3 The complete set of CITI nfs-utils patches rolled into one patch.
5 Changes since 1.0.9-CITI_NFS4_ALL-2:
7 * Rebase on nfs-utils-1.0.10
9 * Update to autoconf-2.60 to try and match the version used to
10 generate the nfs-utils-1.0.10 files. Hopefully, this eliminates
11 the problem people are having building with the automake_catchall
12 patch on different distributions.
17 nfs-utils-1.0.10-kwc/aclocal.m4 | 73 ++-
18 nfs-utils-1.0.10-kwc/configure | 252 ++++++++---
19 nfs-utils-1.0.10-kwc/support/include/exportfs.h | 7
20 nfs-utils-1.0.10-kwc/support/include/nfslib.h | 2
21 nfs-utils-1.0.10-kwc/support/nfs/exports.c | 35 +
22 nfs-utils-1.0.10-kwc/utils/exportfs/exportfs.c | 14
23 nfs-utils-1.0.10-kwc/utils/exportfs/exports.man | 13
24 nfs-utils-1.0.10-kwc/utils/gssd/context_mit.c | 507 ++++++++++++++++++++++--
25 nfs-utils-1.0.10-kwc/utils/gssd/context_spkm3.c | 39 -
26 nfs-utils-1.0.10-kwc/utils/gssd/gssd.c | 2
27 nfs-utils-1.0.10-kwc/utils/gssd/krb5_util.c | 226 ++++++++--
28 nfs-utils-1.0.10-kwc/utils/gssd/krb5_util.h | 2
29 nfs-utils-1.0.10-kwc/utils/mountd/Makefile.am | 2
30 nfs-utils-1.0.10-kwc/utils/mountd/Makefile.in | 19
31 nfs-utils-1.0.10-kwc/utils/mountd/cache.c | 25 +
32 nfs-utils-1.0.10-kwc/utils/mountd/fsloc.c | 193 +++++++++
33 nfs-utils-1.0.10-kwc/utils/mountd/fsloc.h | 20
34 17 files changed, 1234 insertions(+), 197 deletions(-)
36 diff -puN utils/gssd/context_spkm3.c~CITI_NFS4_ALL utils/gssd/context_spkm3.c
37 --- nfs-utils-1.0.10/utils/gssd/context_spkm3.c~CITI_NFS4_ALL 2006-08-07 11:45:41.462005000 -0400
38 +++ nfs-utils-1.0.10-kwc/utils/gssd/context_spkm3.c 2006-08-07 11:45:41.503963000 -0400
41 * buf->length should be:
47 @@ -70,60 +71,58 @@ prepare_spkm3_ctx_buffer(gss_spkm3_lucid
49 unsigned int buf_size = 0;
51 - buf_size = lctx->ctx_id.length +
52 - sizeof(lctx->ctx_id.length) + sizeof(lctx->qop) +
53 + buf_size = sizeof(lctx->version) +
54 + lctx->ctx_id.length + sizeof(lctx->ctx_id.length) +
55 + sizeof(lctx->endtime) +
56 sizeof(lctx->mech_used.length) + lctx->mech_used.length +
57 - sizeof(lctx->ret_flags) + sizeof(lctx->req_flags) +
58 - sizeof(lctx->share_key.length) + lctx->share_key.length +
59 + sizeof(lctx->ret_flags) +
60 sizeof(lctx->conf_alg.length) + lctx->conf_alg.length +
61 sizeof(lctx->derived_conf_key.length) +
62 lctx->derived_conf_key.length +
63 sizeof(lctx->intg_alg.length) + lctx->intg_alg.length +
64 sizeof(lctx->derived_integ_key.length) +
65 - lctx->derived_integ_key.length +
66 - sizeof(lctx->keyestb_alg.length) + lctx->keyestb_alg.length +
67 - sizeof(lctx->owf_alg.length) + lctx->owf_alg.length;
68 + lctx->derived_integ_key.length;
70 if (!(buf->value = calloc(1, buf_size)))
73 end = buf->value + buf_size;
75 + if (WRITE_BYTES(&p, end, lctx->version))
77 + printerr(2, "DEBUG: exporting version = %d\n", lctx->version);
79 if (write_buffer(&p, end, &lctx->ctx_id))
81 + printerr(2, "DEBUG: exporting ctx_id(%d)\n", lctx->ctx_id.length);
83 - if (WRITE_BYTES(&p, end, lctx->qop))
84 + if (WRITE_BYTES(&p, end, lctx->endtime))
86 + printerr(2, "DEBUG: exporting endtime = %d\n", lctx->endtime);
88 if (write_buffer(&p, end, &lctx->mech_used))
90 + printerr(2, "DEBUG: exporting mech oid (%d)\n", lctx->mech_used.length);
92 if (WRITE_BYTES(&p, end, lctx->ret_flags))
95 - if (WRITE_BYTES(&p, end, lctx->req_flags))
98 - if (write_buffer(&p, end, &lctx->share_key))
100 + printerr(2, "DEBUG: exporting ret_flags = %d\n", lctx->ret_flags);
102 if (write_buffer(&p, end, &lctx->conf_alg))
104 + printerr(2, "DEBUG: exporting conf_alg oid (%d)\n", lctx->conf_alg.length);
106 if (write_buffer(&p, end, &lctx->derived_conf_key))
108 + printerr(2, "DEBUG: exporting conf key (%d)\n", lctx->derived_conf_key.length);
110 if (write_buffer(&p, end, &lctx->intg_alg))
112 + printerr(2, "DEBUG: exporting intg_alg oid (%d)\n", lctx->intg_alg.length);
114 if (write_buffer(&p, end, &lctx->derived_integ_key))
117 - if (write_buffer(&p, end, &lctx->keyestb_alg))
120 - if (write_buffer(&p, end, &lctx->owf_alg))
122 + printerr(2, "DEBUG: exporting intg key (%d)\n", lctx->derived_integ_key.length);
124 buf->length = p - (char *)buf->value;
126 diff -puN support/include/exportfs.h~CITI_NFS4_ALL support/include/exportfs.h
127 --- nfs-utils-1.0.10/support/include/exportfs.h~CITI_NFS4_ALL 2006-08-07 11:45:41.770710000 -0400
128 +++ nfs-utils-1.0.10-kwc/support/include/exportfs.h 2006-08-07 11:45:42.941259000 -0400
129 @@ -23,6 +23,13 @@ enum {
140 typedef struct mclient {
141 struct mclient * m_next;
142 char m_hostname[NFSCLNT_IDMAX+1];
143 diff -puN support/include/nfslib.h~CITI_NFS4_ALL support/include/nfslib.h
144 --- nfs-utils-1.0.10/support/include/nfslib.h~CITI_NFS4_ALL 2006-08-07 11:45:41.918710000 -0400
145 +++ nfs-utils-1.0.10-kwc/support/include/nfslib.h 2006-08-07 11:45:42.961259000 -0400
146 @@ -80,6 +80,8 @@ struct exportent {
151 + char * e_fslocdata;
155 diff -puN support/nfs/exports.c~CITI_NFS4_ALL support/nfs/exports.c
156 --- nfs-utils-1.0.10/support/nfs/exports.c~CITI_NFS4_ALL 2006-08-07 11:45:42.063710000 -0400
157 +++ nfs-utils-1.0.10-kwc/support/nfs/exports.c 2006-08-07 11:45:42.985259000 -0400
158 @@ -94,6 +94,8 @@ getexportent(int fromkernel, int fromexp
161 ee.e_mountpoint = NULL;
162 + ee.e_fslocmethod = FSLOC_NONE;
163 + ee.e_fslocdata = NULL;
167 @@ -199,7 +201,22 @@ putexportent(struct exportent *ep)
168 if (ep->e_mountpoint)
169 fprintf(fp, "mountpoint%s%s,",
170 ep->e_mountpoint[0]?"=":"", ep->e_mountpoint);
172 + switch (ep->e_fslocmethod) {
176 + fprintf(fp, "refer=%s,", ep->e_fslocdata);
178 + case FSLOC_REPLICA:
179 + fprintf(fp, "replicas=%s,", ep->e_fslocdata);
182 + fprintf(fp, "fsloc=stub,");
185 + xlog(L_ERROR, "unknown fsloc method for %s:%s",
186 + ep->e_hostname, ep->e_path);
188 fprintf(fp, "mapping=");
189 switch (ep->e_maptype) {
191 @@ -262,6 +279,8 @@ dupexportent(struct exportent *dst, stru
193 if (src->e_mountpoint)
194 dst->e_mountpoint = strdup(src->e_mountpoint);
195 + if (src->e_fslocdata)
196 + dst->e_fslocdata = strdup(src->e_fslocdata);
200 @@ -437,6 +456,20 @@ bad_option:
201 ep->e_mountpoint = strdup(mp+1);
203 ep->e_mountpoint = strdup("");
204 + } else if (strncmp(opt, "fsloc=", 6) == 0) {
205 + if (strcmp(opt+6, "stub") == 0)
206 + ep->e_fslocmethod = FSLOC_STUB;
208 + xlog(L_ERROR, "%s:%d: bad option %s\n",
209 + flname, flline, opt);
212 + } else if (strncmp(opt, "refer=", 6) == 0) {
213 + ep->e_fslocmethod = FSLOC_REFER;
214 + ep->e_fslocdata = strdup(opt+6);
215 + } else if (strncmp(opt, "replicas=", 9) == 0) {
216 + ep->e_fslocmethod = FSLOC_REPLICA;
217 + ep->e_fslocdata = strdup(opt+9);
219 xlog(L_ERROR, "%s:%d: unknown keyword \"%s\"\n",
220 flname, flline, opt);
221 diff -puN utils/exportfs/exportfs.c~CITI_NFS4_ALL utils/exportfs/exportfs.c
222 --- nfs-utils-1.0.10/utils/exportfs/exportfs.c~CITI_NFS4_ALL 2006-08-07 11:45:42.205710000 -0400
223 +++ nfs-utils-1.0.10-kwc/utils/exportfs/exportfs.c 2006-08-07 11:45:43.008259000 -0400
224 @@ -416,7 +416,19 @@ dump(int verbose)
225 c = dumpopt(c, "anonuid=%d", ep->e_anonuid);
226 if (ep->e_anongid != -2)
227 c = dumpopt(c, "anongid=%d", ep->e_anongid);
229 + switch(ep->e_fslocmethod) {
233 + c = dumpopt(c, "refer=%s", ep->e_fslocdata);
235 + case FSLOC_REPLICA:
236 + c = dumpopt(c, "replicas=%s", ep->e_fslocdata);
239 + c = dumpopt(c, "fsloc=stub");
242 printf("%c\n", (c != '(')? ')' : ' ');
245 diff -puN utils/exportfs/exports.man~CITI_NFS4_ALL utils/exportfs/exports.man
246 --- nfs-utils-1.0.10/utils/exportfs/exports.man~CITI_NFS4_ALL 2006-08-07 11:45:42.354662000 -0400
247 +++ nfs-utils-1.0.10-kwc/utils/exportfs/exports.man 2006-08-07 11:45:43.039260000 -0400
248 @@ -322,6 +322,19 @@ The value 0 has a special meaning when
249 concept of a root of the overall exported filesystem. The export point
250 exported with fsid=0 will be used as this root.
253 +.IR refer= path@host[+host][:path@host[+host]]
254 +A client referencing the export point will be directed to choose from
255 +the given list an alternative location for the filesystem.
256 +(Note that the server currently needs to have a filesystem mounted here,
257 +generally using mount --bind, although it is not actually exported.)
260 +.IR replicas= path@host[+host][:path@host[+host]]
261 +If the client asks for alternative locations for the export point, it
262 +will be given this list of alternatives. (Note that actual replication
263 +of the filesystem must be handled elsewhere.)
268 diff -puN utils/mountd/cache.c~CITI_NFS4_ALL utils/mountd/cache.c
269 --- nfs-utils-1.0.10/utils/mountd/cache.c~CITI_NFS4_ALL 2006-08-07 11:45:42.497519000 -0400
270 +++ nfs-utils-1.0.10-kwc/utils/mountd/cache.c 2006-08-07 11:45:43.062259000 -0400
272 #include "exportfs.h"
278 * Support routines for text-based upcalls.
279 @@ -239,6 +240,29 @@ void nfsd_fh(FILE *f)
283 +static void write_fsloc(FILE *f, struct exportent *ep, char *path)
285 + struct servers *servers;
287 + if (ep->e_fslocmethod == FSLOC_NONE)
290 + servers = replicas_lookup(ep->e_fslocmethod, ep->e_fslocdata, path);
293 + qword_print(f, "fsloc");
294 + qword_printint(f, servers->h_num);
295 + if (servers->h_num >= 0) {
297 + for (i=0; i<servers->h_num; i++) {
298 + qword_print(f, servers->h_mp[i]->h_host);
299 + qword_print(f, servers->h_mp[i]->h_path);
302 + qword_printint(f, servers->h_referral);
303 + release_replicas(servers);
306 void nfsd_export(FILE *f)
309 @@ -295,6 +319,7 @@ void nfsd_export(FILE *f)
310 qword_printint(f, found->m_export.e_anonuid);
311 qword_printint(f, found->m_export.e_anongid);
312 qword_printint(f, found->m_export.e_fsid);
313 + write_fsloc(f, &found->m_export, path);
314 mountlist_add(dom, path);
317 diff -puN /dev/null utils/mountd/fsloc.c
318 --- /dev/null 2006-08-07 09:21:41.858758048 -0400
319 +++ nfs-utils-1.0.10-kwc/utils/mountd/fsloc.c 2006-08-07 11:45:43.081259000 -0400
326 +#include "exportfs.h"
328 +/* Debugging tool: prints out @servers info to syslog */
329 +static void replicas_print(struct servers *sp)
333 + syslog(LOG_INFO, "NULL replicas pointer");
336 + syslog(LOG_INFO, "replicas listsize=%i", sp->h_num);
337 + for (i=0; i<sp->h_num; i++) {
338 + syslog(LOG_INFO, "%s:/%s",
339 + sp->h_mp[i]->h_host, sp->h_mp[i]->h_path);
343 +/* Called by setting 'Method = stub' in config file. Just returns
344 + * some syntactically correct gibberish for testing purposes.
346 +static struct servers *method_stub(char *key)
348 + struct servers *sp;
349 + struct mount_point *mp;
351 + syslog(LOG_INFO, "called method_stub");
352 + sp = malloc(sizeof(struct servers));
355 + mp = calloc(1, sizeof(struct mount_point));
362 + mp->h_host = strdup("stub_server");
363 + mp->h_path = strdup("/my/test/path");
364 + sp->h_referral = 1;
368 +/* Scan @list, which is a NULL-terrminated array of strings of the
369 + * form host[:host]:/path, and return corresponding servers structure.
371 +static struct servers *parse_list(char **list)
374 + struct servers *res;
375 + struct mount_point *mp;
378 + res = malloc(sizeof(struct servers));
383 + /* parse each of the answers in sucession. */
384 + for (i=0; list[i] && i<FSLOC_MAX_LIST; i++) {
385 + mp = calloc(1, sizeof(struct mount_point));
387 + release_replicas(res);
390 + cp = strstr(list[i], ":/");
392 + syslog(LOG_WARNING, "invalid entry '%s'", list[i]);
393 + continue; /* XXX Need better error handling */
397 + mp->h_host = strndup(list[i], cp - list[i]);
399 + mp->h_path = strdup(cp);
404 +/* Converts from path@host[+host][:path@host[+host]] to
405 + * host[:host]:path[@host[:host]:path]
407 + * XXX Once the interface is stabilized, we can put the kernel and
408 + * userland formats into agreement, so this won't be necessary.
410 +static char *strconvert(const char *in)
412 + char *path, *ptr, *copy, *rv, *rvptr, *next;
413 + next = copy = strdup(in);
414 + rvptr = rv = malloc(strlen(in) + 1);
418 + ptr = strsep(&next, ":");
419 + path = strsep(&ptr, "@");
432 + *rvptr++ = *path++;
447 +/* @data is a string of form path@host[+host][:path@host[+host]]
449 +static struct servers *method_list(char *data)
451 + char *copy, *ptr=data;
454 + struct servers *rv=NULL;
456 + syslog(LOG_INFO, "method_list(%s)\n", data);
457 + for (ptr--, listsize=1; ptr; ptr=index(ptr, ':'), listsize++)
459 + list = malloc(listsize * sizeof(char *));
460 + copy = strconvert(data);
461 + syslog(LOG_INFO, "converted to %s\n", copy);
462 + if (list && copy) {
464 + for (i=0; i<listsize; i++) {
465 + list[i] = strsep(&ptr, "@");
467 + rv = parse_list(list);
471 + replicas_print(rv);
475 +/* Returns appropriately filled struct servers, or NULL if had a problem */
476 +struct servers *replicas_lookup(int method, char *data, char *key)
478 + struct servers *sp=NULL;
483 + sp = method_list(data);
485 + sp->h_referral = 1;
487 + case FSLOC_REPLICA:
488 + sp = method_list(data);
490 + sp->h_referral = 0;
493 + sp = method_stub(data);
496 + syslog(LOG_WARNING, "Unknown method = %i", method);
498 + replicas_print(sp);
502 +void release_replicas(struct servers *server)
506 + if (!server) return;
507 + for (i = 0; i < server->h_num; i++) {
508 + free(server->h_mp[i]->h_host);
509 + free(server->h_mp[i]->h_path);
510 + free(server->h_mp[i]);
514 diff -puN /dev/null utils/mountd/fsloc.h
515 --- /dev/null 2006-08-07 09:21:41.858758048 -0400
516 +++ nfs-utils-1.0.10-kwc/utils/mountd/fsloc.h 2006-08-07 11:45:43.100259000 -0400
521 +#define FSLOC_MAX_LIST 40
523 +struct mount_point {
530 + struct mount_point *h_mp[FSLOC_MAX_LIST];
531 + int h_referral; /* 0=replica, 1=referral */
534 +struct servers *replicas_lookup(int method, char *data, char *key);
535 +void release_replicas(struct servers *server);
537 +#endif /* FSLOC_H */
538 diff -puN utils/mountd/Makefile.am~CITI_NFS4_ALL utils/mountd/Makefile.am
539 --- nfs-utils-1.0.10/utils/mountd/Makefile.am~CITI_NFS4_ALL 2006-08-07 11:45:42.865259000 -0400
540 +++ nfs-utils-1.0.10-kwc/utils/mountd/Makefile.am 2006-08-07 11:45:43.116259000 -0400
541 @@ -8,7 +8,7 @@ KPREFIX = @kprefix@
542 sbin_PROGRAMS = mountd
544 mountd_SOURCES = mountd.c mount_dispatch.c auth.c rmtab.c cache.c \
546 + svc_run.c fsloc.c mountd.h
547 mountd_LDADD = ../../support/export/libexport.a \
548 ../../support/nfs/libnfs.a \
549 ../../support/misc/libmisc.a \
550 diff -puN utils/gssd/gssd.c~CITI_NFS4_ALL utils/gssd/gssd.c
551 --- nfs-utils-1.0.10/utils/gssd/gssd.c~CITI_NFS4_ALL 2006-08-07 11:45:43.366200000 -0400
552 +++ nfs-utils-1.0.10-kwc/utils/gssd/gssd.c 2006-08-07 11:45:43.706859000 -0400
553 @@ -157,6 +157,8 @@ main(int argc, char *argv[])
555 /* Process keytab file and get machine credentials */
556 gssd_refresh_krb5_machine_creds();
557 + /* Determine Kerberos information from the kernel */
558 + gssd_obtain_kernel_krb5_info();
561 printerr(0, "gssd_run returned!\n");
562 diff -puN utils/gssd/krb5_util.c~CITI_NFS4_ALL utils/gssd/krb5_util.c
563 --- nfs-utils-1.0.10/utils/gssd/krb5_util.c~CITI_NFS4_ALL 2006-08-07 11:45:43.533033000 -0400
564 +++ nfs-utils-1.0.10-kwc/utils/gssd/krb5_util.c 2006-08-07 11:45:43.743822000 -0400
567 #include <sys/param.h>
569 +#include <sys/types.h>
570 #include <sys/stat.h>
571 #include <sys/socket.h>
572 #include <arpa/inet.h>
580 #include <gssapi/gssapi.h>
582 /* Global list of principals/cache file names for machine credentials */
583 struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL;
585 +/* Encryption types supported by the kernel rpcsec_gss code */
586 +int num_krb5_enctypes = 0;
587 +krb5_enctype *krb5_enctypes = NULL;
589 /*==========================*/
590 /*=== Internal routines ===*/
591 /*==========================*/
592 @@ -261,56 +267,6 @@ gssd_find_existing_krb5_ccache(uid_t uid
596 -#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
598 - * this routine obtains a credentials handle via gss_acquire_cred()
599 - * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
600 - * types negotiated.
602 - * XXX Should call some function to determine the enctypes supported
603 - * by the kernel. (Only need to do that once!)
606 - * 0 => all went well
607 - * -1 => there was an error
611 -limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
613 - u_int maj_stat, min_stat;
614 - gss_cred_id_t credh;
615 - gss_OID_set_desc desired_mechs;
616 - krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
617 - int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
619 - /* We only care about getting a krb5 cred */
620 - desired_mechs.count = 1;
621 - desired_mechs.elements = &krb5oid;
623 - maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
624 - &desired_mechs, GSS_C_INITIATE,
625 - &credh, NULL, NULL);
627 - if (maj_stat != GSS_S_COMPLETE) {
628 - pgsserr("gss_acquire_cred",
629 - maj_stat, min_stat, &krb5oid);
633 - maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid,
634 - num_enctypes, &enctypes);
635 - if (maj_stat != GSS_S_COMPLETE) {
636 - pgsserr("gss_set_allowable_enctypes",
637 - maj_stat, min_stat, &krb5oid);
644 -#endif /* HAVE_SET_ALLOWABLE_ENCTYPES */
647 * Obtain credentials via a key in the keytab given
648 * a keytab handle and a gssd_k5_kt_princ structure.
649 @@ -608,6 +564,56 @@ gssd_set_krb5_ccache_name(char *ccname)
654 + * Parse the supported encryption type information
657 +parse_enctypes(char *enctypes)
660 + char *curr, *comma;
663 + /* Just in case this ever gets called more than once */
664 + if (krb5_enctypes != NULL) {
665 + free(krb5_enctypes);
666 + krb5_enctypes = NULL;
667 + num_krb5_enctypes = 0;
670 + /* count the number of commas */
671 + for (curr = enctypes; curr && *curr != '\0'; curr = ++comma) {
672 + comma = strchr(curr, ',');
678 + /* If no more commas and we're not at the end, there's one more value */
682 + /* Empty string, return an error */
686 + /* Allocate space for enctypes array */
687 + if ((krb5_enctypes = (int *) calloc(n, sizeof(int))) == NULL) {
691 + /* Now parse each value into the array */
692 + for (curr = enctypes, i = 0; curr && *curr != '\0'; curr = ++comma) {
693 + krb5_enctypes[i++] = atoi(curr);
694 + comma = strchr(curr, ',');
699 + num_krb5_enctypes = n;
703 /*==========================*/
704 /*=== External routines ===*/
705 /*==========================*/
706 @@ -859,3 +865,123 @@ gssd_destroy_krb5_machine_creds(void)
707 krb5_free_context(context);
710 +#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
712 + * this routine obtains a credentials handle via gss_acquire_cred()
713 + * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
714 + * types negotiated.
717 + * 0 => all went well
718 + * -1 => there was an error
722 +limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
724 + u_int maj_stat, min_stat;
725 + gss_cred_id_t credh;
726 + gss_OID_set_desc desired_mechs;
727 + krb5_enctype enctypes[] = {ENCTYPE_DES_CBC_CRC};
728 + int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
730 + /* We only care about getting a krb5 cred */
731 + desired_mechs.count = 1;
732 + desired_mechs.elements = &krb5oid;
734 + maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
735 + &desired_mechs, GSS_C_INITIATE,
736 + &credh, NULL, NULL);
738 + if (maj_stat != GSS_S_COMPLETE) {
739 + pgsserr("gss_acquire_cred",
740 + maj_stat, min_stat, &krb5oid);
745 + * If we failed for any reason to produce global
746 + * list of supported enctypes, use local default here.
748 + if (krb5_enctypes == NULL)
749 + maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
750 + &krb5oid, num_enctypes, &enctypes);
752 + maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
753 + &krb5oid, num_krb5_enctypes,
755 + if (maj_stat != GSS_S_COMPLETE) {
756 + pgsserr("gss_set_allowable_enctypes",
757 + maj_stat, min_stat, &krb5oid);
764 +#endif /* HAVE_SET_ALLOWABLE_ENCTYPES */
767 + * Obtain supported enctypes from kernel.
768 + * Set defaults if info is not available.
771 +gssd_obtain_kernel_krb5_info(void)
773 + char enctype_file_name[128];
775 + char enctypes[128];
776 + char extrainfo[1024];
778 + int use_default_enctypes = 0;
779 + int nbytes, numfields;
780 + char default_enctypes[] = "1,3,2";
783 + snprintf(enctype_file_name, sizeof(enctype_file_name),
784 + "%s/%s", pipefsdir, "krb5_info");
786 + if ((fd = open(enctype_file_name, O_RDONLY)) == -1) {
787 + printerr(1, "WARNING: gssd_obtain_kernel_krb5_info: "
788 + "Unable to open '%s'. Unable to determine "
789 + "Kerberos encryption types supported by the "
790 + "kernel; using defaults (%s).\n",
791 + enctype_file_name, default_enctypes);
792 + use_default_enctypes = 1;
795 + if ((nbytes = read(fd, buf, sizeof(buf))) == -1) {
796 + printerr(0, "WARNING: gssd_obtain_kernel_krb5_info: "
797 + "Error reading Kerberos encryption type "
798 + "information file '%s'; using defaults (%s).\n",
799 + enctype_file_name, default_enctypes);
800 + use_default_enctypes = 1;
803 + numfields = sscanf(buf, "enctypes: %s\n%s", enctypes, extrainfo);
804 + if (numfields < 1) {
805 + printerr(0, "WARNING: gssd_obtain_kernel_krb5_info: "
806 + "error parsing Kerberos encryption type "
807 + "information from file '%s'; using defaults (%s).\n",
808 + enctype_file_name, default_enctypes);
809 + use_default_enctypes = 1;
812 + if (numfields > 1) {
813 + printerr(0, "WARNING: gssd_obtain_kernel_krb5_info: "
814 + "Extra information, '%s', from '%s' is ignored\n",
815 + enctype_file_name, extrainfo);
816 + use_default_enctypes = 1;
820 + if (use_default_enctypes)
821 + strcpy(enctypes, default_enctypes);
823 + if ((code = parse_enctypes(enctypes)) != 0) {
824 + printerr(0, "ERROR: gssd_obtain_kernel_krb5_info: "
825 + "parse_enctypes%s failed with code %d\n",
826 + use_default_enctypes ? " (with default enctypes)" : "",
830 diff -puN utils/gssd/krb5_util.h~CITI_NFS4_ALL utils/gssd/krb5_util.h
831 --- nfs-utils-1.0.10/utils/gssd/krb5_util.h~CITI_NFS4_ALL 2006-08-07 11:45:43.667898000 -0400
832 +++ nfs-utils-1.0.10-kwc/utils/gssd/krb5_util.h 2006-08-07 11:45:43.759808000 -0400
833 @@ -22,6 +22,8 @@ int gssd_refresh_krb5_machine_creds(voi
834 void gssd_free_krb5_machine_cred_list(char **list);
835 void gssd_setup_krb5_machine_gss_ccache(char *servername);
836 void gssd_destroy_krb5_machine_creds(void);
837 +void gssd_obtain_kernel_krb5_info(void);
840 #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
841 int limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid);
842 diff -puN utils/gssd/context_mit.c~CITI_NFS4_ALL utils/gssd/context_mit.c
843 --- nfs-utils-1.0.10/utils/gssd/context_mit.c~CITI_NFS4_ALL 2006-08-07 11:45:44.022808000 -0400
844 +++ nfs-utils-1.0.10-kwc/utils/gssd/context_mit.c 2006-08-07 11:45:44.075808000 -0400
852 #include <rpc/auth_gss.h>
858 +#define KG_USAGE_SEAL 22
859 +#define KG_USAGE_SIGN 23
860 +#define KG_USAGE_SEQ 24
863 +#define KG_USAGE_ACCEPTOR_SEAL 22
864 +#define KG_USAGE_ACCEPTOR_SIGN 23
865 +#define KG_USAGE_INITIATOR_SEAL 24
866 +#define KG_USAGE_INITIATOR_SIGN 25
868 +/* Lifted from mit src/lib/gssapi/krb5/gssapiP_krb5.h */
870 + SEAL_ALG_NONE = 0xffff,
871 + SEAL_ALG_DES = 0x0000,
872 + SEAL_ALG_1 = 0x0001, /* not published */
873 + SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */
874 + SEAL_ALG_DES3KD = 0x0002
877 +#define KEY_USAGE_SEED_ENCRYPTION 0xAA
878 +#define KEY_USAGE_SEED_INTEGRITY 0x55
879 +#define KEY_USAGE_SEED_CHECKSUM 0x99
882 +/* Flags for version 2 context flags */
883 +#define KRB5_CTX_FLAG_INITIATOR 0x00000001
884 +#define KRB5_CTX_FLAG_CFX 0x00000002
885 +#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
888 + * XXX Hack alert. We don't have "legal" access to these
889 + * structures located in libk5crypto
891 +extern void krb5int_enc_arcfour;
892 +extern void krb5int_enc_des3;
893 +extern void krb5int_enc_aes128;
894 +extern void krb5int_enc_aes256;
895 +extern int krb5_derive_key();
897 +void *get_enc_provider();
899 /* XXX spkm3 seems to actually want it this big, yipes. */
900 #define MAX_CTX_LEN 4096
904 #ifdef HAVE_LUCID_CONTEXT_SUPPORT
906 /* Don't use the private structure, use the exported lucid structure */
907 @@ -144,6 +189,96 @@ write_lucid_keyblock(char **p, char *end
912 +key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)
914 + memset(kout, '\0', sizeof(kout));
915 + kout->enctype = lin->type;
916 + kout->length = lin->length;
917 + kout->contents = lin->data;
921 +key_krb5_to_lucid(const krb5_keyblock *kin, gss_krb5_lucid_key_t *lout)
923 + memset(lout, '\0', sizeof(lout));
924 + lout->type = kin->enctype;
925 + lout->length = kin->length;
926 + lout->data = kin->contents;
930 + * Function to derive a new key from a given key and given constant data.
932 +static krb5_error_code
933 +derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
934 + int usage, char extra)
936 + krb5_error_code code;
937 + unsigned char constant_data[K5CLENGTH];
941 + krb5_keyblock kin, kout; /* must send krb5_keyblock, not lucid! */
944 + * XXX Hack alert. We don't have "legal" access to these
945 + * values and structures located in libk5crypto
947 + switch (in->type) {
948 + case ENCTYPE_DES3_CBC_RAW:
950 + enc = &krb5int_enc_des3;
952 + case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
954 + enc = &krb5int_enc_aes128;
956 + case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
958 + enc = &krb5int_enc_aes256;
961 + code = KRB5_BAD_ENCTYPE;
965 + /* allocate memory for output key */
966 + if ((out->data = malloc(keylength)) == NULL) {
970 + out->length = keylength;
971 + out->type = in->type;
973 + /* Convert to correct format for call to krb5_derive_key */
974 + key_lucid_to_krb5(in, &kin);
975 + key_lucid_to_krb5(out, &kout);
977 + datain.data = (char *) constant_data;
978 + datain.length = K5CLENGTH;
980 + datain.data[0] = (usage>>24)&0xff;
981 + datain.data[1] = (usage>>16)&0xff;
982 + datain.data[2] = (usage>>8)&0xff;
983 + datain.data[3] = usage&0xff;
985 + datain.data[4] = (char) extra;
987 + if ((code = krb5_derive_key(enc, &kin, &kout, &datain))) {
992 + key_krb5_to_lucid(&kout, out);
996 + printerr(0, "ERROR: derive_key_lucid returning error %d (%s)\n",
997 + code, error_message(code));
1002 prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
1003 gss_buffer_desc *buf)
1004 @@ -183,7 +318,7 @@ prepare_krb5_rfc1964_buffer(gss_krb5_luc
1005 if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
1006 word_send_seq = lctx->send_seq; /* XXX send_seq is 64-bit */
1007 if (WRITE_BYTES(&p, end, word_send_seq)) goto out_err;
1008 - if (write_buffer(&p, end, (gss_buffer_desc*)&krb5oid)) goto out_err;
1009 + if (write_oid(&p, end, &krb5oid)) goto out_err;
1011 printerr(2, "prepare_krb5_rfc1964_buffer: serializing keys with "
1012 "enctype %d and length %d\n",
1013 @@ -212,17 +347,180 @@ prepare_krb5_rfc1964_buffer(gss_krb5_luc
1016 printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
1017 - if (buf->value) free(buf->value);
1020 + buf->value = NULL;
1023 - if (enc_key.data) free(enc_key.data);
1024 + if (enc_key.data) {
1025 + free(enc_key.data);
1026 + enc_key.data = NULL;
1032 + * Prepare a new-style buffer to send to the kernel for newer encryption
1033 + * types -- or for DES3.
1035 + * The new format is:
1037 + * u32 version; This is two (2)
1040 + * #define KRB5_CTX_FLAG_INITIATOR 0x00000001
1041 + * #define KRB5_CTX_FLAG_CFX 0x00000002
1042 + * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
1044 + * u32 enctype; ( encrption type of keys )
1045 + * u32 size_of_each_key; ( size of each key in bytes )
1046 + * u32 number_of_keys; ( N -- should always be 3 for now )
1047 + * keydata-1; ( Ke )
1048 + * keydata-2; ( Ki )
1049 + * keydata-3; ( Kc )
1053 -prepare_krb5_rfc_cfx_buffer(gss_krb5_lucid_context_v1_t *lctx,
1054 +prepare_krb5_ctx_v2_buffer(gss_krb5_lucid_context_v1_t *lctx,
1055 gss_buffer_desc *buf)
1057 - printerr(0, "ERROR: prepare_krb5_rfc_cfx_buffer: not implemented\n");
1059 + static uint32_t version = 2;
1060 + uint32_t v2_flags = 0;
1061 + gss_krb5_lucid_key_t enc_key;
1062 + gss_krb5_lucid_key_t derived_key;
1063 + gss_buffer_desc fakeoid;
1068 + memset(&enc_key, 0, sizeof(enc_key));
1069 + memset(&fakeoid, 0, sizeof(fakeoid));
1071 + if (!(buf->value = calloc(1, MAX_CTX_LEN)))
1074 + end = buf->value + MAX_CTX_LEN;
1077 + if (WRITE_BYTES(&p, end , version)) goto out_err;
1078 + if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
1080 + if (lctx->initiate)
1081 + v2_flags |= KRB5_CTX_FLAG_INITIATOR;
1082 + if (lctx->protocol != 0)
1083 + v2_flags |= KRB5_CTX_FLAG_CFX;
1084 + if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1)
1085 + v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
1087 + if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
1089 + if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err;
1091 + /* Protocol 0 here implies DES3 or RC4 */
1092 + if (lctx->protocol == 0) {
1093 + enctype = lctx->rfc1964_kd.ctx_key.type;
1094 + keysize = lctx->rfc1964_kd.ctx_key.length;
1095 + numkeys = 3; /* XXX is always gonna be three? */
1097 + if (lctx->cfx_kd.have_acceptor_subkey) {
1098 + enctype = lctx->cfx_kd.acceptor_subkey.type;
1099 + keysize = lctx->cfx_kd.acceptor_subkey.length;
1101 + enctype = lctx->cfx_kd.ctx_key.type;
1102 + keysize = lctx->cfx_kd.ctx_key.length;
1106 + printerr(2, "prepare_krb5_ctx_v2_buffer: serializing %d keys with "
1107 + "enctype %d and size %d\n", numkeys, enctype, keysize);
1108 + if (WRITE_BYTES(&p, end, enctype)) goto out_err;
1109 + if (WRITE_BYTES(&p, end, keysize)) goto out_err;
1110 + if (WRITE_BYTES(&p, end, numkeys)) goto out_err;
1112 + if (lctx->protocol == 0) {
1113 + /* derive and send down: Ke, Ki, and Kc */
1115 + if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
1116 + lctx->rfc1964_kd.ctx_key.length))
1120 + if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
1121 + lctx->rfc1964_kd.ctx_key.length))
1125 + if (derive_key_lucid(&lctx->rfc1964_kd.ctx_key,
1127 + KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM))
1129 + if (write_bytes(&p, end, derived_key.data,
1130 + derived_key.length))
1132 + free(derived_key.data);
1134 + gss_krb5_lucid_key_t *keyptr;
1135 + uint32_t sign_usage, seal_usage;
1137 + if (lctx->cfx_kd.have_acceptor_subkey)
1138 + keyptr = &lctx->cfx_kd.acceptor_subkey;
1140 + keyptr = &lctx->cfx_kd.ctx_key;
1142 + if (lctx->initiate == 1) {
1143 + sign_usage = KG_USAGE_INITIATOR_SIGN;
1144 + seal_usage = KG_USAGE_INITIATOR_SEAL;
1146 + sign_usage = KG_USAGE_ACCEPTOR_SIGN;
1147 + seal_usage = KG_USAGE_ACCEPTOR_SEAL;
1150 + /* derive and send down: Ke, Ki, and Kc */
1153 + if (derive_key_lucid(keyptr, &derived_key,
1154 + seal_usage, KEY_USAGE_SEED_ENCRYPTION))
1156 + if (write_bytes(&p, end, derived_key.data,
1157 + derived_key.length))
1159 + free(derived_key.data);
1162 + if (derive_key_lucid(keyptr, &derived_key,
1163 + seal_usage, KEY_USAGE_SEED_INTEGRITY))
1165 + if (write_bytes(&p, end, derived_key.data,
1166 + derived_key.length))
1168 + free(derived_key.data);
1171 + if (derive_key_lucid(keyptr, &derived_key,
1172 + sign_usage, KEY_USAGE_SEED_CHECKSUM))
1174 + if (write_bytes(&p, end, derived_key.data,
1175 + derived_key.length))
1177 + free(derived_key.data);
1180 + buf->length = p - (char *)buf->value;
1184 + printerr(0, "ERROR: prepare_krb5_ctx_v2_buffer: "
1185 + "failed serializing krb5 context for kernel\n");
1188 + buf->value = NULL;
1191 + if (enc_key.data) {
1192 + free(enc_key.data);
1193 + enc_key.data = NULL;
1198 @@ -258,11 +556,21 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss
1202 - /* Now lctx points to a lucid context that we can send down to kernel */
1203 - if (lctx->protocol == 0)
1205 + * Now lctx points to a lucid context that we can send down to kernel
1207 + * Note: we send down different information to the kernel depending
1208 + * on the protocol version and the enctyption type.
1209 + * For protocol version 0 with all enctypes besides DES3, we use
1210 + * the original format. For protocol version != 0 or DES3, we
1211 + * send down the new style information.
1214 + if (lctx->protocol == 0 &&
1215 + lctx->rfc1964_kd.ctx_key.type == ENCTYPE_DES_CBC_RAW)
1216 retcode = prepare_krb5_rfc1964_buffer(lctx, buf);
1218 - retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf);
1219 + retcode = prepare_krb5_ctx_v2_buffer(lctx, buf);
1221 maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
1222 if (maj_stat != GSS_S_COMPLETE) {
1223 @@ -300,6 +608,66 @@ write_keyblock(char **p, char *end, stru
1227 + * Function to derive a new key from a given key and given constant data.
1229 +static krb5_error_code
1230 +derive_key(const krb5_keyblock *in, krb5_keyblock *out, int usage, char extra)
1232 + krb5_error_code code;
1233 + unsigned char constant_data[K5CLENGTH];
1239 + * XXX Hack alert. We don't have "legal" access to these
1240 + * values and structures located in libk5crypto
1242 + switch (in->enctype) {
1243 + case ENCTYPE_DES3_CBC_RAW:
1245 + enc = &krb5int_enc_des3;
1247 + case ENCTYPE_ARCFOUR_HMAC:
1249 + enc = &krb5int_enc_arcfour;
1252 + code = KRB5_BAD_ENCTYPE;
1256 + /* allocate memory for output key */
1257 + if ((out->contents = malloc(keylength)) == NULL) {
1261 + out->length = keylength;
1262 + out->enctype = in->enctype;
1264 + datain.data = (char *) constant_data;
1265 + datain.length = K5CLENGTH;
1267 + datain.data[0] = (usage>>24)&0xff;
1268 + datain.data[1] = (usage>>16)&0xff;
1269 + datain.data[2] = (usage>>8)&0xff;
1270 + datain.data[3] = usage&0xff;
1272 + datain.data[4] = (char) extra;
1274 + if ((code = krb5_derive_key(enc, in, out, &datain))) {
1275 + free(out->contents);
1276 + out->contents = NULL;
1281 + printerr(0, "ERROR: derive_key returning error %d (%s)\n",
1282 + code, error_message(code));
1287 * We really shouldn't know about glue-layer context structure, but
1288 * we need to get at the real krb5 context pointer. This should be
1289 * removed as soon as we say there is no support for MIT Kerberos
1290 @@ -315,45 +683,114 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss
1292 krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)ctx)->internal_ctx_id;
1294 - static int constant_one = 1;
1295 static int constant_zero = 0;
1296 + static int constant_one = 1;
1297 + static int constant_two = 2;
1298 uint32_t word_seq_send;
1299 + u_int64_t seq_send_64bit;
1300 + uint32_t v2_flags = 0;
1301 + krb5_keyblock derived_key;
1304 if (!(buf->value = calloc(1, MAX_CTX_LEN)))
1307 end = buf->value + MAX_CTX_LEN;
1309 - if (kctx->initiate) {
1310 - if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
1313 - if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
1315 - if (kctx->seed_init) {
1316 - if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
1319 - if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
1321 - if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
1323 - if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
1324 - if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
1325 - if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
1326 - word_seq_send = kctx->seq_send;
1327 - if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
1328 - if (write_oid(&p, end, kctx->mech_used)) goto out_err;
1330 - printerr(2, "serialize_krb5_ctx: serializing keys with "
1331 - "enctype %d and length %d\n",
1332 - kctx->enc->enctype, kctx->enc->length);
1333 + switch (kctx->sealalg) {
1334 + case SEAL_ALG_DES:
1335 + /* Versions 0 and 1 */
1336 + if (kctx->initiate) {
1337 + if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
1340 + if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
1342 + if (kctx->seed_init) {
1343 + if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
1346 + if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
1348 + if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
1350 + if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
1351 + if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
1352 + if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
1353 + word_seq_send = kctx->seq_send;
1354 + if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
1355 + if (write_oid(&p, end, kctx->mech_used)) goto out_err;
1357 + printerr(2, "serialize_krb5_ctx: serializing keys with "
1358 + "enctype %d and length %d\n",
1359 + kctx->enc->enctype, kctx->enc->length);
1361 - if (write_keyblock(&p, end, kctx->enc)) goto out_err;
1362 - if (write_keyblock(&p, end, kctx->seq)) goto out_err;
1363 + if (write_keyblock(&p, end, kctx->enc)) goto out_err;
1364 + if (write_keyblock(&p, end, kctx->seq)) goto out_err;
1366 + case SEAL_ALG_MICROSOFT_RC4:
1367 + case SEAL_ALG_DES3KD:
1368 + /* u32 version; ( 2 )
1371 + * #define KRB5_CTX_FLAG_INITIATOR 0x00000001
1372 + * #define KRB5_CTX_FLAG_CFX 0x00000002
1373 + * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
1376 + * u32 size_of_each_key; ( size in bytes )
1377 + * u32 number_of_keys; ( N (assumed to be 3 for now) )
1378 + * keydata-1; ( Ke (Kenc for DES3) )
1379 + * keydata-2; ( Ki (Kseq for DES3) )
1380 + * keydata-3; ( Kc (derived checksum key) )
1383 + if (WRITE_BYTES(&p, end , constant_two)) goto out_err;
1384 + if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
1386 + /* Only applicable flag for is initiator */
1387 + if (kctx->initiate) v2_flags |= KRB5_CTX_FLAG_INITIATOR;
1388 + if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
1390 + seq_send_64bit = kctx->seq_send;
1391 + if (WRITE_BYTES(&p, end, seq_send_64bit)) goto out_err;
1393 + if (WRITE_BYTES(&p, end, kctx->enc->enctype)) goto out_err;
1394 + if (WRITE_BYTES(&p, end, kctx->enc->length)) goto out_err;
1396 + if (WRITE_BYTES(&p, end, numkeys)) goto out_err;
1397 + printerr(2, "serialize_krb5_ctx: serializing %d keys with "
1398 + "enctype %d and size %d\n",
1399 + numkeys, kctx->enc->enctype, kctx->enc->length);
1402 + if (write_bytes(&p, end, kctx->enc->contents,
1403 + kctx->enc->length))
1407 + if (write_bytes(&p, end, kctx->enc->contents,
1408 + kctx->enc->length))
1412 + if (derive_key(kctx->seq, &derived_key,
1413 + KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM))
1415 + if (write_bytes(&p, end, derived_key.contents,
1416 + derived_key.length))
1418 + free(derived_key.contents);
1421 + printerr(0, "ERROR: serialize_krb5_ctx: unsupported seal "
1422 + "algorithm %d\n", kctx->sealalg);
1426 buf->length = p - (char *)buf->value;
1430 printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
1431 if (buf->value) free(buf->value);
1432 diff -puN aclocal.m4~CITI_NFS4_ALL aclocal.m4
1433 --- nfs-utils-1.0.10/aclocal.m4~CITI_NFS4_ALL 2006-08-07 11:45:44.538578000 -0400
1434 +++ nfs-utils-1.0.10-kwc/aclocal.m4 2006-08-07 11:45:46.918455000 -0400
1437 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
1439 -# serial 48 Debian 1.5.22-4 AC_PROG_LIBTOOL
1440 +# serial 48 AC_PROG_LIBTOOL
1443 # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
1444 @@ -1397,6 +1397,18 @@ freebsd1*)
1449 + version_type=linux
1450 + need_lib_prefix=no
1452 + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
1453 + soname_spec='${libname}${release}${shared_ext}$major'
1454 + shlibpath_var=LD_LIBRARY_PATH
1455 + shlibpath_overrides_runpath=no
1456 + hardcode_into_libs=yes
1457 + dynamic_linker='GNU ld.so'
1460 freebsd* | dragonfly*)
1461 # DragonFly does not have aout. When/if they implement a new
1462 # versioning mechanism, adjust this.
1463 @@ -1552,7 +1564,7 @@ linux*oldld* | linux*aout* | linux*coff*
1466 # This must be Linux ELF.
1467 -linux* | k*bsd*-gnu)
1472 @@ -1566,10 +1578,27 @@ linux* | k*bsd*-gnu)
1473 # before this can be enabled.
1474 hardcode_into_libs=yes
1476 + # find out which ABI we are using
1478 + case "$host_cpu" in
1479 + x86_64*|s390x*|powerpc64*)
1480 + echo '[#]line __oline__ "configure"' > conftest.$ac_ext
1481 + if AC_TRY_EVAL(ac_compile); then
1482 + case `/usr/bin/file conftest.$ac_objext` in
1485 + sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}"
1493 # Append ld.so.conf contents to the search path
1494 if test -f /etc/ld.so.conf; then
1495 lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
1496 - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
1497 + sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
1500 # We used to test for /lib/ld.so.1 and disable shared libraries on
1501 @@ -1581,7 +1610,7 @@ linux* | k*bsd*-gnu)
1502 dynamic_linker='GNU/Linux ld.so'
1510 @@ -1590,7 +1619,7 @@ netbsdelf*-gnu)
1511 shlibpath_var=LD_LIBRARY_PATH
1512 shlibpath_overrides_runpath=no
1513 hardcode_into_libs=yes
1514 - dynamic_linker='NetBSD ld.elf_so'
1515 + dynamic_linker='GNU ld.so'
1519 @@ -2298,7 +2327,7 @@ darwin* | rhapsody*)
1520 lt_cv_deplibs_check_method=pass_all
1523 -freebsd* | dragonfly*)
1524 +freebsd* | kfreebsd*-gnu | dragonfly*)
1525 if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
1528 @@ -2352,11 +2381,11 @@ irix5* | irix6* | nonstopux*)
1531 # This must be Linux ELF.
1532 -linux* | k*bsd*-gnu)
1534 lt_cv_deplibs_check_method=pass_all
1537 -netbsd* | netbsdelf*-gnu)
1539 if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
1540 lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
1542 @@ -3104,7 +3133,7 @@ case $host_os in
1544 _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
1546 - freebsd* | dragonfly*)
1547 + freebsd* | kfreebsd*-gnu | dragonfly*)
1548 # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
1550 _LT_AC_TAGVAR(ld_shlibs, $1)=yes
1551 @@ -3263,7 +3292,7 @@ case $host_os in
1552 _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
1553 _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
1555 - linux* | k*bsd*-gnu)
1557 case $cc_basename in
1559 # Kuck and Associates, Inc. (KAI) C++ Compiler
1560 @@ -3365,7 +3394,7 @@ case $host_os in
1564 - netbsd* | netbsdelf*-gnu)
1566 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1567 _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
1569 @@ -4630,7 +4659,7 @@ hpux*) # Its linker distinguishes data f
1570 lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
1571 lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
1573 -linux* | k*bsd*-gnu)
1575 if test "$host_cpu" = ia64; then
1576 symcode='[[ABCDGIRSTW]]'
1577 lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
1578 @@ -4903,7 +4932,7 @@ AC_MSG_CHECKING([for $compiler option to
1582 - freebsd* | dragonfly*)
1583 + freebsd* | kfreebsd*-gnu | dragonfly*)
1584 # FreeBSD uses GNU C++
1586 hpux9* | hpux10* | hpux11*)
1587 @@ -4946,7 +4975,7 @@ AC_MSG_CHECKING([for $compiler option to
1591 - linux* | k*bsd*-gnu)
1593 case $cc_basename in
1596 @@ -4989,7 +5018,7 @@ AC_MSG_CHECKING([for $compiler option to
1600 - netbsd* | netbsdelf*-gnu)
1603 osf3* | osf4* | osf5*)
1604 case $cc_basename in
1605 @@ -5200,7 +5229,7 @@ AC_MSG_CHECKING([for $compiler option to
1606 _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
1609 - linux* | k*bsd*-gnu)
1611 case $cc_basename in
1613 _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
1614 @@ -5341,9 +5370,6 @@ ifelse([$1],[CXX],[
1616 _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
1618 - linux* | k*bsd*-gnu)
1619 - _LT_AC_TAGVAR(link_all_deplibs, $1)=no
1622 _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
1624 @@ -5514,7 +5540,7 @@ EOF
1625 _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
1628 - linux* | k*bsd*-gnu)
1630 if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
1632 case $cc_basename,$host_cpu in
1633 @@ -5540,13 +5566,12 @@ EOF
1634 $echo "local: *; };" >> $output_objdir/$libname.ver~
1635 $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
1637 - _LT_AC_TAGVAR(link_all_deplibs, $1)=no
1639 _LT_AC_TAGVAR(ld_shlibs, $1)=no
1643 - netbsd* | netbsdelf*-gnu)
1645 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1646 _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
1648 @@ -5876,7 +5901,7 @@ _LT_EOF
1651 # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
1652 - freebsd* | dragonfly*)
1653 + freebsd* | kfreebsd*-gnu | dragonfly*)
1654 _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
1655 _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
1656 _LT_AC_TAGVAR(hardcode_direct, $1)=yes
1657 @@ -5978,7 +6003,7 @@ _LT_EOF
1658 _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
1661 - netbsd* | netbsdelf*-gnu)
1663 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1664 _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
1666 diff -puN configure~CITI_NFS4_ALL configure
1667 --- nfs-utils-1.0.10/configure~CITI_NFS4_ALL 2006-08-07 11:45:46.456758000 -0400
1668 +++ nfs-utils-1.0.10-kwc/configure 2006-08-07 11:45:47.865004000 -0400
1669 @@ -6355,7 +6355,7 @@ darwin* | rhapsody*)
1670 lt_cv_deplibs_check_method=pass_all
1673 -freebsd* | dragonfly*)
1674 +freebsd* | kfreebsd*-gnu | dragonfly*)
1675 if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
1678 @@ -6409,11 +6409,11 @@ irix5* | irix6* | nonstopux*)
1681 # This must be Linux ELF.
1682 -linux* | k*bsd*-gnu)
1684 lt_cv_deplibs_check_method=pass_all
1687 -netbsd* | netbsdelf*-gnu)
1689 if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
1690 lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
1692 @@ -7888,7 +7888,7 @@ hpux*) # Its linker distinguishes data f
1693 lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
1694 lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
1696 -linux* | k*bsd*-gnu)
1698 if test "$host_cpu" = ia64; then
1699 symcode='[ABCDGIRSTW]'
1700 lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
1701 @@ -8856,7 +8856,7 @@ echo $ECHO_N "checking for $compiler opt
1702 lt_prog_compiler_static='-Bstatic'
1705 - linux* | k*bsd*-gnu)
1707 case $cc_basename in
1709 lt_prog_compiler_wl='-Wl,'
1710 @@ -9295,7 +9295,7 @@ EOF
1711 archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
1714 - linux* | k*bsd*-gnu)
1716 if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
1718 case $cc_basename,$host_cpu in
1719 @@ -9321,13 +9321,12 @@ EOF
1720 $echo "local: *; };" >> $output_objdir/$libname.ver~
1721 $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
1723 - link_all_deplibs=no
1729 - netbsd* | netbsdelf*-gnu)
1731 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1732 archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
1734 @@ -9787,7 +9786,7 @@ if test -z "$aix_libpath"; then aix_libp
1737 # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
1738 - freebsd* | dragonfly*)
1739 + freebsd* | kfreebsd*-gnu | dragonfly*)
1740 archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
1741 hardcode_libdir_flag_spec='-R$libdir'
1743 @@ -9889,7 +9888,7 @@ if test -z "$aix_libpath"; then aix_libp
1744 link_all_deplibs=yes
1747 - netbsd* | netbsdelf*-gnu)
1749 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1750 archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
1752 @@ -10379,6 +10378,18 @@ freebsd1*)
1757 + version_type=linux
1758 + need_lib_prefix=no
1760 + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
1761 + soname_spec='${libname}${release}${shared_ext}$major'
1762 + shlibpath_var=LD_LIBRARY_PATH
1763 + shlibpath_overrides_runpath=no
1764 + hardcode_into_libs=yes
1765 + dynamic_linker='GNU ld.so'
1768 freebsd* | dragonfly*)
1769 # DragonFly does not have aout. When/if they implement a new
1770 # versioning mechanism, adjust this.
1771 @@ -10534,7 +10545,7 @@ linux*oldld* | linux*aout* | linux*coff*
1774 # This must be Linux ELF.
1775 -linux* | k*bsd*-gnu)
1780 @@ -10548,10 +10559,31 @@ linux* | k*bsd*-gnu)
1781 # before this can be enabled.
1782 hardcode_into_libs=yes
1784 + # find out which ABI we are using
1786 + case "$host_cpu" in
1787 + x86_64*|s390x*|powerpc64*)
1788 + echo '#line 10566 "configure"' > conftest.$ac_ext
1789 + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
1790 + (eval $ac_compile) 2>&5
1792 + echo "$as_me:$LINENO: \$? = $ac_status" >&5
1793 + (exit $ac_status); }; then
1794 + case `/usr/bin/file conftest.$ac_objext` in
1797 + sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}"
1805 # Append ld.so.conf contents to the search path
1806 if test -f /etc/ld.so.conf; then
1807 lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
1808 - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
1809 + sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
1812 # We used to test for /lib/ld.so.1 and disable shared libraries on
1813 @@ -10563,7 +10595,7 @@ linux* | k*bsd*-gnu)
1814 dynamic_linker='GNU/Linux ld.so'
1822 @@ -10572,7 +10604,7 @@ netbsdelf*-gnu)
1823 shlibpath_var=LD_LIBRARY_PATH
1824 shlibpath_overrides_runpath=no
1825 hardcode_into_libs=yes
1826 - dynamic_linker='NetBSD ld.elf_so'
1827 + dynamic_linker='GNU ld.so'
1831 @@ -11507,7 +11539,7 @@ else
1832 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
1833 lt_status=$lt_dlunknown
1834 cat > conftest.$ac_ext <<EOF
1835 -#line 11510 "configure"
1836 +#line 11542 "configure"
1837 #include "confdefs.h"
1840 @@ -11607,7 +11639,7 @@ else
1841 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
1842 lt_status=$lt_dlunknown
1843 cat > conftest.$ac_ext <<EOF
1844 -#line 11610 "configure"
1845 +#line 11642 "configure"
1846 #include "confdefs.h"
1849 @@ -12952,7 +12984,7 @@ if test -z "$aix_libpath"; then aix_libp
1851 archive_cmds_need_lc_CXX=no
1853 - freebsd* | dragonfly*)
1854 + freebsd* | kfreebsd*-gnu | dragonfly*)
1855 # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
1858 @@ -13111,7 +13143,7 @@ if test -z "$aix_libpath"; then aix_libp
1859 hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
1860 hardcode_libdir_separator_CXX=:
1862 - linux* | k*bsd*-gnu)
1864 case $cc_basename in
1866 # Kuck and Associates, Inc. (KAI) C++ Compiler
1867 @@ -13213,7 +13245,7 @@ if test -z "$aix_libpath"; then aix_libp
1871 - netbsd* | netbsdelf*-gnu)
1873 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
1874 archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
1876 @@ -13780,7 +13812,7 @@ echo $ECHO_N "checking for $compiler opt
1880 - freebsd* | dragonfly*)
1881 + freebsd* | kfreebsd*-gnu | dragonfly*)
1882 # FreeBSD uses GNU C++
1884 hpux9* | hpux10* | hpux11*)
1885 @@ -13823,7 +13855,7 @@ echo $ECHO_N "checking for $compiler opt
1889 - linux* | k*bsd*-gnu)
1891 case $cc_basename in
1894 @@ -13866,7 +13898,7 @@ echo $ECHO_N "checking for $compiler opt
1898 - netbsd* | netbsdelf*-gnu)
1901 osf3* | osf4* | osf5*)
1902 case $cc_basename in
1903 @@ -13975,11 +14007,11 @@ else
1904 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
1905 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
1906 -e 's:$: $lt_compiler_flag:'`
1907 - (eval echo "\"\$as_me:13978: $lt_compile\"" >&5)
1908 + (eval echo "\"\$as_me:14010: $lt_compile\"" >&5)
1909 (eval "$lt_compile" 2>conftest.err)
1911 cat conftest.err >&5
1912 - echo "$as_me:13982: \$? = $ac_status" >&5
1913 + echo "$as_me:14014: \$? = $ac_status" >&5
1914 if (exit $ac_status) && test -s "$ac_outfile"; then
1915 # The compiler can only warn and ignore the option if not recognized
1916 # So say no if there are warnings other than the usual output.
1917 @@ -14079,11 +14111,11 @@ else
1918 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
1919 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
1920 -e 's:$: $lt_compiler_flag:'`
1921 - (eval echo "\"\$as_me:14082: $lt_compile\"" >&5)
1922 + (eval echo "\"\$as_me:14114: $lt_compile\"" >&5)
1923 (eval "$lt_compile" 2>out/conftest.err)
1925 cat out/conftest.err >&5
1926 - echo "$as_me:14086: \$? = $ac_status" >&5
1927 + echo "$as_me:14118: \$? = $ac_status" >&5
1928 if (exit $ac_status) && test -s out/conftest2.$ac_objext
1930 # The compiler can only warn and ignore the option if not recognized
1931 @@ -14151,9 +14183,6 @@ echo $ECHO_N "checking whether the $comp
1933 export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
1935 - linux* | k*bsd*-gnu)
1936 - link_all_deplibs_CXX=no
1939 export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
1941 @@ -14433,6 +14462,18 @@ freebsd1*)
1946 + version_type=linux
1947 + need_lib_prefix=no
1949 + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
1950 + soname_spec='${libname}${release}${shared_ext}$major'
1951 + shlibpath_var=LD_LIBRARY_PATH
1952 + shlibpath_overrides_runpath=no
1953 + hardcode_into_libs=yes
1954 + dynamic_linker='GNU ld.so'
1957 freebsd* | dragonfly*)
1958 # DragonFly does not have aout. When/if they implement a new
1959 # versioning mechanism, adjust this.
1960 @@ -14588,7 +14629,7 @@ linux*oldld* | linux*aout* | linux*coff*
1963 # This must be Linux ELF.
1964 -linux* | k*bsd*-gnu)
1969 @@ -14602,10 +14643,31 @@ linux* | k*bsd*-gnu)
1970 # before this can be enabled.
1971 hardcode_into_libs=yes
1973 + # find out which ABI we are using
1975 + case "$host_cpu" in
1976 + x86_64*|s390x*|powerpc64*)
1977 + echo '#line 14650 "configure"' > conftest.$ac_ext
1978 + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
1979 + (eval $ac_compile) 2>&5
1981 + echo "$as_me:$LINENO: \$? = $ac_status" >&5
1982 + (exit $ac_status); }; then
1983 + case `/usr/bin/file conftest.$ac_objext` in
1986 + sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}"
1994 # Append ld.so.conf contents to the search path
1995 if test -f /etc/ld.so.conf; then
1996 lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
1997 - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
1998 + sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
2001 # We used to test for /lib/ld.so.1 and disable shared libraries on
2002 @@ -14617,7 +14679,7 @@ linux* | k*bsd*-gnu)
2003 dynamic_linker='GNU/Linux ld.so'
2011 @@ -14626,7 +14688,7 @@ netbsdelf*-gnu)
2012 shlibpath_var=LD_LIBRARY_PATH
2013 shlibpath_overrides_runpath=no
2014 hardcode_into_libs=yes
2015 - dynamic_linker='NetBSD ld.elf_so'
2016 + dynamic_linker='GNU ld.so'
2020 @@ -15534,7 +15596,7 @@ echo $ECHO_N "checking for $compiler opt
2021 lt_prog_compiler_static_F77='-Bstatic'
2024 - linux* | k*bsd*-gnu)
2026 case $cc_basename in
2028 lt_prog_compiler_wl_F77='-Wl,'
2029 @@ -15640,11 +15702,11 @@ else
2030 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
2031 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
2032 -e 's:$: $lt_compiler_flag:'`
2033 - (eval echo "\"\$as_me:15643: $lt_compile\"" >&5)
2034 + (eval echo "\"\$as_me:15705: $lt_compile\"" >&5)
2035 (eval "$lt_compile" 2>conftest.err)
2037 cat conftest.err >&5
2038 - echo "$as_me:15647: \$? = $ac_status" >&5
2039 + echo "$as_me:15709: \$? = $ac_status" >&5
2040 if (exit $ac_status) && test -s "$ac_outfile"; then
2041 # The compiler can only warn and ignore the option if not recognized
2042 # So say no if there are warnings other than the usual output.
2043 @@ -15744,11 +15806,11 @@ else
2044 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
2045 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
2046 -e 's:$: $lt_compiler_flag:'`
2047 - (eval echo "\"\$as_me:15747: $lt_compile\"" >&5)
2048 + (eval echo "\"\$as_me:15809: $lt_compile\"" >&5)
2049 (eval "$lt_compile" 2>out/conftest.err)
2051 cat out/conftest.err >&5
2052 - echo "$as_me:15751: \$? = $ac_status" >&5
2053 + echo "$as_me:15813: \$? = $ac_status" >&5
2054 if (exit $ac_status) && test -s out/conftest2.$ac_objext
2056 # The compiler can only warn and ignore the option if not recognized
2057 @@ -15973,7 +16035,7 @@ EOF
2058 archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
2061 - linux* | k*bsd*-gnu)
2063 if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
2065 case $cc_basename,$host_cpu in
2066 @@ -15999,13 +16061,12 @@ EOF
2067 $echo "local: *; };" >> $output_objdir/$libname.ver~
2068 $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
2070 - link_all_deplibs_F77=no
2076 - netbsd* | netbsdelf*-gnu)
2078 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
2079 archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
2081 @@ -16445,7 +16506,7 @@ if test -z "$aix_libpath"; then aix_libp
2084 # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
2085 - freebsd* | dragonfly*)
2086 + freebsd* | kfreebsd*-gnu | dragonfly*)
2087 archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
2088 hardcode_libdir_flag_spec_F77='-R$libdir'
2089 hardcode_direct_F77=yes
2090 @@ -16547,7 +16608,7 @@ if test -z "$aix_libpath"; then aix_libp
2091 link_all_deplibs_F77=yes
2094 - netbsd* | netbsdelf*-gnu)
2096 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
2097 archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
2099 @@ -17037,6 +17098,18 @@ freebsd1*)
2104 + version_type=linux
2105 + need_lib_prefix=no
2107 + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
2108 + soname_spec='${libname}${release}${shared_ext}$major'
2109 + shlibpath_var=LD_LIBRARY_PATH
2110 + shlibpath_overrides_runpath=no
2111 + hardcode_into_libs=yes
2112 + dynamic_linker='GNU ld.so'
2115 freebsd* | dragonfly*)
2116 # DragonFly does not have aout. When/if they implement a new
2117 # versioning mechanism, adjust this.
2118 @@ -17192,7 +17265,7 @@ linux*oldld* | linux*aout* | linux*coff*
2121 # This must be Linux ELF.
2122 -linux* | k*bsd*-gnu)
2127 @@ -17206,10 +17279,31 @@ linux* | k*bsd*-gnu)
2128 # before this can be enabled.
2129 hardcode_into_libs=yes
2131 + # find out which ABI we are using
2133 + case "$host_cpu" in
2134 + x86_64*|s390x*|powerpc64*)
2135 + echo '#line 17286 "configure"' > conftest.$ac_ext
2136 + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
2137 + (eval $ac_compile) 2>&5
2139 + echo "$as_me:$LINENO: \$? = $ac_status" >&5
2140 + (exit $ac_status); }; then
2141 + case `/usr/bin/file conftest.$ac_objext` in
2144 + sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}"
2152 # Append ld.so.conf contents to the search path
2153 if test -f /etc/ld.so.conf; then
2154 lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
2155 - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
2156 + sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
2159 # We used to test for /lib/ld.so.1 and disable shared libraries on
2160 @@ -17221,7 +17315,7 @@ linux* | k*bsd*-gnu)
2161 dynamic_linker='GNU/Linux ld.so'
2169 @@ -17230,7 +17324,7 @@ netbsdelf*-gnu)
2170 shlibpath_var=LD_LIBRARY_PATH
2171 shlibpath_overrides_runpath=no
2172 hardcode_into_libs=yes
2173 - dynamic_linker='NetBSD ld.elf_so'
2174 + dynamic_linker='GNU ld.so'
2178 @@ -17963,11 +18057,11 @@ else
2179 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
2180 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
2181 -e 's:$: $lt_compiler_flag:'`
2182 - (eval echo "\"\$as_me:17966: $lt_compile\"" >&5)
2183 + (eval echo "\"\$as_me:18060: $lt_compile\"" >&5)
2184 (eval "$lt_compile" 2>conftest.err)
2186 cat conftest.err >&5
2187 - echo "$as_me:17970: \$? = $ac_status" >&5
2188 + echo "$as_me:18064: \$? = $ac_status" >&5
2189 if (exit $ac_status) && test -s "$ac_outfile"; then
2190 # The compiler can only warn and ignore the option if not recognized
2191 # So say no if there are warnings other than the usual output.
2192 @@ -18125,7 +18219,7 @@ echo $ECHO_N "checking for $compiler opt
2193 lt_prog_compiler_static_GCJ='-Bstatic'
2196 - linux* | k*bsd*-gnu)
2198 case $cc_basename in
2200 lt_prog_compiler_wl_GCJ='-Wl,'
2201 @@ -18231,11 +18325,11 @@ else
2202 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
2203 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
2204 -e 's:$: $lt_compiler_flag:'`
2205 - (eval echo "\"\$as_me:18234: $lt_compile\"" >&5)
2206 + (eval echo "\"\$as_me:18328: $lt_compile\"" >&5)
2207 (eval "$lt_compile" 2>conftest.err)
2209 cat conftest.err >&5
2210 - echo "$as_me:18238: \$? = $ac_status" >&5
2211 + echo "$as_me:18332: \$? = $ac_status" >&5
2212 if (exit $ac_status) && test -s "$ac_outfile"; then
2213 # The compiler can only warn and ignore the option if not recognized
2214 # So say no if there are warnings other than the usual output.
2215 @@ -18335,11 +18429,11 @@ else
2216 -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
2217 -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
2218 -e 's:$: $lt_compiler_flag:'`
2219 - (eval echo "\"\$as_me:18338: $lt_compile\"" >&5)
2220 + (eval echo "\"\$as_me:18432: $lt_compile\"" >&5)
2221 (eval "$lt_compile" 2>out/conftest.err)
2223 cat out/conftest.err >&5
2224 - echo "$as_me:18342: \$? = $ac_status" >&5
2225 + echo "$as_me:18436: \$? = $ac_status" >&5
2226 if (exit $ac_status) && test -s out/conftest2.$ac_objext
2228 # The compiler can only warn and ignore the option if not recognized
2229 @@ -18564,7 +18658,7 @@ EOF
2230 archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
2233 - linux* | k*bsd*-gnu)
2235 if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
2237 case $cc_basename,$host_cpu in
2238 @@ -18590,13 +18684,12 @@ EOF
2239 $echo "local: *; };" >> $output_objdir/$libname.ver~
2240 $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
2242 - link_all_deplibs_GCJ=no
2248 - netbsd* | netbsdelf*-gnu)
2250 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
2251 archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
2253 @@ -19056,7 +19149,7 @@ if test -z "$aix_libpath"; then aix_libp
2256 # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
2257 - freebsd* | dragonfly*)
2258 + freebsd* | kfreebsd*-gnu | dragonfly*)
2259 archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
2260 hardcode_libdir_flag_spec_GCJ='-R$libdir'
2261 hardcode_direct_GCJ=yes
2262 @@ -19158,7 +19251,7 @@ if test -z "$aix_libpath"; then aix_libp
2263 link_all_deplibs_GCJ=yes
2266 - netbsd* | netbsdelf*-gnu)
2268 if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
2269 archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
2271 @@ -19648,6 +19741,18 @@ freebsd1*)
2276 + version_type=linux
2277 + need_lib_prefix=no
2279 + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
2280 + soname_spec='${libname}${release}${shared_ext}$major'
2281 + shlibpath_var=LD_LIBRARY_PATH
2282 + shlibpath_overrides_runpath=no
2283 + hardcode_into_libs=yes
2284 + dynamic_linker='GNU ld.so'
2287 freebsd* | dragonfly*)
2288 # DragonFly does not have aout. When/if they implement a new
2289 # versioning mechanism, adjust this.
2290 @@ -19803,7 +19908,7 @@ linux*oldld* | linux*aout* | linux*coff*
2293 # This must be Linux ELF.
2294 -linux* | k*bsd*-gnu)
2299 @@ -19817,10 +19922,31 @@ linux* | k*bsd*-gnu)
2300 # before this can be enabled.
2301 hardcode_into_libs=yes
2303 + # find out which ABI we are using
2305 + case "$host_cpu" in
2306 + x86_64*|s390x*|powerpc64*)
2307 + echo '#line 19929 "configure"' > conftest.$ac_ext
2308 + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
2309 + (eval $ac_compile) 2>&5
2311 + echo "$as_me:$LINENO: \$? = $ac_status" >&5
2312 + (exit $ac_status); }; then
2313 + case `/usr/bin/file conftest.$ac_objext` in
2316 + sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}"
2324 # Append ld.so.conf contents to the search path
2325 if test -f /etc/ld.so.conf; then
2326 lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
2327 - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
2328 + sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
2331 # We used to test for /lib/ld.so.1 and disable shared libraries on
2332 @@ -19832,7 +19958,7 @@ linux* | k*bsd*-gnu)
2333 dynamic_linker='GNU/Linux ld.so'
2341 @@ -19841,7 +19967,7 @@ netbsdelf*-gnu)
2342 shlibpath_var=LD_LIBRARY_PATH
2343 shlibpath_overrides_runpath=no
2344 hardcode_into_libs=yes
2345 - dynamic_linker='NetBSD ld.elf_so'
2346 + dynamic_linker='GNU ld.so'
2350 diff -puN utils/mountd/Makefile.in~CITI_NFS4_ALL utils/mountd/Makefile.in
2351 --- nfs-utils-1.0.10/utils/mountd/Makefile.in~CITI_NFS4_ALL 2006-08-07 11:45:46.653561000 -0400
2352 +++ nfs-utils-1.0.10-kwc/utils/mountd/Makefile.in 2006-08-07 11:45:47.916004000 -0400
2353 @@ -56,7 +56,7 @@ PROGRAMS = $(sbin_PROGRAMS)
2354 am_mountd_OBJECTS = mountd-mountd.$(OBJEXT) \
2355 mountd-mount_dispatch.$(OBJEXT) mountd-auth.$(OBJEXT) \
2356 mountd-rmtab.$(OBJEXT) mountd-cache.$(OBJEXT) \
2357 - mountd-svc_run.$(OBJEXT)
2358 + mountd-svc_run.$(OBJEXT) mountd-fsloc.$(OBJEXT)
2359 mountd_OBJECTS = $(am_mountd_OBJECTS)
2360 am__DEPENDENCIES_1 =
2361 mountd_DEPENDENCIES = ../../support/export/libexport.a \
2362 @@ -234,7 +234,7 @@ EXTRA_DIST = $(man8_MANS)
2365 mountd_SOURCES = mountd.c mount_dispatch.c auth.c rmtab.c cache.c \
2366 - svc_run.c mountd.h
2367 + svc_run.c fsloc.c mountd.h
2369 mountd_LDADD = ../../support/export/libexport.a \
2370 ../../support/nfs/libnfs.a \
2371 @@ -319,6 +319,7 @@ distclean-compile:
2373 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-auth.Po@am__quote@
2374 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-cache.Po@am__quote@
2375 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-fsloc.Po@am__quote@
2376 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-mount_dispatch.Po@am__quote@
2377 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-mountd.Po@am__quote@
2378 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mountd-rmtab.Po@am__quote@
2379 @@ -429,6 +430,20 @@ mountd-svc_run.obj: svc_run.c
2380 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2381 @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mountd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mountd-svc_run.obj `if test -f 'svc_run.c'; then $(CYGPATH_W) 'svc_run.c'; else $(CYGPATH_W) '$(srcdir)/svc_run.c'; fi`
2383 +mountd-fsloc.o: fsloc.c
2384 +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mountd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mountd-fsloc.o -MD -MP -MF "$(DEPDIR)/mountd-fsloc.Tpo" -c -o mountd-fsloc.o `test -f 'fsloc.c' || echo '$(srcdir)/'`fsloc.c; \
2385 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/mountd-fsloc.Tpo" "$(DEPDIR)/mountd-fsloc.Po"; else rm -f "$(DEPDIR)/mountd-fsloc.Tpo"; exit 1; fi
2386 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fsloc.c' object='mountd-fsloc.o' libtool=no @AMDEPBACKSLASH@
2387 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2388 +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mountd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mountd-fsloc.o `test -f 'fsloc.c' || echo '$(srcdir)/'`fsloc.c
2390 +mountd-fsloc.obj: fsloc.c
2391 +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mountd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mountd-fsloc.obj -MD -MP -MF "$(DEPDIR)/mountd-fsloc.Tpo" -c -o mountd-fsloc.obj `if test -f 'fsloc.c'; then $(CYGPATH_W) 'fsloc.c'; else $(CYGPATH_W) '$(srcdir)/fsloc.c'; fi`; \
2392 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/mountd-fsloc.Tpo" "$(DEPDIR)/mountd-fsloc.Po"; else rm -f "$(DEPDIR)/mountd-fsloc.Tpo"; exit 1; fi
2393 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fsloc.c' object='mountd-fsloc.obj' libtool=no @AMDEPBACKSLASH@
2394 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2395 +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mountd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mountd-fsloc.obj `if test -f 'fsloc.c'; then $(CYGPATH_W) 'fsloc.c'; else $(CYGPATH_W) '$(srcdir)/fsloc.c'; fi`
2397 mostlyclean-libtool: