util-linux-2.12-04-modify_mount_to_support_multiple_security_flavors.dif

   1
   2 This patch modifies the NFSv4 'mount' command to accept multiple
   3 authentication flavors. This list of flavors will be used during security
   4 negotiation to determine which flavors the user is willing to use (most
   5 preferred flavor is listed first).
   6
   7 This patch applies on top of CITI's version 2.11z-3 of util-linux.
   8
   9 The format for passing one flavor is unchanged:
  10     mount -tnfs4 -osec=krb5 server:/ /mnt/nfs4
  11
  12 The format for passing multiple flavors is:
  13     mount -tnfs4 -osec=krb5:spkm3p:unix server:/ /mnt/nfs4
  14
  15 If no sec= option is given, we assume AUTH_UNIX.
  16
  17 From Nick Wilson <njw@us.ibm.com>
  18
  19 ---
  20
  21  util-linux-2.12-bfields/mount/nfs4mount.c |  102 ++++++++++++++++++++++--------
  22  1 files changed, 75 insertions(+), 27 deletions(-)
  23
  24 diff -puN mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors mount/nfs4mount.c
  25 --- util-linux-2.12/mount/nfs4mount.c~modify_mount_to_support_multiple_security_flavors 2004-10-13 14:18:23.000000000 -0400
  26 +++ util-linux-2.12-bfields/mount/nfs4mount.c   2004-10-13 14:21:18.000000000 -0400
  27 @@ -36,6 +36,7 @@
  28  #include <sys/stat.h>
  29  #include <netinet/in.h>
  30  #include <arpa/inet.h>
  31 +#include <rpc/auth.h>
  32
  33  #include "sundries.h"
  34
  35 @@ -48,6 +49,57 @@
  36  #define NFS_PORT 2049
  37  #endif
  38
  39 +struct {
  40 +       char    *flavour;
  41 +       int     fnum;
  42 +} flav_map[] = {
  43 +       { "krb5",       RPC_AUTH_GSS_KRB5       },
  44 +       { "krb5i",      RPC_AUTH_GSS_KRB5I      },
  45 +       { "krb5p",      RPC_AUTH_GSS_KRB5P      },
  46 +       { "lipkey",     RPC_AUTH_GSS_LKEY       },
  47 +       { "lipkey-i",   RPC_AUTH_GSS_LKEYI      },
  48 +       { "lipkey-p",   RPC_AUTH_GSS_LKEYP      },
  49 +       { "spkm3",      RPC_AUTH_GSS_SPKM       },
  50 +       { "spkm3i",     RPC_AUTH_GSS_SPKMI      },
  51 +       { "spkm3p",     RPC_AUTH_GSS_SPKMP      },
  52 +       { "unix",       AUTH_UNIX               },
  53 +       { "sys",        AUTH_SYS                },
  54 +       { "null",       AUTH_NULL               },
  55 +       { "none",       AUTH_NONE               },
  56 +};
  57 +
  58 +#define FMAPSIZE               (sizeof(flav_map)/sizeof(flav_map[0]))
  59 +#define MAX_USER_FLAVOUR       16
  60 +
  61 +static int parse_sec(char *sec, int *pseudoflavour)
  62 +{
  63 +       int i, num_flavour = 0;
  64 +
  65 +       for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
  66 +               if (num_flavour >= MAX_USER_FLAVOUR) {
  67 +                       fprintf(stderr,
  68 +                               _("mount: maximum number of security flavors "
  69 +                                 "exceeded\n"));
  70 +                       return 0;
  71 +               }
  72 +               for (i = 0; i < FMAPSIZE; i++) {
  73 +                       if (strcmp(sec, flav_map[i].flavour) == 0) {
  74 +                               pseudoflavour[num_flavour++] = flav_map[i].fnum;
  75 +                               break;
  76 +                       }
  77 +               }
  78 +               if (i == FMAPSIZE) {
  79 +                       fprintf(stderr,
  80 +                               _("mount: unknown security type %s\n"), sec);
  81 +                       return 0;
  82 +               }
  83 +       }
  84 +       if (!num_flavour)
  85 +               fprintf(stderr,
  86 +                       _("mount: no security flavors passed to sec= option\n"));
  87 +       return num_flavour;
  88 +}
  89 +
  90  static int parse_devname(char *hostdir, char **hostname, char **dirname)
  91  {
  92         char *s;
  93 @@ -117,7 +169,8 @@ int nfs4mount(const char *spec, const ch
  94         static char hostdir[1024];
  95         static char ip_addr[16] = "127.0.0.1";
  96         static struct sockaddr_in server_addr;
  97 -       static int pseudoflavour = 0;
  98 +       static int pseudoflavour[MAX_USER_FLAVOUR];
  99 +       int num_flavour = 0;
 100
 101         char *hostname, *dirname, *old_opts;
 102         char new_opts[1024];
 103 @@ -228,29 +281,9 @@ int nfs4mount(const char *spec, const ch
 104                                 strncpy(ip_addr,opteq+1, sizeof(ip_addr));
 105                                 ip_addr[sizeof(ip_addr)-1] = '\0';
 106                         } else if (!strcmp(opt, "sec")) {
 107 -                               if (!strcmp(opteq+1, "krb5"))
 108 -                                       pseudoflavour = 390003;
 109 -                               else if (!strcmp(opteq+1, "krb5i"))
 110 -                                       pseudoflavour = 390004;
 111 -                               else if (!strcmp(opteq+1, "krb5p"))
 112 -                                       pseudoflavour = 390005;
 113 -                               else if (!strcmp(opteq+1, "lipkey"))
 114 -                                       pseudoflavour = 390006;
 115 -                               else if (!strcmp(opteq+1, "lipkey-i"))
 116 -                                       pseudoflavour = 390007;
 117 -                               else if (!strcmp(opteq+1, "lipkey-p"))
 118 -                                       pseudoflavour = 390008;
 119 -                               else if (!strcmp(opteq+1, "spkm3"))
 120 -                                       pseudoflavour = 390009;
 121 -                               else if (!strcmp(opteq+1, "spkm3i"))
 122 -                                       pseudoflavour = 390010;
 123 -                               else if (!strcmp(opteq+1, "spkm3p"))
 124 -                                       pseudoflavour = 390011;
 125 -                               else {
 126 -                                       printf(_("unknown security type %s\n"),
 127 -                                                       opteq+1);
 128 +                               num_flavour = parse_sec(opteq+1, pseudoflavour);
 129 +                               if (!num_flavour)
 130                                         goto fail;
 131 -                               }
 132                         } else if (!strcmp(opt, "addr")) {
 133                                 /* ignore */;
 134                         } else {
 135 @@ -293,10 +326,10 @@ int nfs4mount(const char *spec, const ch
 136                 | (nocto ? NFS4_MOUNT_NOCTO : 0)
 137                 | (noac ? NFS4_MOUNT_NOAC : 0);
 138
 139 -       if (pseudoflavour != 0) {
 140 -               data.auth_flavourlen = 1;
 141 -               data.auth_flavours = &pseudoflavour;
 142 -       }
 143 +       if (num_flavour == 0)
 144 +               pseudoflavour[num_flavour++] = AUTH_UNIX;
 145 +       data.auth_flavourlen = num_flavour;
 146 +       data.auth_flavours = pseudoflavour;
 147
 148         data.client_addr.data = ip_addr;
 149         data.client_addr.len = strlen(ip_addr);
 150 @@ -321,6 +354,21 @@ int nfs4mount(const char *spec, const ch
 151                (data.flags & NFS4_MOUNT_INTR) != 0,
 152                (data.flags & NFS4_MOUNT_NOCTO) != 0,
 153                (data.flags & NFS4_MOUNT_NOAC) != 0);
 154 +
 155 +       if (num_flavour > 0) {
 156 +               int pf_cnt, i;
 157 +
 158 +               printf("sec = ");
 159 +               for (pf_cnt = 0; pf_cnt < num_flavour; pf_cnt++) {
 160 +                       for (i = 0; i < FMAPSIZE; i++) {
 161 +                               if (flav_map[i].fnum == pseudoflavour[pf_cnt]) {
 162 +                                       printf("%s", flav_map[i].flavour);
 163 +                                       break;
 164 +                               }
 165 +                       }
 166 +                       printf("%s", (pf_cnt < num_flavour-1) ? ":" : "\n");
 167 +               }
 168 +       }
 169         printf("proto = %s\n", (data.proto == IPPROTO_TCP) ? "tcp" : "udp");
 170  #endif
 171
 172 _