From 553caba3865667724291106d919e7c3fdf9534aa Mon Sep 17 00:00:00 2001 From: neilbrown Date: Wed, 15 Sep 2004 01:58:37 +0000 Subject: [PATCH] Prepare to support gss authentication and idmap looks for nfsv4 --- configure | 304 ++++++++++++++++++++++++++++++------- configure.in | 19 +++ debian/control | 2 +- debian/idmapd.conf | 10 ++ debian/nfs-common.default | 4 + debian/nfs-common.files | 1 + debian/nfs-common.init | 14 ++ debian/rules | 1 + etc/redhat/rpcidmapd.init | 70 +++++++++ support/export/client.c | 4 + support/export/nfsctl.c | 2 +- support/include/exportfs.h | 1 + support/include/nfslib.h | 3 + utils/Makefile.in | 2 +- utils/exportfs/exportfs.c | 66 ++++---- utils/exportfs/exports.man | 5 + 16 files changed, 425 insertions(+), 83 deletions(-) create mode 100644 debian/idmapd.conf create mode 100644 etc/redhat/rpcidmapd.init diff --git a/configure b/configure index f8be185..6981e5d 100755 --- a/configure +++ b/configure @@ -20,6 +20,8 @@ ac_help="$ac_help --with-statduser=rpcuser user for statd to run under [rpcuser or nobody]" ac_help="$ac_help --enable-nfsv3 enable support for NFSv3" +ac_help="$ac_help + --enable-nfsv4 enable support for NFSv4" ac_help="$ac_help --enable-kprefix install progs as rpc.knfsd etc" ac_help="$ac_help @@ -590,6 +592,26 @@ EOF enable_nfsv3= fi +# Check whether --enable-nfsv4 or --disable-nfsv4 was given. +if test "${enable_nfsv4+set}" = set; then + enableval="$enable_nfsv4" + enable_nfsv4=$enableval +else + enable_nfsv4=yes +fi + + if test "$enable_nfsv4" = yes; then + cat >> confdefs.h <<\EOF +#define NFS4_SUPPORTED 1 +EOF + + IDMAPD=idmapd + else + enable_nfsv4= + IDMAPD= + fi + + # Check whether --enable-kprefix or --disable-kprefix was given. if test "${enable_kprefix+set}" = set; then enableval="$enable_kprefix" @@ -633,7 +655,7 @@ fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:637: checking for $ac_word" >&5 +echo "configure:659: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -663,7 +685,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:667: checking for $ac_word" >&5 +echo "configure:689: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -714,7 +736,7 @@ fi # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:718: checking for $ac_word" >&5 +echo "configure:740: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -746,7 +768,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:750: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:772: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -757,12 +779,12 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext << EOF -#line 761 "configure" +#line 783 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -788,12 +810,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:792: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:814: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:797: checking whether we are using GNU C" >&5 +echo "configure:819: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -802,7 +824,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:806: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:828: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -821,7 +843,7 @@ ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:825: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:847: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -853,7 +875,7 @@ else fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:857: checking how to run the C preprocessor" >&5 +echo "configure:879: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -868,13 +890,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:878: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:900: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -885,13 +907,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:895: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:917: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -902,13 +924,13 @@ else rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:912: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -963,7 +985,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:967: checking for a BSD compatible install" >&5 +echo "configure:989: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1026,7 +1048,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:1030: checking host system type" >&5 +echo "configure:1052: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -1047,7 +1069,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:1051: checking build system type" >&5 +echo "configure:1073: checking build system type" >&5 build_alias=$build case "$build_alias" in @@ -1073,7 +1095,7 @@ fi # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1077: checking for $ac_word" >&5 +echo "configure:1099: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1105,7 +1127,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1109: checking for $ac_word" >&5 +echo "configure:1131: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1140,7 +1162,7 @@ fi # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1144: checking for $ac_word" >&5 +echo "configure:1166: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1172,7 +1194,7 @@ fi # Extract the first word of "${ac_tool_prefix}ld", so it can be a program name with args. set dummy ${ac_tool_prefix}ld; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1176: checking for $ac_word" >&5 +echo "configure:1198: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1203,12 +1225,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1207: checking for ANSI C header files" >&5 +echo "configure:1229: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1216,7 +1238,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1220: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1242: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1233,7 +1255,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1251,7 +1273,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1272,7 +1294,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1283,7 +1305,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:1287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1309: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1307,12 +1329,12 @@ EOF fi echo $ac_n "checking for GNU libc2""... $ac_c" 1>&6 -echo "configure:1311: checking for GNU libc2" >&5 +echo "configure:1333: checking for GNU libc2" >&5 if eval "test \"`echo '$''{'knfsd_cv_glibc2'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -1321,7 +1343,7 @@ else #endif EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1347: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1344,7 +1366,7 @@ fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1348: checking for main in -lsocket" >&5 +echo "configure:1370: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1352,14 +1374,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1385: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1380,7 +1402,7 @@ else fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1384: checking for main in -lnsl" >&5 +echo "configure:1406: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1388,14 +1410,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1421: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1416,7 +1438,7 @@ else fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1420: checking for crypt in -lcrypt" >&5 +echo "configure:1442: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1424,7 +1446,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1461: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1455,9 +1477,185 @@ else echo "$ac_t""no" 1>&6 fi +if test "$enable_nfsv4" = yes; then + echo $ac_n "checking for event_dispatch in -levent""... $ac_c" 1>&6 +echo "configure:1483: checking for event_dispatch in -levent" >&5 +ac_lib_var=`echo event'_'event_dispatch | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-levent $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo event | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + echo $ac_n "checking for nfs4_uid_to_name in -lnfsidmap""... $ac_c" 1>&6 +echo "configure:1530: checking for nfs4_uid_to_name in -lnfsidmap" >&5 +ac_lib_var=`echo nfsidmap'_'nfs4_uid_to_name | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnfsidmap $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo nfsidmap | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_hdr in event.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1580: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1590: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + for ac_hdr in nfsidmap.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1620: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1630: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +fi if test "$knfsd_cv_glibc2" = no; then echo $ac_n "checking for daemon in -lbsd""... $ac_c" 1>&6 -echo "configure:1461: checking for daemon in -lbsd" >&5 +echo "configure:1659: checking for daemon in -lbsd" >&5 ac_lib_var=`echo bsd'_'daemon | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1465,7 +1663,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1678: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1503,14 +1701,14 @@ fi echo $ac_n "checking for the tcp wrapper library""... $ac_c" 1>&6 -echo "configure:1507: checking for the tcp wrapper library" >&5 +echo "configure:1705: checking for the tcp wrapper library" >&5 if eval "test \"`echo '$''{'knfsd_cv_tcp_wrapper'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else old_LIBS="$LIBS" LIBS="$LIBS -lwrap $LIBNSL" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1721: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* knfsd_cv_tcp_wrapper=yes else @@ -1545,12 +1743,12 @@ fi for ac_func in innetgr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1549: checking for $ac_func" >&5 +echo "configure:1747: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1775: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1744,6 +1942,8 @@ s%@RELEASE@%$RELEASE%g s%@statedir@%$statedir%g s%@statduser@%$statduser%g s%@enable_nfsv3@%$enable_nfsv3%g +s%@IDMAPD@%$IDMAPD%g +s%@enable_nfsv4@%$enable_nfsv4%g s%@kprefix@%$kprefix%g s%@secure_statd@%$secure_statd%g s%@RQUOTAD@%$RQUOTAD%g diff --git a/configure.in b/configure.in index 2f20cef..93588c2 100644 --- a/configure.in +++ b/configure.in @@ -39,6 +39,19 @@ AC_ARG_ENABLE(nfsv3, enable_nfsv3= fi AC_SUBST(enable_nfsv3) +AC_ARG_ENABLE(nfsv4, + [ --enable-nfsv4 enable support for NFSv4], + enable_nfsv4=$enableval, + enable_nfsv4=yes) + if test "$enable_nfsv4" = yes; then + AC_DEFINE(NFS4_SUPPORTED) + IDMAPD=idmapd + else + enable_nfsv4= + IDMAPD= + fi + AC_SUBST(IDMAPD) + AC_SUBST(enable_nfsv4) AC_ARG_ENABLE(kprefix, [ --enable-kprefix install progs as rpc.knfsd etc], test "$enableval" = "yes" && kprefix=k, @@ -87,6 +100,12 @@ dnl ************************************************************* AC_CHECK_LIB(socket, main, [LIBSOCKET="-lnsl"]) AC_CHECK_LIB(nsl, main, [LIBNSL="-lnsl"]) AC_CHECK_LIB(crypt, crypt, [LIBCRYPT="-lcrypt"]) +if test "$enable_nfsv4" = yes; then + AC_CHECK_LIB(event, event_dispatch) + AC_CHECK_LIB(nfsidmap, nfs4_uid_to_name) + AC_CHECK_HEADERS(event.h) + AC_CHECK_HEADERS(nfsidmap.h) +fi if test "$knfsd_cv_glibc2" = no; then AC_CHECK_LIB(bsd, daemon, [LIBBSD="-lbsd"]) fi diff --git a/debian/control b/debian/control index 737344b..3fa4ac1 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: nfs-utils Priority: standard Section: net Maintainer: Chip Salzenberg -Build-Depends: debhelper (>= 4.1.16), libwrap0-dev +Build-Depends: debhelper (>= 4.1.16), libwrap0-dev, libevent-dev, libnfsidmap-dev Standards-Version: 3.1.1.1 Package: nfs-kernel-server diff --git a/debian/idmapd.conf b/debian/idmapd.conf new file mode 100644 index 0000000..8325982 --- /dev/null +++ b/debian/idmapd.conf @@ -0,0 +1,10 @@ +[General] + +Verbosity = 0 +Pipefs-Directory = /var/lib/nfs/rpc_pipefs +Domain = localdomain + +[Mapping] + +Nobody-User = nobody +Nobody-Group = nogroup diff --git a/debian/nfs-common.default b/debian/nfs-common.default index 664c2e7..d38d456 100644 --- a/debian/nfs-common.default +++ b/debian/nfs-common.default @@ -6,3 +6,7 @@ STATDOPTS= # Are you _sure_ that your kernel does or does not need a lockd daemon? # If so, set this variable to either "yes" or "no". NEED_LOCKD= + +# If you are not using NFSv4 and wish to disable the idmapd daemon +# then uncomment the following line +# NEED_IDMAPD=no diff --git a/debian/nfs-common.files b/debian/nfs-common.files index 2a4dd89..a5950e9 100644 --- a/debian/nfs-common.files +++ b/debian/nfs-common.files @@ -1,4 +1,5 @@ usr/sbin/nfsstat +usr/sbin/rpc.idmapd usr/share/man/man8/*lockd* usr/share/man/man8/*statd* usr/share/man/man8/nfsstat* diff --git a/debian/nfs-common.init b/debian/nfs-common.init index 59fc59d..eef076d 100755 --- a/debian/nfs-common.init +++ b/debian/nfs-common.init @@ -18,6 +18,7 @@ DESC="NFS common utilities" DEFAULTFILE=/etc/default/nfs-common PREFIX= NEED_LOCKD= +NEED_IDMAPD=yes if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi @@ -47,6 +48,7 @@ esac # Exit if required binaries are missing. [ -x $PREFIX/sbin/rpc.statd ] || exit 0 [ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 +[ -x /usr/sbin/rpc.idmapd ] || [ "$NEED_IDMAPD" = no ] || exit 0 # See how we were called. case "$1" in @@ -62,11 +64,23 @@ case "$1" in start-stop-daemon --start --quiet \ --exec $PREFIX/sbin/rpc.lockd || true fi + if [ "$NEED_IDMAPD" = yes ] + then + printf " idmapd" + start-stop-daemon --start --quiet \ + --exec /usr/sbin/rpc.idmapd + fi echo "." ;; stop) printf "Stopping $DESC:" + if [ "$NEED_IDMAPD" = yes ] + then + printf " idmapd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.idmapd --user 0 + fi if [ "$NEED_LOCKD" = yes ] then printf " lockd" diff --git a/debian/rules b/debian/rules index 4c8834b..74fec5f 100755 --- a/debian/rules +++ b/debian/rules @@ -46,6 +46,7 @@ binary-arch: build dh_testroot dh_clean -k dh_installdirs + dh_install # Add here commands to install the files into debian/tmp $(MAKE) install_prefix='$(DEBTMP)' install dh_movefiles diff --git a/etc/redhat/rpcidmapd.init b/etc/redhat/rpcidmapd.init new file mode 100644 index 0000000..63ee08c --- /dev/null +++ b/etc/redhat/rpcidmapd.init @@ -0,0 +1,70 @@ +#!/bin/bash +# +# rpcidmapd Start up and shut down RPC name to UID/GID mapper +# +# Authors: Chuck Lever +# +# chkconfig: 0356 19 69 +# description: Starts user-level daemon for NFSv4 that maps user \ +# names to UID and GID numbers. + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +if [ ! -f /etc/sysconfig/network ]; then + exit 0 +fi +. /etc/sysconfig/network + +# Check that networking is up. +[ "${NETWORKING}" = "no" ] && exit 0 + +[ ! -x /usr/sbin/rpc.idmapd ] && exit 0 + +OPTIONS="" +RETVAL=0 +prog="rpc.idmapd" + +case "$1" in + start) + # make sure the rpc pipe fs is mounted already + RPCMTAB=`grep -v '^#' /proc/mounts | awk '{ if ($3 ~ /^rpc_pipefs$/ ) print $2}'` + if [ -n "$RPCMTAB" ]; then + # Start daemon. + echo -n $"Starting $prog: " + daemon /usr/sbin/rpc.idmapd ${OPTIONS} -p ${RPCMTAB}/nfs + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/rpc.idmapd + fi + ;; + stop) + # Stop daemon. + echo -n $"Shutting down $prog: " + killproc $prog + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/rpc.idmapd + ;; + status) + status rpc.idmapd + RETVAL=$? + ;; + restart|reload) + $0 stop + $0 start + RETVAL=$? + ;; + condrestart) + if [ -f /var/lock/subsys/rpc.idmapd ]; then + $0 restart + RETVAL=$? + fi + ;; + *) + echo $"Usage: $0 {start|stop|restart|condrestart|status}" + exit 1 +esac + +exit $RETVAL diff --git a/support/export/client.c b/support/export/client.c index 3db21ae..3884795 100644 --- a/support/export/client.c +++ b/support/export/client.c @@ -392,6 +392,8 @@ client_check(nfs_client *clp, struct hostent *hp) #endif case MCL_ANONYMOUS: return 1; + case MCL_GSS: + return 0; default: xlog(L_FATAL, "internal: bad client type %d", clp->m_type); } @@ -425,6 +427,8 @@ client_gettype(char *ident) if (ident[0] == '\0' || strcmp(ident, "*")==0) return MCL_ANONYMOUS; + if (strncmp(ident, "gss/", 4) == 0) + return MCL_GSS; if (ident[0] == '@') { #ifndef HAVE_INNETGR xlog(L_WARNING, "netgroup support not compiled in"); diff --git a/support/export/nfsctl.c b/support/export/nfsctl.c index 5f5accc..e9ffeb5 100644 --- a/support/export/nfsctl.c +++ b/support/export/nfsctl.c @@ -27,7 +27,7 @@ export_export(nfs_export *exp) struct nfsctl_export exparg; struct nfsctl_client cltarg; - if (!clp->m_exported) { + if (!clp->m_exported && (clp->m_type != MCL_GSS)) { if (!cltsetup(&cltarg, clp)) return 0; if (nfsaddclient(&cltarg) < 0) diff --git a/support/include/exportfs.h b/support/include/exportfs.h index bf5bb67..10f38c7 100644 --- a/support/include/exportfs.h +++ b/support/include/exportfs.h @@ -19,6 +19,7 @@ enum { MCL_WILDCARD, MCL_NETGROUP, MCL_ANONYMOUS, + MCL_GSS, MCL_MAXTYPES }; diff --git a/support/include/nfslib.h b/support/include/nfslib.h index e7e9f1d..2fbd0f5 100644 --- a/support/include/nfslib.h +++ b/support/include/nfslib.h @@ -23,6 +23,9 @@ #ifndef _PATH_EXPORTS #define _PATH_EXPORTS "/etc/exports" #endif +#ifndef _PATH_IDMAPDCONF +#define _PATH_IDMAPDCONF "/etc/idmapd.conf" +#endif #ifndef _PATH_XTAB #define _PATH_XTAB NFS_STATEDIR "/xtab" #endif diff --git a/utils/Makefile.in b/utils/Makefile.in index 8f25879..02bafbf 100644 --- a/utils/Makefile.in +++ b/utils/Makefile.in @@ -3,7 +3,7 @@ # SUBDIRS = exportfs mountd nfsd statd nfsstat @RQUOTAD@ showmount \ - nhfsstone lockd + nhfsstone lockd @IDMAPD@ include $(TOP)rules.mk diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index b4f0226..fdf5369 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -146,10 +146,43 @@ main(int argc, char **argv) return export_errno; } +static void +exports_update_one(nfs_export *exp, int verbose) +{ + /* check mountpoint option */ + if (exp->m_mayexport && + exp->m_export.e_mountpoint && + !is_mountpoint(exp->m_export.e_mountpoint[0]? + exp->m_export.e_mountpoint: + exp->m_export.e_path)) { + printf("%s not exported as %s not a mountpoint.\n", + exp->m_export.e_path, exp->m_export.e_mountpoint); + exp->m_mayexport = 0; + } + if (exp->m_mayexport && ((exp->m_exported<1) || exp->m_changed)) { + if (verbose) + printf("%sexporting %s:%s to kernel\n", + exp->m_exported ?"re":"", + exp->m_client->m_hostname, + exp->m_export.e_path); + if (!export_export(exp)) + error(exp, errno); + } + if (exp->m_exported && ! exp->m_mayexport) { + if (verbose) + printf("unexporting %s:%s from kernel\n", + exp->m_client->m_hostname, + exp->m_export.e_path); + if (!export_unexport(exp)) + error(exp, errno); + } +} + + /* we synchronise intention with reality. * entries with m_mayexport get exported * entries with m_exported but not m_mayexport get unexported - * looking at m_client->m_type == MCL_FQDN only + * looking at m_client->m_type == MCL_FQDN and m_client->m_type == MCL_GSS only */ static void exports_update(int verbose) @@ -157,33 +190,10 @@ exports_update(int verbose) nfs_export *exp; for (exp = exportlist[MCL_FQDN]; exp; exp=exp->m_next) { - /* check mountpoint option */ - if (exp->m_mayexport && - exp->m_export.e_mountpoint && - !is_mountpoint(exp->m_export.e_mountpoint[0]? - exp->m_export.e_mountpoint: - exp->m_export.e_path)) { - printf("%s not exported as %s not a mountpoint.\n", - exp->m_export.e_path, exp->m_export.e_mountpoint); - exp->m_mayexport = 0; - } - if (exp->m_mayexport && ((exp->m_exported<1) || exp->m_changed)) { - if (verbose) - printf("%sexporting %s:%s to kernel\n", - exp->m_exported ?"re":"", - exp->m_client->m_hostname, - exp->m_export.e_path); - if (!export_export(exp)) - error(exp, errno); - } - if (exp->m_exported && ! exp->m_mayexport) { - if (verbose) - printf("unexporting %s:%s from kernel\n", - exp->m_client->m_hostname, - exp->m_export.e_path); - if (!export_unexport(exp)) - error(exp, errno); - } + exports_update_one(exp, verbose); + } + for (exp = exportlist[MCL_GSS]; exp; exp=exp->m_next) { + exports_update_one(exp, verbose); } } diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index 034a896..7a032bc 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -79,6 +79,11 @@ may work by accident when reverse DNS lookups fail. '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +.SS RPCSEC_GSS security +To restrict access to an export using rpcsec_gss security, use the special +string "gss/krb5" as the client. It is not possible to simultaneously require +rpcsec_gss and to make requirements on the IP address of the client. +.PP .SS General Options .IR exportfs understands the following export options: -- 2.39.2