3 The complete set of CITI nfs-utils patches rolled into one patch.
5 Changes since 1.0.11-CITI_NFS4_ALL-1:
7 * Update to nfs-utils-1.1.0
9 * Include patches from git not yet in a release:
10 - Fix mount error messages
12 * Update gssd usage message to include new -n option.
14 * Patches from Bruce Fields to clean up compile warning, and
15 move pseudoflavor code to a common location
17 * Patch from Bruce Fields and Fred Isaman that adds support
18 to exportfs for reading a sec= option and sending server
19 security data through cache via
20 "... secinfo n flavor1 flag1 ... flavorN flagN".
25 nfs-utils-1.1.0-kwc/support/include/nfslib.h | 10 +
26 nfs-utils-1.1.0-kwc/support/include/pseudoflavors.h | 17 ++
27 nfs-utils-1.1.0-kwc/support/nfs/exports.c | 158 ++++++++++++++++++--
28 nfs-utils-1.1.0-kwc/utils/exportfs/exportfs.c | 1
29 nfs-utils-1.1.0-kwc/utils/gssd/gssd.c | 2
30 nfs-utils-1.1.0-kwc/utils/mount/mount.c | 40 ++++-
31 nfs-utils-1.1.0-kwc/utils/mount/nfs4_mount.h | 12 -
32 nfs-utils-1.1.0-kwc/utils/mount/nfs4mount.c | 27 ---
33 nfs-utils-1.1.0-kwc/utils/mountd/cache.c | 21 ++
34 10 files changed, 240 insertions(+), 49 deletions(-)
36 diff -puN utils/mount/mount.c~CITI_NFS4_ALL utils/mount/mount.c
37 --- nfs-utils-1.1.0/utils/mount/mount.c~CITI_NFS4_ALL 2007-06-22 10:51:38.885022000 -0400
38 +++ nfs-utils-1.1.0-kwc/utils/mount/mount.c 2007-06-22 10:52:04.954241000 -0400
39 @@ -285,22 +285,49 @@ static void parse_opts (const char *opti
43 -static void mount_error(char *node)
44 +static void mount_error(char *mntpnt, char *node)
48 - fprintf(stderr, "%s: mount point %s is not a directory\n", progname, node);
49 + fprintf(stderr, "%s: mount point %s is not a directory\n",
53 - fprintf(stderr, "%s: %s is already mounted or busy\n", progname, node);
54 + fprintf(stderr, "%s: %s is already mounted or busy\n",
58 - fprintf(stderr, "%s: mount point %s does not exist\n", progname, node);
60 + fprintf(stderr, "%s: %s failed, reason given by server: %s\n",
61 + progname, node, strerror(errno));
63 + fprintf(stderr, "%s: mount point %s does not exist\n",
67 fprintf(stderr, "%s: %s\n", progname, strerror(errno));
70 +static int chk_mountpoint(char *mount_point)
74 + if (stat(mount_point, &sb) < 0){
75 + mount_error(mount_point, NULL);
78 + if (S_ISDIR(sb.st_mode) == 0){
80 + mount_error(mount_point, NULL);
83 + if (access(mount_point, X_OK) < 0) {
84 + mount_error(mount_point, NULL);
91 extern u_short getport(
92 struct sockaddr_in *saddr,
93 @@ -508,6 +535,9 @@ int main(int argc, char *argv[])
97 + if (chk_mountpoint(mount_point))
100 if (nfs_mount_vers == 4)
101 mnt_err = nfs4mount(spec, mount_point, &flags, &extra_opts, &mount_opts, 0);
103 @@ -538,7 +568,7 @@ int main(int argc, char *argv[])
107 - mount_error(mount_point);
108 + mount_error(mount_point, spec);
112 diff -puN utils/gssd/gssd.c~CITI_NFS4_ALL utils/gssd/gssd.c
113 --- nfs-utils-1.1.0/utils/gssd/gssd.c~CITI_NFS4_ALL 2007-06-22 10:51:53.782368000 -0400
114 +++ nfs-utils-1.1.0-kwc/utils/gssd/gssd.c 2007-06-22 10:51:56.521019000 -0400
115 @@ -81,7 +81,7 @@ sig_hup(int signal)
117 usage(char *progname)
119 - fprintf(stderr, "usage: %s [-f] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
120 + fprintf(stderr, "usage: %s [-f] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
124 diff -puN /dev/null support/include/pseudoflavors.h
125 --- /dev/null 2007-06-21 19:03:53.875366737 -0400
126 +++ nfs-utils-1.1.0-kwc/support/include/pseudoflavors.h 2007-06-22 10:52:22.335293000 -0400
128 +#define RPC_AUTH_GSS_KRB5 390003
129 +#define RPC_AUTH_GSS_KRB5I 390004
130 +#define RPC_AUTH_GSS_KRB5P 390005
131 +#define RPC_AUTH_GSS_LKEY 390006
132 +#define RPC_AUTH_GSS_LKEYI 390007
133 +#define RPC_AUTH_GSS_LKEYP 390008
134 +#define RPC_AUTH_GSS_SPKM 390009
135 +#define RPC_AUTH_GSS_SPKMI 390010
136 +#define RPC_AUTH_GSS_SPKMP 390011
143 +extern struct flav_info flav_map[];
144 +extern const int flav_map_size;
145 diff -puN support/nfs/exports.c~CITI_NFS4_ALL support/nfs/exports.c
146 --- nfs-utils-1.1.0/support/nfs/exports.c~CITI_NFS4_ALL 2007-06-22 10:52:16.682999000 -0400
147 +++ nfs-utils-1.1.0-kwc/support/nfs/exports.c 2007-06-22 10:52:40.578175000 -0400
152 +#include "pseudoflavors.h"
154 #define EXPORT_DEFAULT_FLAGS \
155 (NFSEXP_READONLY|NFSEXP_ROOTSQUASH|NFSEXP_GATHERED_WRITES|NFSEXP_NOSUBTREECHECK)
157 +struct flav_info flav_map[] = {
158 + { "krb5", RPC_AUTH_GSS_KRB5 },
159 + { "krb5i", RPC_AUTH_GSS_KRB5I },
160 + { "krb5p", RPC_AUTH_GSS_KRB5P },
161 + { "lipkey", RPC_AUTH_GSS_LKEY },
162 + { "lipkey-i", RPC_AUTH_GSS_LKEYI },
163 + { "lipkey-p", RPC_AUTH_GSS_LKEYP },
164 + { "spkm3", RPC_AUTH_GSS_SPKM },
165 + { "spkm3i", RPC_AUTH_GSS_SPKMI },
166 + { "spkm3p", RPC_AUTH_GSS_SPKMP },
167 + { "unix", AUTH_UNIX },
168 + { "sys", AUTH_SYS },
169 + { "null", AUTH_NULL },
170 + { "none", AUTH_NONE },
173 +const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
177 static char *efname = NULL;
178 @@ -100,6 +119,7 @@ getexportent(int fromkernel, int fromexp
179 def_ee.e_mountpoint = NULL;
180 def_ee.e_fslocmethod = FSLOC_NONE;
181 def_ee.e_fslocdata = NULL;
182 + def_ee.e_secinfo[0].flav = NULL;
183 def_ee.e_nsquids = 0;
184 def_ee.e_nsqgids = 0;
186 @@ -179,6 +199,27 @@ getexportent(int fromkernel, int fromexp
190 +void secinfo_show(FILE *fp, struct exportent *ep)
192 + struct sec_entry *p1, *p2;
195 + for (p1=ep->e_secinfo; p1->flav; p1=p2) {
197 + fprintf(fp, ",sec=%s", p1->flav->flavour);
198 + for (p2=p1+1; (p2->flav != NULL) && (p1->flags == p2->flags);
200 + fprintf(fp, ":%s", p2->flav->flavour);
203 + fprintf(fp, ",%s", (flags & NFSEXP_READONLY) ? "ro" : "rw");
204 + fprintf(fp, ",%sroot_squash", (flags & NFSEXP_ROOTSQUASH)?
206 + fprintf(fp, ",%sall_squash", (flags & NFSEXP_ALLSQUASH)?
212 putexportent(struct exportent *ep)
214 @@ -259,7 +300,9 @@ putexportent(struct exportent *ep)
216 fprintf(fp, "%d,", id[i]);
218 - fprintf(fp, "anonuid=%d,anongid=%d)\n", ep->e_anonuid, ep->e_anongid);
219 + fprintf(fp, "anonuid=%d,anongid=%d", ep->e_anonuid, ep->e_anongid);
220 + secinfo_show(fp, ep);
221 + fprintf(fp, ")\n");
225 @@ -307,6 +350,7 @@ mkexportent(char *hname, char *path, cha
226 ee.e_mountpoint = NULL;
227 ee.e_fslocmethod = FSLOC_NONE;
228 ee.e_fslocdata = NULL;
229 + ee.e_secinfo[0].flav = NULL;
233 @@ -350,18 +394,110 @@ static int valid_uuid(char *uuid)
237 + * Append the given flavor to the exportent's e_secinfo array, or
238 + * do nothing if it's already there. Returns the index of flavor
239 + * in the resulting array in any case.
241 +static int secinfo_addflavor(struct flav_info *flav, struct exportent *ep)
243 + struct sec_entry *p;
245 + for (p=ep->e_secinfo; p->flav; p++) {
246 + if (p->flav == flav)
247 + return p - ep->e_secinfo;
249 + if (p - ep->e_secinfo >= SECFLAVOR_COUNT) {
250 + xlog(L_ERROR, "more than %d security flavors on an export\n",
255 + p->flags = ep->e_flags;
256 + (p+1)->flav = NULL;
257 + return p - ep->e_secinfo;
260 +static struct flav_info *find_flavor(char *name)
262 + struct flav_info *flav;
263 + for (flav = flav_map; flav < flav_map + flav_map_size; flav++)
264 + if (strcmp(flav->flavour, name) == 0)
269 +/* @str is a colon seperated list of security flavors. Their order
270 + * is recorded in @ep, and a bitmap corresponding to the list is returned.
271 + * A zero return indicates an error.
273 +static unsigned int parse_flavors(char *str, struct exportent *ep)
275 + unsigned int out=0;
279 + while ( (flavor=strsep(&str, ":")) ) {
280 + struct flav_info *flav = find_flavor(flavor);
281 + if (flav == NULL) {
282 + xlog(L_ERROR, "unknown flavor %s\n", flavor);
285 + bit = secinfo_addflavor(flav, ep);
293 +/* Sets the bits in @mask for the appropriate security flavor flags. */
294 +static void setflags(int mask, unsigned int active, struct exportent *ep)
298 + ep->e_flags |= mask;
302 + ep->e_secinfo[bit].flags |= mask;
308 +/* Clears the bits in @mask for the appropriate security flavor flags. */
309 +static void clearflags(int mask, unsigned int active, struct exportent *ep)
313 + ep->e_flags &= ~mask;
317 + ep->e_secinfo[bit].flags &= ~mask;
323 +/* options that can vary per flavor: */
324 +#define NFSEXP_SECINFO_FLAGS (NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
325 + | NFSEXP_ALLSQUASH)
328 * Parse option string pointed to by cp and set mount options accordingly.
331 parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
333 + struct sec_entry *p;
334 int had_subtree_opt = 0;
335 char *flname = efname?efname:"command line";
336 int flline = efp?efp->x_line:0;
337 + unsigned int active = 0;
339 squids = ep->e_squids; nsquids = ep->e_nsquids;
340 sqgids = ep->e_sqgids; nsqgids = ep->e_nsqgids;
345 @@ -380,9 +516,9 @@ parseopts(char *cp, struct exportent *ep
347 /* process keyword */
348 if (strcmp(opt, "ro") == 0)
349 - ep->e_flags |= NFSEXP_READONLY;
350 + setflags(NFSEXP_READONLY, active, ep);
351 else if (strcmp(opt, "rw") == 0)
352 - ep->e_flags &= ~NFSEXP_READONLY;
353 + clearflags(NFSEXP_READONLY, active, ep);
354 else if (!strcmp(opt, "secure"))
355 ep->e_flags &= ~NFSEXP_INSECURE_PORT;
356 else if (!strcmp(opt, "insecure"))
357 @@ -404,13 +540,13 @@ parseopts(char *cp, struct exportent *ep
358 else if (!strcmp(opt, "no_wdelay"))
359 ep->e_flags &= ~NFSEXP_GATHERED_WRITES;
360 else if (strcmp(opt, "root_squash") == 0)
361 - ep->e_flags |= NFSEXP_ROOTSQUASH;
362 + setflags(NFSEXP_ROOTSQUASH, active, ep);
363 else if (!strcmp(opt, "no_root_squash"))
364 - ep->e_flags &= ~NFSEXP_ROOTSQUASH;
365 + clearflags(NFSEXP_ROOTSQUASH, active, ep);
366 else if (strcmp(opt, "all_squash") == 0)
367 - ep->e_flags |= NFSEXP_ALLSQUASH;
368 + setflags(NFSEXP_ALLSQUASH, active, ep);
369 else if (strcmp(opt, "no_all_squash") == 0)
370 - ep->e_flags &= ~NFSEXP_ALLSQUASH;
371 + clearflags(NFSEXP_ALLSQUASH, active, ep);
372 else if (strcmp(opt, "subtree_check") == 0) {
374 ep->e_flags &= ~NFSEXP_NOSUBTREECHECK;
375 @@ -498,6 +634,10 @@ bad_option:
376 } else if (strncmp(opt, "replicas=", 9) == 0) {
377 ep->e_fslocmethod = FSLOC_REPLICA;
378 ep->e_fslocdata = strdup(opt+9);
379 + } else if (strncmp(opt, "sec=", 4) == 0) {
380 + active = parse_flavors(opt+4, ep);
384 xlog(L_ERROR, "%s:%d: unknown keyword \"%s\"\n",
385 flname, flline, opt);
386 @@ -509,6 +649,8 @@ bad_option:
390 + for (p = ep->e_secinfo; p->flav; p++)
391 + p->flags |= ep->e_flags & ~NFSEXP_SECINFO_FLAGS;
392 ep->e_squids = squids;
393 ep->e_sqgids = sqgids;
394 ep->e_nsquids = nsquids;
395 diff -puN utils/mount/nfs4mount.c~CITI_NFS4_ALL utils/mount/nfs4mount.c
396 --- nfs-utils-1.1.0/utils/mount/nfs4mount.c~CITI_NFS4_ALL 2007-06-22 10:52:18.413097000 -0400
397 +++ nfs-utils-1.1.0-kwc/utils/mount/nfs4mount.c 2007-06-22 10:52:25.846889000 -0400
399 #define nfsstat nfs_stat
402 +#include "pseudoflavors.h"
406 @@ -71,26 +72,6 @@ char *GSSDLCK = DEFAULT_DIR "/rpcgssd";
407 #define NFS_PORT 2049
414 - { "krb5", RPC_AUTH_GSS_KRB5 },
415 - { "krb5i", RPC_AUTH_GSS_KRB5I },
416 - { "krb5p", RPC_AUTH_GSS_KRB5P },
417 - { "lipkey", RPC_AUTH_GSS_LKEY },
418 - { "lipkey-i", RPC_AUTH_GSS_LKEYI },
419 - { "lipkey-p", RPC_AUTH_GSS_LKEYP },
420 - { "spkm3", RPC_AUTH_GSS_SPKM },
421 - { "spkm3i", RPC_AUTH_GSS_SPKMI },
422 - { "spkm3p", RPC_AUTH_GSS_SPKMP },
423 - { "unix", AUTH_UNIX },
424 - { "sys", AUTH_SYS },
425 - { "null", AUTH_NULL },
426 - { "none", AUTH_NONE },
429 -#define FMAPSIZE (sizeof(flav_map)/sizeof(flav_map[0]))
430 #define MAX_USER_FLAVOUR 16
432 static int parse_sec(char *sec, int *pseudoflavour)
433 @@ -104,13 +85,13 @@ static int parse_sec(char *sec, int *pse
437 - for (i = 0; i < FMAPSIZE; i++) {
438 + for (i = 0; i < flav_map_size; i++) {
439 if (strcmp(sec, flav_map[i].flavour) == 0) {
440 pseudoflavour[num_flavour++] = flav_map[i].fnum;
444 - if (i == FMAPSIZE) {
445 + if (i == flav_map_size) {
447 _("mount: unknown security type %s\n"), sec);
449 @@ -399,7 +380,7 @@ int nfs4mount(const char *spec, const ch
452 for (pf_cnt = 0; pf_cnt < num_flavour; pf_cnt++) {
453 - for (i = 0; i < FMAPSIZE; i++) {
454 + for (i = 0; i < flav_map_size; i++) {
455 if (flav_map[i].fnum == pseudoflavour[pf_cnt]) {
456 printf("%s", flav_map[i].flavour);
458 diff -puN utils/mount/nfs4_mount.h~CITI_NFS4_ALL utils/mount/nfs4_mount.h
459 --- nfs-utils-1.1.0/utils/mount/nfs4_mount.h~CITI_NFS4_ALL 2007-06-22 10:52:21.626744000 -0400
460 +++ nfs-utils-1.1.0-kwc/utils/mount/nfs4_mount.h 2007-06-22 10:52:24.715391000 -0400
461 @@ -67,18 +67,6 @@ struct nfs4_mount_data {
462 #define NFS4_MOUNT_STRICTLOCK 0x1000 /* 1 */
463 #define NFS4_MOUNT_FLAGMASK 0xFFFF
465 -/* pseudoflavors: */
467 -#define RPC_AUTH_GSS_KRB5 390003
468 -#define RPC_AUTH_GSS_KRB5I 390004
469 -#define RPC_AUTH_GSS_KRB5P 390005
470 -#define RPC_AUTH_GSS_LKEY 390006
471 -#define RPC_AUTH_GSS_LKEYI 390007
472 -#define RPC_AUTH_GSS_LKEYP 390008
473 -#define RPC_AUTH_GSS_SPKM 390009
474 -#define RPC_AUTH_GSS_SPKMI 390010
475 -#define RPC_AUTH_GSS_SPKMP 390011
477 int nfs4mount(const char *, const char *, int *, char **,
480 diff -puN support/include/nfslib.h~CITI_NFS4_ALL support/include/nfslib.h
481 --- nfs-utils-1.1.0/support/include/nfslib.h~CITI_NFS4_ALL 2007-06-22 10:52:31.311234000 -0400
482 +++ nfs-utils-1.1.0-kwc/support/include/nfslib.h 2007-06-22 10:52:39.718626000 -0400
484 #define _PATH_PROC_EXPORTS_ALT "/proc/fs/nfsd/exports"
487 +/* Maximum number of security flavors on an export: */
488 +#define SECFLAVOR_COUNT 8
491 + struct flav_info *flav;
496 * Data related to a single exports entry as returned by getexportent.
497 * FIXME: export options should probably be parsed at a later time to
498 @@ -76,6 +84,7 @@ struct exportent {
502 + struct sec_entry e_secinfo[SECFLAVOR_COUNT+1];
506 @@ -89,6 +98,7 @@ struct rmtabent {
508 void setexportent(char *fname, char *type);
509 struct exportent * getexportent(int,int);
510 +void secinfo_show(FILE *fp, struct exportent *ep);
511 void putexportent(struct exportent *xep);
512 void endexportent(void);
513 struct exportent * mkexportent(char *hname, char *path, char *opts);
514 diff -puN utils/exportfs/exportfs.c~CITI_NFS4_ALL utils/exportfs/exportfs.c
515 --- nfs-utils-1.1.0/utils/exportfs/exportfs.c~CITI_NFS4_ALL 2007-06-22 10:52:33.386332000 -0400
516 +++ nfs-utils-1.1.0-kwc/utils/exportfs/exportfs.c 2007-06-22 10:52:40.698175000 -0400
517 @@ -515,6 +515,7 @@ dump(int verbose)
521 + secinfo_show(stdout, ep);
522 printf("%c\n", (c != '(')? ')' : ' ');
525 diff -puN utils/mountd/cache.c~CITI_NFS4_ALL utils/mountd/cache.c
526 --- nfs-utils-1.1.0/utils/mountd/cache.c~CITI_NFS4_ALL 2007-06-22 10:52:38.862018000 -0400
527 +++ nfs-utils-1.1.0-kwc/utils/mountd/cache.c 2007-06-22 10:52:40.837142000 -0400
532 +#include "pseudoflavors.h"
535 #include "blkid/blkid.h"
536 @@ -518,6 +519,25 @@ static void write_fsloc(FILE *f, struct
537 release_replicas(servers);
540 +static void write_secinfo(FILE *f, struct exportent *ep)
542 + struct sec_entry *p;
544 + for (p = ep->e_secinfo; p->flav; p++)
546 + if (p == ep->e_secinfo) {
547 + /* There was no sec= option */
550 + qword_print(f, "secinfo");
551 + qword_printint(f, p - ep->e_secinfo);
552 + for (p = ep->e_secinfo; p->flav; p++) {
553 + qword_printint(f, p->flav->fnum);
554 + qword_printint(f, p->flags);
559 static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *exp)
561 qword_print(f, domain);
562 @@ -529,6 +549,7 @@ static int dump_to_cache(FILE *f, char *
563 qword_printint(f, exp->e_anongid);
564 qword_printint(f, exp->e_fsid);
565 write_fsloc(f, exp, path);
566 + write_secinfo(f, exp);
568 if (exp->e_uuid == NULL) {