]>
Commit | Line | Data |
---|---|---|
a5f7e223 AM |
1 | |
2 | This patch modifies the NFSv4 'mount' command to accept multiple | |
3 | authentication flavors. This list of flavors will be used during security | |
4 | negotiation to determine which flavors the user is willing to use (most | |
5 | preferred flavor is listed first). | |
6 | ||
7 | This patch applies on top of CITI's version 2.11z-3 of util-linux. | |
8 | ||
9 | The format for passing one flavor is unchanged: | |
10 | mount -tnfs4 -osec=krb5 server:/ /mnt/nfs4 | |
11 | ||
12 | The format for passing multiple flavors is: | |
13 | mount -tnfs4 -osec=krb5:spkm3p:unix server:/ /mnt/nfs4 | |
14 | ||
15 | If no sec= option is given, we assume AUTH_UNIX. | |
16 | ||
17 | From Nick Wilson <njw@us.ibm.com> | |
18 | ||
19 | --- | |
20 | ||
21 | util-linux-2.12-bfields/mount/nfs4mount.c | 102 ++++++++++++++++++++++-------- | |
22 | 1 files changed, 75 insertions(+), 27 deletions(-) | |
23 | ||
24 | diff -puN mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors mount/nfs4mount.c | |
25 | --- util-linux-2.12/mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors 2004-10-13 14:18:23.000000000 -0400 | |
26 | +++ util-linux-2.12-bfields/mount/nfs4mount.c 2004-10-13 14:21:18.000000000 -0400 | |
27 | @@ -36,6 +36,7 @@ | |
28 | #include <sys/stat.h> | |
29 | #include <netinet/in.h> | |
30 | #include <arpa/inet.h> | |
31 | +#include <rpc/auth.h> | |
32 | ||
33 | #include "sundries.h" | |
34 | ||
35 | @@ -48,6 +49,57 @@ | |
36 | #define NFS_PORT 2049 | |
37 | #endif | |
38 | ||
39 | +struct { | |
40 | + char *flavour; | |
41 | + int fnum; | |
42 | +} flav_map[] = { | |
43 | + { "krb5", RPC_AUTH_GSS_KRB5 }, | |
44 | + { "krb5i", RPC_AUTH_GSS_KRB5I }, | |
45 | + { "krb5p", RPC_AUTH_GSS_KRB5P }, | |
46 | + { "lipkey", RPC_AUTH_GSS_LKEY }, | |
47 | + { "lipkey-i", RPC_AUTH_GSS_LKEYI }, | |
48 | + { "lipkey-p", RPC_AUTH_GSS_LKEYP }, | |
49 | + { "spkm3", RPC_AUTH_GSS_SPKM }, | |
50 | + { "spkm3i", RPC_AUTH_GSS_SPKMI }, | |
51 | + { "spkm3p", RPC_AUTH_GSS_SPKMP }, | |
52 | + { "unix", AUTH_UNIX }, | |
53 | + { "sys", AUTH_SYS }, | |
54 | + { "null", AUTH_NULL }, | |
55 | + { "none", AUTH_NONE }, | |
56 | +}; | |
57 | + | |
58 | +#define FMAPSIZE (sizeof(flav_map)/sizeof(flav_map[0])) | |
59 | +#define MAX_USER_FLAVOUR 16 | |
60 | + | |
61 | +static int parse_sec(char *sec, int *pseudoflavour) | |
62 | +{ | |
63 | + int i, num_flavour = 0; | |
64 | + | |
65 | + for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) { | |
66 | + if (num_flavour >= MAX_USER_FLAVOUR) { | |
67 | + fprintf(stderr, | |
68 | + _("mount: maximum number of security flavors " | |
69 | + "exceeded\n")); | |
70 | + return 0; | |
71 | + } | |
72 | + for (i = 0; i < FMAPSIZE; i++) { | |
73 | + if (strcmp(sec, flav_map[i].flavour) == 0) { | |
74 | + pseudoflavour[num_flavour++] = flav_map[i].fnum; | |
75 | + break; | |
76 | + } | |
77 | + } | |
78 | + if (i == FMAPSIZE) { | |
79 | + fprintf(stderr, | |
80 | + _("mount: unknown security type %s\n"), sec); | |
81 | + return 0; | |
82 | + } | |
83 | + } | |
84 | + if (!num_flavour) | |
85 | + fprintf(stderr, | |
86 | + _("mount: no security flavors passed to sec= option\n")); | |
87 | + return num_flavour; | |
88 | +} | |
89 | + | |
90 | static int parse_devname(char *hostdir, char **hostname, char **dirname) | |
91 | { | |
92 | char *s; | |
93 | @@ -117,7 +169,8 @@ int nfs4mount(const char *spec, const ch | |
94 | static char hostdir[1024]; | |
95 | static char ip_addr[16] = "127.0.0.1"; | |
96 | static struct sockaddr_in server_addr; | |
97 | - static int pseudoflavour = 0; | |
98 | + static int pseudoflavour[MAX_USER_FLAVOUR]; | |
99 | + int num_flavour = 0; | |
100 | ||
101 | char *hostname, *dirname, *old_opts; | |
102 | char new_opts[1024]; | |
103 | @@ -228,29 +281,9 @@ int nfs4mount(const char *spec, const ch | |
104 | strncpy(ip_addr,opteq+1, sizeof(ip_addr)); | |
105 | ip_addr[sizeof(ip_addr)-1] = '\0'; | |
106 | } else if (!strcmp(opt, "sec")) { | |
107 | - if (!strcmp(opteq+1, "krb5")) | |
108 | - pseudoflavour = 390003; | |
109 | - else if (!strcmp(opteq+1, "krb5i")) | |
110 | - pseudoflavour = 390004; | |
111 | - else if (!strcmp(opteq+1, "krb5p")) | |
112 | - pseudoflavour = 390005; | |
113 | - else if (!strcmp(opteq+1, "lipkey")) | |
114 | - pseudoflavour = 390006; | |
115 | - else if (!strcmp(opteq+1, "lipkey-i")) | |
116 | - pseudoflavour = 390007; | |
117 | - else if (!strcmp(opteq+1, "lipkey-p")) | |
118 | - pseudoflavour = 390008; | |
119 | - else if (!strcmp(opteq+1, "spkm3")) | |
120 | - pseudoflavour = 390009; | |
121 | - else if (!strcmp(opteq+1, "spkm3i")) | |
122 | - pseudoflavour = 390010; | |
123 | - else if (!strcmp(opteq+1, "spkm3p")) | |
124 | - pseudoflavour = 390011; | |
125 | - else { | |
126 | - printf(_("unknown security type %s\n"), | |
127 | - opteq+1); | |
128 | + num_flavour = parse_sec(opteq+1, pseudoflavour); | |
129 | + if (!num_flavour) | |
130 | goto fail; | |
131 | - } | |
132 | } else if (!strcmp(opt, "addr")) { | |
133 | /* ignore */; | |
134 | } else { | |
135 | @@ -293,10 +326,10 @@ int nfs4mount(const char *spec, const ch | |
136 | | (nocto ? NFS4_MOUNT_NOCTO : 0) | |
137 | | (noac ? NFS4_MOUNT_NOAC : 0); | |
138 | ||
139 | - if (pseudoflavour != 0) { | |
140 | - data.auth_flavourlen = 1; | |
141 | - data.auth_flavours = &pseudoflavour; | |
142 | - } | |
143 | + if (num_flavour == 0) | |
144 | + pseudoflavour[num_flavour++] = AUTH_UNIX; | |
145 | + data.auth_flavourlen = num_flavour; | |
146 | + data.auth_flavours = pseudoflavour; | |
147 | ||
148 | data.client_addr.data = ip_addr; | |
149 | data.client_addr.len = strlen(ip_addr); | |
150 | @@ -321,6 +354,21 @@ int nfs4mount(const char *spec, const ch | |
151 | (data.flags & NFS4_MOUNT_INTR) != 0, | |
152 | (data.flags & NFS4_MOUNT_NOCTO) != 0, | |
153 | (data.flags & NFS4_MOUNT_NOAC) != 0); | |
154 | + | |
155 | + if (num_flavour > 0) { | |
156 | + int pf_cnt, i; | |
157 | + | |
158 | + printf("sec = "); | |
159 | + for (pf_cnt = 0; pf_cnt < num_flavour; pf_cnt++) { | |
160 | + for (i = 0; i < FMAPSIZE; i++) { | |
161 | + if (flav_map[i].fnum == pseudoflavour[pf_cnt]) { | |
162 | + printf("%s", flav_map[i].flavour); | |
163 | + break; | |
164 | + } | |
165 | + } | |
166 | + printf("%s", (pf_cnt < num_flavour-1) ? ":" : "\n"); | |
167 | + } | |
168 | + } | |
169 | printf("proto = %s\n", (data.proto == IPPROTO_TCP) ? "tcp" : "udp"); | |
170 | #endif | |
171 | ||
172 | _ |