From e06694ca075bc26870d3504dddda814f56a61a81 Mon Sep 17 00:00:00 2001 From: neilbrown Date: Tue, 19 Oct 2004 00:31:28 +0000 Subject: [PATCH] more gss fixes --- configure | 503 +++++++++++++++++++++++++++++----- debian/control | 2 +- debian/gssapi_mech.conf | 19 ++ debian/nfs-common.conffiles | 1 + debian/nfs-common.default | 4 + debian/nfs-common.files | 1 + debian/nfs-common.init | 31 ++- debian/nfs-common.install | 1 + debian/nfs-kernel-server.init | 21 +- 9 files changed, 512 insertions(+), 71 deletions(-) create mode 100644 debian/gssapi_mech.conf diff --git a/configure b/configure index 6981e5d..02fa4a8 100755 --- a/configure +++ b/configure @@ -22,12 +22,16 @@ ac_help="$ac_help --enable-nfsv3 enable support for NFSv3" ac_help="$ac_help --enable-nfsv4 enable support for NFSv4" +ac_help="$ac_help + --enable-gss enable support for rpcsec_gss" ac_help="$ac_help --enable-kprefix install progs as rpc.knfsd etc" ac_help="$ac_help --enable-secure-statd Only lockd can use statd (security)" ac_help="$ac_help --enable-rquotad enable rquotad" +ac_help="$ac_help + --with-krb5=DIR use Kerberos v5 installation in DIR" # Initialize some variables set by options. # The variables have the same names as the options, with @@ -612,6 +616,29 @@ EOF fi +# Check whether --enable-gss or --disable-gss was given. +if test "${enable_gss+set}" = set; then + enableval="$enable_gss" + enable_gss=$enableval +else + enable_gss=yes +fi + + if test "$enable_gss" = yes; then + cat >> confdefs.h <<\EOF +#define GSS_SUPPORTED 1 +EOF + + GSSD=gssd + SVCGSSD=svcgssd + else + enable_gss= + GSSD= + SVCGSSD= + fi + + + # Check whether --enable-kprefix or --disable-kprefix was given. if test "${enable_kprefix+set}" = set; then enableval="$enable_kprefix" @@ -655,7 +682,7 @@ fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:659: checking for $ac_word" >&5 +echo "configure:686: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -685,7 +712,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:689: checking for $ac_word" >&5 +echo "configure:716: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -736,7 +763,7 @@ fi # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:740: checking for $ac_word" >&5 +echo "configure:767: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -768,7 +795,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:772: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:799: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -779,12 +806,12 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext << EOF -#line 783 "configure" +#line 810 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:815: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -810,12 +837,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:814: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:841: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:819: checking whether we are using GNU C" >&5 +echo "configure:846: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -824,7 +851,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:828: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:855: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -843,7 +870,7 @@ ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:847: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:874: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -875,7 +902,7 @@ else fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:879: checking how to run the C preprocessor" >&5 +echo "configure:906: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -890,13 +917,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:900: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:927: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -907,13 +934,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:917: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:944: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -924,13 +951,13 @@ else rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:961: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -985,7 +1012,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:989: checking for a BSD compatible install" >&5 +echo "configure:1016: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1048,7 +1075,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:1052: checking host system type" >&5 +echo "configure:1079: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -1069,7 +1096,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:1073: checking build system type" >&5 +echo "configure:1100: checking build system type" >&5 build_alias=$build case "$build_alias" in @@ -1095,7 +1122,7 @@ fi # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1099: checking for $ac_word" >&5 +echo "configure:1126: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1127,7 +1154,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1131: checking for $ac_word" >&5 +echo "configure:1158: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1162,7 +1189,7 @@ fi # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1166: checking for $ac_word" >&5 +echo "configure:1193: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1194,7 +1221,7 @@ fi # Extract the first word of "${ac_tool_prefix}ld", so it can be a program name with args. set dummy ${ac_tool_prefix}ld; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1198: checking for $ac_word" >&5 +echo "configure:1225: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1225,12 +1252,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1229: checking for ANSI C header files" >&5 +echo "configure:1256: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1238,7 +1265,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1242: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1255,7 +1282,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1273,7 +1300,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1294,7 +1321,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1305,7 +1332,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:1309: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1336: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1329,12 +1356,12 @@ EOF fi echo $ac_n "checking for GNU libc2""... $ac_c" 1>&6 -echo "configure:1333: checking for GNU libc2" >&5 +echo "configure:1360: checking for GNU libc2" >&5 if eval "test \"`echo '$''{'knfsd_cv_glibc2'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -1343,7 +1370,7 @@ else #endif EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1347: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1374: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1366,7 +1393,7 @@ fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1370: checking for main in -lsocket" >&5 +echo "configure:1397: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1374,14 +1401,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1402,7 +1429,7 @@ else fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1406: checking for main in -lnsl" >&5 +echo "configure:1433: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1410,14 +1437,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1448: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1438,7 +1465,7 @@ else fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1442: checking for crypt in -lcrypt" >&5 +echo "configure:1469: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1446,7 +1473,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1488: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1479,7 +1506,7 @@ fi if test "$enable_nfsv4" = yes; then echo $ac_n "checking for event_dispatch in -levent""... $ac_c" 1>&6 -echo "configure:1483: checking for event_dispatch in -levent" >&5 +echo "configure:1510: checking for event_dispatch in -levent" >&5 ac_lib_var=`echo event'_'event_dispatch | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1487,7 +1514,7 @@ else ac_save_LIBS="$LIBS" LIBS="-levent $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1529: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1526,7 +1553,7 @@ else fi echo $ac_n "checking for nfs4_uid_to_name in -lnfsidmap""... $ac_c" 1>&6 -echo "configure:1530: checking for nfs4_uid_to_name in -lnfsidmap" >&5 +echo "configure:1557: checking for nfs4_uid_to_name in -lnfsidmap" >&5 ac_lib_var=`echo nfsidmap'_'nfs4_uid_to_name | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1534,7 +1561,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnfsidmap $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1576: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1576,17 +1603,17 @@ fi do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1580: checking for $ac_hdr" >&5 +echo "configure:1607: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1590: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1617: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1616,17 +1643,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1620: checking for $ac_hdr" >&5 +echo "configure:1647: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1630: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1657: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1655,7 +1682,7 @@ done fi if test "$knfsd_cv_glibc2" = no; then echo $ac_n "checking for daemon in -lbsd""... $ac_c" 1>&6 -echo "configure:1659: checking for daemon in -lbsd" >&5 +echo "configure:1686: checking for daemon in -lbsd" >&5 ac_lib_var=`echo bsd'_'daemon | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1663,7 +1690,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1705: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1701,14 +1728,14 @@ fi echo $ac_n "checking for the tcp wrapper library""... $ac_c" 1>&6 -echo "configure:1705: checking for the tcp wrapper library" >&5 +echo "configure:1732: checking for the tcp wrapper library" >&5 if eval "test \"`echo '$''{'knfsd_cv_tcp_wrapper'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else old_LIBS="$LIBS" LIBS="$LIBS -lwrap $LIBNSL" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1748: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* knfsd_cv_tcp_wrapper=yes else @@ -1739,16 +1766,358 @@ fi +if test "$enable_gss" = yes; then + echo $ac_n "checking for Kerberos v5""... $ac_c" 1>&6 +echo "configure:1772: checking for Kerberos v5" >&5 + # Check whether --with-krb5 or --without-krb5 was given. +if test "${with_krb5+set}" = set; then + withval="$with_krb5" + case "$withval" in + yes|no) + krb5_with="" + ;; + *) + krb5_with="$withval" + ;; + esac + +fi + + + for dir in $krb5_with /usr/kerberos /usr/local /usr/local/krb5 /usr/krb5 \ + /usr/heimdal /usr/local/heimdal /usr/athena /usr ; do + K5CONFIG="" + if test -f $dir/bin/krb5-config; then + K5CONFIG=$dir/bin/krb5-config + elif test -f "/usr/kerberos/bin/krb5-config"; then + K5CONFIG="/usr/kerberos/bin/krb5-config" + fi + if test "$K5CONFIG" != ""; then + if test -f $dir/include/gssapi/gssapi_krb5.h -a \ + \( -f $dir/lib/libgssapi_krb5.a -o \ + -f $dir/lib/libgssapi_krb5.so \) ; then + cat >> confdefs.h <<\EOF +#define HAVE_KRB5 1 +EOF + + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | awk '{split($4,v,"."); print v[1]v[2]v[3] }'` + cat >> confdefs.h <> confdefs.h <<\EOF +#define USE_PRIVATE_KRB5_FUNCTIONS 1 +EOF + + fi + echo $ac_n "checking for gss_krb5_export_lucid_sec_context in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1818: checking for gss_krb5_export_lucid_sec_context in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_export_lucid_sec_context | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_LUCID_CONTEXT_SUPPORT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_set_allowable_enctypes in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1861: checking for gss_krb5_set_allowable_enctypes in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_set_allowable_enctypes | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SET_ALLOWABLE_ENCTYPES 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_ccache_name in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1904: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_ccache_name | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_GSS_KRB5_CCACHE_NAME 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + break + elif test \( -f $dir/include/heim_err.h -o\ + -f $dir/include/heimdal/heim_err.h \) -a \ + -f $dir/lib/libroken.a; then + cat >> confdefs.h <<\EOF +#define HAVE_HEIMDAL 1 +EOF + + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | head -1 | awk '{split($2,v,"."); print v[1]v[2]v[3] }'` + cat >> confdefs.h <&6 +echo "configure:1962: checking for gss_krb5_export_lucid_sec_context in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_export_lucid_sec_context | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_LUCID_CONTEXT_SUPPORT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_set_allowable_enctypes in -lgssapi""... $ac_c" 1>&6 +echo "configure:2005: checking for gss_krb5_set_allowable_enctypes in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_set_allowable_enctypes | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SET_ALLOWABLE_ENCTYPES 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_ccache_name in -lgssapi""... $ac_c" 1>&6 +echo "configure:2048: checking for gss_krb5_ccache_name in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_ccache_name | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_GSS_KRB5_CCACHE_NAME 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + break + fi + CFLAGS=$CFLAGS `K5CONFIG --cflags` + fi + done + if test "x$KRBDIR" = "x"; then + if test "x$krb5_with" = "x"; then + { echo "configure: error: Kerberos v5 with GSS support not found" 1>&2; exit 1; } + else + { echo "configure: error: Kerberos v5 with GSS support not found at $krb5_with" 1>&2; exit 1; } + fi + fi + echo "$ac_t""$KRBDIR" 1>&6 + if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then + echo "configure: warning: Using $KRBDIR instead of requested value of $krb5_with for Kerberos!" 1>&2 + fi + + + + +fi + for ac_func in innetgr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1747: checking for $ac_func" >&5 +echo "configure:2116: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1944,6 +2313,9 @@ s%@statduser@%$statduser%g s%@enable_nfsv3@%$enable_nfsv3%g s%@IDMAPD@%$IDMAPD%g s%@enable_nfsv4@%$enable_nfsv4%g +s%@GSSD@%$GSSD%g +s%@SVCGSSD@%$SVCGSSD%g +s%@enable_gss@%$enable_gss%g s%@kprefix@%$kprefix%g s%@secure_statd@%$secure_statd%g s%@RQUOTAD@%$RQUOTAD%g @@ -1971,6 +2343,9 @@ s%@LIBNSL@%$LIBNSL%g s%@LIBCRYPT@%$LIBCRYPT%g s%@LIBBSD@%$LIBBSD%g s%@LIBWRAP@%$LIBWRAP%g +s%@KRBDIR@%$KRBDIR%g +s%@KRBLIB@%$KRBLIB%g +s%@K5VERS@%$K5VERS%g CEOF EOF diff --git a/debian/control b/debian/control index 3fa4ac1..f81ff7f 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: nfs-utils Priority: standard Section: net Maintainer: Chip Salzenberg -Build-Depends: debhelper (>= 4.1.16), libwrap0-dev, libevent-dev, libnfsidmap-dev +Build-Depends: debhelper (>= 4.1.16), libwrap0-dev, libevent-dev, libnfsidmap-dev, libkrb5-dev Standards-Version: 3.1.1.1 Package: nfs-kernel-server diff --git a/debian/gssapi_mech.conf b/debian/gssapi_mech.conf new file mode 100644 index 0000000..2dd2fc5 --- /dev/null +++ b/debian/gssapi_mech.conf @@ -0,0 +1,19 @@ +# GSSAPI Mechanism Definitions +# +# This configuration file determines which GSS-API mechanisms +# the gssd code should use +# +# NOTE: +# The initiaiization function "mechglue_internal_krb5_init" +# is used for the MIT krb5 gssapi mechanism. This special +# function name indicates that an internal function should +# be used to determine the entry points for the MIT gssapi +# mechanism funtions. +# +# library initialization function +# ================================ ========================== +# The MIT K5 gssapi library, use special function for initialization. +/usr/lib/libgssapi_krb5.so.2 mechglue_internal_krb5_init +# +# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. +#/usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/debian/nfs-common.conffiles b/debian/nfs-common.conffiles index 9e5647c..70e74f5 100644 --- a/debian/nfs-common.conffiles +++ b/debian/nfs-common.conffiles @@ -1,3 +1,4 @@ /etc/default/nfs-common /etc/init.d/nfs-common /etc/idmapd.conf +/etc/gssapi_mech.conf diff --git a/debian/nfs-common.default b/debian/nfs-common.default index d38d456..311cded 100644 --- a/debian/nfs-common.default +++ b/debian/nfs-common.default @@ -10,3 +10,7 @@ NEED_LOCKD= # If you are not using NFSv4 and wish to disable the idmapd daemon # then uncomment the following line # NEED_IDMAPD=no + +# If you are not running NFS with RPCSEC_GSS security, and wish to +# disable the gssd client daemon then uncomment the following line +# NEED_GSSD=no diff --git a/debian/nfs-common.files b/debian/nfs-common.files index a5950e9..43fca56 100644 --- a/debian/nfs-common.files +++ b/debian/nfs-common.files @@ -1,4 +1,5 @@ usr/sbin/nfsstat +usr/sbin/rpc.gssd usr/sbin/rpc.idmapd usr/share/man/man8/*lockd* usr/share/man/man8/*statd* diff --git a/debian/nfs-common.init b/debian/nfs-common.init index cd74730..c46e832 100755 --- a/debian/nfs-common.init +++ b/debian/nfs-common.init @@ -20,7 +20,10 @@ PREFIX= NEED_LOCKD= NEED_IDMAPD=yes IDMAPD_PIDFILE=/var/run/rpc.idmapd.pid +NEED_GSSD=yes +GSSD_PIDFILE=/var/run/rpc.gssd.pid PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs +RPCGSSDOPTS= if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi @@ -51,6 +54,7 @@ esac [ -x $PREFIX/sbin/rpc.statd ] || exit 0 [ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 [ -x /usr/sbin/rpc.idmapd ] || [ "$NEED_IDMAPD" = no ] || exit 0 +[ -x /usr/sbin/rpc.gssd ] || [ "$NEED_GSSD" = no ] || exit 0 do_modprobe() { modprobe -q $1 || true @@ -83,15 +87,25 @@ case "$1" in start-stop-daemon --start --quiet \ --exec $PREFIX/sbin/rpc.lockd || true fi - if [ "$NEED_IDMAPD" = yes ] + if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ] then do_modprobe nfs if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT; then - printf " idmapd" - start-stop-daemon --start --quiet \ - --make-pidfile --pidfile $IDMAPD_PIDFILE \ - --exec /usr/sbin/rpc.idmapd + if [ "$NEED_IDMAPD" = yes ] + then + printf " idmapd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile $IDMAPD_PIDFILE \ + --exec /usr/sbin/rpc.idmapd + fi + if [ "$NEED_GSSD" = yes ] + then + printf " gssd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile $GSSD_PIDFILE \ + --exec /usr/sbin/rpc.gssd -- $RPCGSSDOPTS + fi fi fi echo "." @@ -99,6 +113,13 @@ case "$1" in stop) printf "Stopping $DESC:" + if [ "$NEED_GSSD" = yes ] + then + printf " gssd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.gssd --user 0 + rm -f $GSSD_PIDFILE + fi if [ "$NEED_IDMAPD" = yes ] then printf " idmapd" diff --git a/debian/nfs-common.install b/debian/nfs-common.install index 72c8f3b..8d81caa 100644 --- a/debian/nfs-common.install +++ b/debian/nfs-common.install @@ -1 +1,2 @@ debian/idmapd.conf etc +debian/gssapi_mech.conf etc diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init index d500ebc..23215ec 100755 --- a/debian/nfs-kernel-server.init +++ b/debian/nfs-kernel-server.init @@ -20,11 +20,15 @@ PREFIX=/usr [ -x $PREFIX/sbin/rpc.nfsd ] || exit 0 [ -x $PREFIX/sbin/rpc.mountd ] || exit 0 [ -x $PREFIX/sbin/exportfs ] || exit 0 +[ -x $PREFIX/sbin/rpc.svcgssd ] || exit 0 # Read config DEFAULTFILE=/etc/default/nfs-kernel-server RPCNFSDCOUNT=8 RPCMOUNTDOPTS= +NEED_SVCGSSD=yes +RPCGSSDOPTS= +RPCSVCGSSDOPTS= PROCNFSD_MOUNTPOINT=/proc/fs/nfsd if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE @@ -54,12 +58,20 @@ case "$1" in if grep -q '^/' /etc/exports then do_modprobe nfsd - do_mount nfsd $PROCNFSD_MOUNTPOINT || true + do_mount nfsd $PROCNFSD_MOUNTPOINT || NEED_SVCGSSD=no printf "Exporting directories for $DESC..." $PREFIX/sbin/exportfs -r echo "done." printf "Starting $DESC:" + if [ "$NEED_SVCGSSD" = yes ] + then + printf " svcgssd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile /var/run/rpc.svcgssd.pid \ + --exec $PREFIX/sbin/rpc.svcgssd -- $RPCSVCGSSDOPTS + fi + printf " nfsd" start-stop-daemon --start --quiet \ --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT @@ -93,6 +105,13 @@ case "$1" in printf "Stopping $DESC: mountd" start-stop-daemon --stop --oknodo --quiet \ --name rpc.mountd --user 0 + if [ "$NEED_SVCGSSD" = yes ] + then + printf " svcgssd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.svcgssd --user 0 + rm -f /var/run/rpc.svcgssd.pid + fi printf " nfsd" start-stop-daemon --stop --oknodo --quiet \ --name nfsd --user 0 --signal 2 -- 2.39.2