/export/v4root.c | 3 +- support/include/exportfs.h | 3 +- support/nfs/exports.c | 4 ++- utils/mountd/mountd.c | 30 +++++++++++++++- utils/mountd/mountd.man | 70 ++++++++++++++++++++++++++++++++++++++ 7 files changed, 131 insertions(+), 15 deletions(-) -- Signature