2 This patch modifies the NFSv4 'mount' command to accept multiple
3 authentication flavors. This list of flavors will be used during security
4 negotiation to determine which flavors the user is willing to use (most
5 preferred flavor is listed first).
7 This patch applies on top of CITI's version 2.11z-3 of util-linux.
9 The format for passing one flavor is unchanged:
10 mount -tnfs4 -osec=krb5 server:/ /mnt/nfs4
12 The format for passing multiple flavors is:
13 mount -tnfs4 -osec=krb5:spkm3p:unix server:/ /mnt/nfs4
15 If no sec= option is given, we assume AUTH_UNIX.
17 From Nick Wilson <njw@us.ibm.com>
21 util-linux-2.12-bfields/mount/nfs4mount.c | 102 ++++++++++++++++++++++--------
22 1 files changed, 75 insertions(+), 27 deletions(-)
24 diff -puN mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors mount/nfs4mount.c
25 --- util-linux-2.12/mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors 2004-10-13 14:18:23.000000000 -0400
26 +++ util-linux-2.12-bfields/mount/nfs4mount.c 2004-10-13 14:21:18.000000000 -0400
29 #include <netinet/in.h>
30 #include <arpa/inet.h>
31 +#include <rpc/auth.h>
43 + { "krb5", RPC_AUTH_GSS_KRB5 },
44 + { "krb5i", RPC_AUTH_GSS_KRB5I },
45 + { "krb5p", RPC_AUTH_GSS_KRB5P },
46 + { "lipkey", RPC_AUTH_GSS_LKEY },
47 + { "lipkey-i", RPC_AUTH_GSS_LKEYI },
48 + { "lipkey-p", RPC_AUTH_GSS_LKEYP },
49 + { "spkm3", RPC_AUTH_GSS_SPKM },
50 + { "spkm3i", RPC_AUTH_GSS_SPKMI },
51 + { "spkm3p", RPC_AUTH_GSS_SPKMP },
52 + { "unix", AUTH_UNIX },
53 + { "sys", AUTH_SYS },
54 + { "null", AUTH_NULL },
55 + { "none", AUTH_NONE },
58 +#define FMAPSIZE (sizeof(flav_map)/sizeof(flav_map[0]))
59 +#define MAX_USER_FLAVOUR 16
61 +static int parse_sec(char *sec, int *pseudoflavour)
63 + int i, num_flavour = 0;
65 + for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
66 + if (num_flavour >= MAX_USER_FLAVOUR) {
68 + _("mount: maximum number of security flavors "
72 + for (i = 0; i < FMAPSIZE; i++) {
73 + if (strcmp(sec, flav_map[i].flavour) == 0) {
74 + pseudoflavour[num_flavour++] = flav_map[i].fnum;
78 + if (i == FMAPSIZE) {
80 + _("mount: unknown security type %s\n"), sec);
86 + _("mount: no security flavors passed to sec= option\n"));
90 static int parse_devname(char *hostdir, char **hostname, char **dirname)
93 @@ -117,7 +169,8 @@ int nfs4mount(const char *spec, const ch
94 static char hostdir[1024];
95 static char ip_addr[16] = "127.0.0.1";
96 static struct sockaddr_in server_addr;
97 - static int pseudoflavour = 0;
98 + static int pseudoflavour[MAX_USER_FLAVOUR];
99 + int num_flavour = 0;
101 char *hostname, *dirname, *old_opts;
103 @@ -228,29 +281,9 @@ int nfs4mount(const char *spec, const ch
104 strncpy(ip_addr,opteq+1, sizeof(ip_addr));
105 ip_addr[sizeof(ip_addr)-1] = '\0';
106 } else if (!strcmp(opt, "sec")) {
107 - if (!strcmp(opteq+1, "krb5"))
108 - pseudoflavour = 390003;
109 - else if (!strcmp(opteq+1, "krb5i"))
110 - pseudoflavour = 390004;
111 - else if (!strcmp(opteq+1, "krb5p"))
112 - pseudoflavour = 390005;
113 - else if (!strcmp(opteq+1, "lipkey"))
114 - pseudoflavour = 390006;
115 - else if (!strcmp(opteq+1, "lipkey-i"))
116 - pseudoflavour = 390007;
117 - else if (!strcmp(opteq+1, "lipkey-p"))
118 - pseudoflavour = 390008;
119 - else if (!strcmp(opteq+1, "spkm3"))
120 - pseudoflavour = 390009;
121 - else if (!strcmp(opteq+1, "spkm3i"))
122 - pseudoflavour = 390010;
123 - else if (!strcmp(opteq+1, "spkm3p"))
124 - pseudoflavour = 390011;
126 - printf(_("unknown security type %s\n"),
128 + num_flavour = parse_sec(opteq+1, pseudoflavour);
132 } else if (!strcmp(opt, "addr")) {
135 @@ -293,10 +326,10 @@ int nfs4mount(const char *spec, const ch
136 | (nocto ? NFS4_MOUNT_NOCTO : 0)
137 | (noac ? NFS4_MOUNT_NOAC : 0);
139 - if (pseudoflavour != 0) {
140 - data.auth_flavourlen = 1;
141 - data.auth_flavours = &pseudoflavour;
143 + if (num_flavour == 0)
144 + pseudoflavour[num_flavour++] = AUTH_UNIX;
145 + data.auth_flavourlen = num_flavour;
146 + data.auth_flavours = pseudoflavour;
148 data.client_addr.data = ip_addr;
149 data.client_addr.len = strlen(ip_addr);
150 @@ -321,6 +354,21 @@ int nfs4mount(const char *spec, const ch
151 (data.flags & NFS4_MOUNT_INTR) != 0,
152 (data.flags & NFS4_MOUNT_NOCTO) != 0,
153 (data.flags & NFS4_MOUNT_NOAC) != 0);
155 + if (num_flavour > 0) {
159 + for (pf_cnt = 0; pf_cnt < num_flavour; pf_cnt++) {
160 + for (i = 0; i < FMAPSIZE; i++) {
161 + if (flav_map[i].fnum == pseudoflavour[pf_cnt]) {
162 + printf("%s", flav_map[i].flavour);
166 + printf("%s", (pf_cnt < num_flavour-1) ? ":" : "\n");
169 printf("proto = %s\n", (data.proto == IPPROTO_TCP) ? "tcp" : "udp");