The complete set of CITI nfs-utils patches rolled into one patch. Changes since CITI-NFS4_ALL-22 * Fix from kwc for gssd hang that would happen after a downcall failed (e.g. because a user without credentials attempted a filesystem operation) * minor error reporting fix --- nfs-utils-1.0.6-bfields/ChangeLog | 77 nfs-utils-1.0.6-bfields/config.mk.in | 4 nfs-utils-1.0.6-bfields/configure | 683 +++++++ nfs-utils-1.0.6-bfields/configure.in | 125 + nfs-utils-1.0.6-bfields/debian/changelog | 50 nfs-utils-1.0.6-bfields/debian/control | 2 nfs-utils-1.0.6-bfields/debian/etc.exports | 2 nfs-utils-1.0.6-bfields/debian/idmapd.conf | 10 nfs-utils-1.0.6-bfields/debian/nfs-common.conffiles | 1 nfs-utils-1.0.6-bfields/debian/nfs-common.default | 8 nfs-utils-1.0.6-bfields/debian/nfs-common.files | 2 nfs-utils-1.0.6-bfields/debian/nfs-common.init | 85 nfs-utils-1.0.6-bfields/debian/nfs-common.install | 1 nfs-utils-1.0.6-bfields/debian/nfs-common.postinst | 7 nfs-utils-1.0.6-bfields/debian/nfs-common.postrm | 4 nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.NEWS | 8 nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.conffiles | 1 nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.init | 39 nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.postinst | 34 nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.postrm | 4 nfs-utils-1.0.6-bfields/debian/rules | 11 nfs-utils-1.0.6-bfields/support/export/client.c | 4 nfs-utils-1.0.6-bfields/support/export/nfsctl.c | 2 nfs-utils-1.0.6-bfields/support/gssapi/Makefile | 24 nfs-utils-1.0.6-bfields/support/gssapi/SAMPLE_gssapi_mech.conf | 19 nfs-utils-1.0.6-bfields/support/gssapi/g_accept_sec_context.c | 213 ++ nfs-utils-1.0.6-bfields/support/gssapi/g_acquire_cred.c | 539 ++++++ nfs-utils-1.0.6-bfields/support/gssapi/g_compare_name.c | 165 + nfs-utils-1.0.6-bfields/support/gssapi/g_context_time.c | 75 nfs-utils-1.0.6-bfields/support/gssapi/g_delete_sec_context.c | 88 nfs-utils-1.0.6-bfields/support/gssapi/g_dsp_name.c | 96 + nfs-utils-1.0.6-bfields/support/gssapi/g_dsp_status.c | 86 nfs-utils-1.0.6-bfields/support/gssapi/g_dup_name.c | 162 + nfs-utils-1.0.6-bfields/support/gssapi/g_exp_sec_context.c | 108 + nfs-utils-1.0.6-bfields/support/gssapi/g_glue.c | 344 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_imp_name.c | 161 + nfs-utils-1.0.6-bfields/support/gssapi/g_imp_sec_context.c | 128 + nfs-utils-1.0.6-bfields/support/gssapi/g_indicate_mechs.c | 90 + nfs-utils-1.0.6-bfields/support/gssapi/g_init_sec_context.c | 194 ++ nfs-utils-1.0.6-bfields/support/gssapi/g_initialize.c | 380 ++++ nfs-utils-1.0.6-bfields/support/gssapi/g_inq_context.c | 143 + nfs-utils-1.0.6-bfields/support/gssapi/g_inq_cred.c | 199 ++ nfs-utils-1.0.6-bfields/support/gssapi/g_inq_names.c | 69 nfs-utils-1.0.6-bfields/support/gssapi/g_mechname.c | 116 + nfs-utils-1.0.6-bfields/support/gssapi/g_mit_krb5_mech.c | 297 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_oid_ops.c | 121 + nfs-utils-1.0.6-bfields/support/gssapi/g_process_context.c | 75 nfs-utils-1.0.6-bfields/support/gssapi/g_rel_buffer.c | 58 nfs-utils-1.0.6-bfields/support/gssapi/g_rel_cred.c | 104 + nfs-utils-1.0.6-bfields/support/gssapi/g_rel_name.c | 92 + nfs-utils-1.0.6-bfields/support/gssapi/g_rel_oid_set.c | 63 nfs-utils-1.0.6-bfields/support/gssapi/g_seal.c | 155 + nfs-utils-1.0.6-bfields/support/gssapi/g_set_allowable_enctypes.c | 81 nfs-utils-1.0.6-bfields/support/gssapi/g_sign.c | 99 + nfs-utils-1.0.6-bfields/support/gssapi/g_unseal.c | 105 + nfs-utils-1.0.6-bfields/support/gssapi/g_verify.c | 137 + nfs-utils-1.0.6-bfields/support/gssapi/gen_oids.c | 80 nfs-utils-1.0.6-bfields/support/gssapi/gssd_pname_to_uid.c | 71 nfs-utils-1.0.6-bfields/support/gssapi/mechglue.h | 46 nfs-utils-1.0.6-bfields/support/gssapi/mglueP.h | 503 +++++ nfs-utils-1.0.6-bfields/support/gssapi/oid_ops.c | 449 +++++ nfs-utils-1.0.6-bfields/support/include/config.h.in | 20 nfs-utils-1.0.6-bfields/support/include/exportfs.h | 1 nfs-utils-1.0.6-bfields/support/include/gssapi/gssapi.h | 846 +++++++++ nfs-utils-1.0.6-bfields/support/include/ha-callout.h | 52 nfs-utils-1.0.6-bfields/support/include/nfslib.h | 3 nfs-utils-1.0.6-bfields/support/lib/Makefile | 2 nfs-utils-1.0.6-bfields/support/nfs/cacheio.c | 8 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/auth.h | 216 ++ nfs-utils-1.0.6-bfields/support/rpc/include/rpc/auth_gss.h | 122 + nfs-utils-1.0.6-bfields/support/rpc/include/rpc/auth_unix.h | 84 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/clnt.h | 373 ++++ nfs-utils-1.0.6-bfields/support/rpc/include/rpc/pmap_clnt.h | 87 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/pmap_prot.h | 106 + nfs-utils-1.0.6-bfields/support/rpc/include/rpc/pmap_rmt.h | 65 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/rpc.h | 109 + nfs-utils-1.0.6-bfields/support/rpc/include/rpc/rpc_des.h | 133 + nfs-utils-1.0.6-bfields/support/rpc/include/rpc/rpc_msg.h | 197 ++ nfs-utils-1.0.6-bfields/support/rpc/include/rpc/svc.h | 334 +++ nfs-utils-1.0.6-bfields/support/rpc/include/rpc/svc_auth.h | 81 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/types.h | 66 nfs-utils-1.0.6-bfields/support/rpc/include/rpc/xdr.h | 310 +++ nfs-utils-1.0.6-bfields/tools/rpcdebug/Makefile | 2 nfs-utils-1.0.6-bfields/tools/rpcdebug/rpcdebug.c | 150 - nfs-utils-1.0.6-bfields/utils/Makefile.in | 2 nfs-utils-1.0.6-bfields/utils/exportfs/exportfs.c | 69 nfs-utils-1.0.6-bfields/utils/exportfs/exports.man | 27 nfs-utils-1.0.6-bfields/utils/gssd/Makefile | 15 nfs-utils-1.0.6-bfields/utils/gssd/context.c | 467 +++++ nfs-utils-1.0.6-bfields/utils/gssd/context.h | 38 nfs-utils-1.0.6-bfields/utils/gssd/context_heimdal.c | 256 ++ nfs-utils-1.0.6-bfields/utils/gssd/err_util.c | 92 + nfs-utils-1.0.6-bfields/utils/gssd/err_util.h | 37 nfs-utils-1.0.6-bfields/utils/gssd/gss_clnt_send_err.c | 104 + nfs-utils-1.0.6-bfields/utils/gssd/gss_destroy_creds | 11 nfs-utils-1.0.6-bfields/utils/gssd/gss_oids.c | 39 nfs-utils-1.0.6-bfields/utils/gssd/gss_oids.h | 46 nfs-utils-1.0.6-bfields/utils/gssd/gss_util.c | 212 ++ nfs-utils-1.0.6-bfields/utils/gssd/gss_util.h | 44 nfs-utils-1.0.6-bfields/utils/gssd/gssd.c | 134 + nfs-utils-1.0.6-bfields/utils/gssd/gssd.h | 89 + nfs-utils-1.0.6-bfields/utils/gssd/gssd.man | 63 nfs-utils-1.0.6-bfields/utils/gssd/gssd_main_loop.c | 144 + nfs-utils-1.0.6-bfields/utils/gssd/gssd_proc.c | 670 +++++++ nfs-utils-1.0.6-bfields/utils/gssd/krb5_util.c | 809 +++++++++ nfs-utils-1.0.6-bfields/utils/gssd/krb5_util.h | 30 nfs-utils-1.0.6-bfields/utils/gssd/write_bytes.h | 139 + nfs-utils-1.0.6-bfields/utils/gssdestroycreds/Makefile | 14 nfs-utils-1.0.6-bfields/utils/idmapd/Makefile | 12 nfs-utils-1.0.6-bfields/utils/idmapd/atomicio.c | 63 nfs-utils-1.0.6-bfields/utils/idmapd/cfg.c | 889 ++++++++++ nfs-utils-1.0.6-bfields/utils/idmapd/cfg.h | 67 nfs-utils-1.0.6-bfields/utils/idmapd/idmapd.c | 884 +++++++++ nfs-utils-1.0.6-bfields/utils/idmapd/idmapd.conf | 10 nfs-utils-1.0.6-bfields/utils/idmapd/idmapd.conf.man | 74 nfs-utils-1.0.6-bfields/utils/idmapd/idmapd.man | 94 + nfs-utils-1.0.6-bfields/utils/idmapd/nfs_idmap.h | 71 nfs-utils-1.0.6-bfields/utils/idmapd/queue.h | 499 +++++ nfs-utils-1.0.6-bfields/utils/idmapd/setproctitle.c | 110 + nfs-utils-1.0.6-bfields/utils/idmapd/strlcat.c | 77 nfs-utils-1.0.6-bfields/utils/idmapd/strlcpy.c | 73 nfs-utils-1.0.6-bfields/utils/mountd/auth.c | 1 nfs-utils-1.0.6-bfields/utils/mountd/cache.c | 7 nfs-utils-1.0.6-bfields/utils/mountd/mountd.c | 22 nfs-utils-1.0.6-bfields/utils/mountd/mountd.man | 24 nfs-utils-1.0.6-bfields/utils/mountd/rmtab.c | 10 nfs-utils-1.0.6-bfields/utils/statd/monitor.c | 53 nfs-utils-1.0.6-bfields/utils/statd/rmtcall.c | 3 nfs-utils-1.0.6-bfields/utils/statd/statd.c | 25 nfs-utils-1.0.6-bfields/utils/statd/statd.h | 2 nfs-utils-1.0.6-bfields/utils/statd/statd.man | 29 nfs-utils-1.0.6-bfields/utils/statd/svc_run.c | 5 nfs-utils-1.0.6-bfields/utils/svcgssd/Makefile | 22 nfs-utils-1.0.6-bfields/utils/svcgssd/cacheio.c | 289 +++ nfs-utils-1.0.6-bfields/utils/svcgssd/cacheio.h | 48 nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd.c | 209 ++ nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd.h | 43 nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd.man | 41 nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd_main_loop.c | 86 nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd_mech2file.c | 77 nfs-utils-1.0.6-bfields/utils/svcgssd/svcgssd_proc.c | 339 +++ nfs-utils-1.0.6/debian/nfs-common.config | 10 nfs-utils-1.0.6/debian/nfs-common.templates | 5 nfs-utils-1.0.6/debian/nfs-kernel-server.config | 15 nfs-utils-1.0.6/debian/nfs-kernel-server.templates | 17 nfs-utils-1.0.6/etc/nodist/nfs-client | 74 nfs-utils-1.0.6/etc/nodist/nfs-functions | 104 - nfs-utils-1.0.6/etc/nodist/nfs-server | 129 - nfs-utils-1.0.6/etc/redhat/nfs | 31 nfs-utils-1.0.6/etc/redhat/nfs.init | 182 -- nfs-utils-1.0.6/etc/redhat/nfslock.init | 90 - nfs-utils-1.0.6/nfs-utils.spec | 110 - nfs-utils-1.0.6/nfs-utils.spec.in | 110 - 153 files changed, 18073 insertions(+), 1079 deletions(-) diff -puN ChangeLog~CITI_NFS4_ALL ChangeLog --- nfs-utils-1.0.6/ChangeLog~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/ChangeLog 2004-10-27 18:02:49.000000000 -0400 @@ -1,3 +1,78 @@ +2004-10-19 "J. Bruce Fields" + + * support/gssapi/* support/rpc/* utils/gssd/* utils/svcgssd/* etc + initial support for GSSAPI authentication + +2004-09-15 Neil Brown + + * utils/statd/monitor.c(sm_unmon_1_svc): is RESTRICTED_STATD, then + check IP address and force my_name to 127.0.0.1 to match + what happens in sm_mon_1_svc. This avoid spurious "erroneous + SM_UNMON" messages. + * utils/statd.monitor.c(sm_unmon_all_1_svc): likewise + +2004-09-15 "J. Bruce Fields" + + * Assorted changes to support "gss/*" style authentication + * utils/idmapd: new idmapd daemon for nfsv4 username lookup + +2004-09-06 Trond Myklebust + Neil Brown + + * utils/mountd/auth.c(auth_authenticate_internal): fix + uninitialsed variable problem (causes bad error messages). + +2004-09-06 Paul Clements + Neil Brown + + * utils/mountd/mountd.c(main): support --ha-callout (-H) for + specifying a callout program + * utils/mountd/rmtab.c: Call ha_callout on mount/unmount + * utils/statd/monitor.c: Call ha_callout on add/del client + * utils/statd/rmtcall.c: as above + * utils/statd/statd.c: handle --ha-callout (-H) + * utils/statd/svc_run.c: call notify_hosts is we have received a + sighup + * support/include/ha-callout.h: define ha_callout function + + +2004-08-31 NeilBrown + * utils/mountd/cache.c(cache_process_req): clear fd after + processing so as not to confused libc/sunrpc into thinking + it need to do something with that fd. + +2004-08-31 NeilBrown + + * debian/nfs-kernel-server.init(start,stop) mount the nfsd + filesystem, if available, before starting nfs services, and + unmount it afterwards. + * etc/nodist/nfs-server: ditto + * etc/redhat/nfs.init: likewise + * etc/redhat/nfs: add "MOUNT_NFSD" flag to control above. + +2004-06-08 NeilBrown + + * utils/exportfs/exportfs.c: Don't rmtab_read if new_cache, it + isn't necessary. + * support/nfs/cacheio.c(cache_flush): Change order in which caches + are flushed so that dependancies don't keep things in the cache + too long. + +2004-03-18 Chip Salzenberg + + * debian/changelog: Version 1.0.6-2. + +2004-02-24 NeilBrown + from "J. Bruce Fields" + + * utils/mountd/cache.c: call auth_reload to make sure auth data is + current before responding to kernel upcall. + +2004-02-24 NeilBrown + Based on patch from Greg Banks + + * utils/exportfs/exports.man: Document fsid= option. + 2003-09-15 NeilBrown Release 1.0.6 @@ -8,7 +83,7 @@ utils/statd/Makefile: add "predep" rule so that "make dep" works. * Makefile: allow a simple "make" to run ./configure and "make dep" if needed. - * configure.in, nfs-utils.spec: Update version to 1.0.4 + * configure.in, nfs-utils.spec: Update version to 1.0.6 * run autoconf 2003-09-12 Chip Salzenberg diff -puN config.mk.in~CITI_NFS4_ALL config.mk.in --- nfs-utils-1.0.6/config.mk.in~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/config.mk.in 2004-10-27 18:02:49.000000000 -0400 @@ -33,6 +33,9 @@ MANGROUP = root LIBBSD = @LIBBSD@ LIBNSL = @LIBNSL@ LIBWRAP = @LIBWRAP@ +KRBLIB = @KRBLIB@ +KRBDIR = @KRBDIR@ +KRB5_VERSION = @K5VERS@ ################# END OF USER SERVICEABLE PARTS ################## ALLTARGETS = all clean distclean install installman \ @@ -58,6 +61,7 @@ INSTALL = install MAN2PS = groff -Tps -man AFLAGS = -I$(TOP)support/include \ + -I$(KRBDIR)/include \ -Wall $(ARCHFLAGS) -pipe ifdef KERNEL_INCDIR AFLAGS += -I$(KERNEL_INCDIR) diff -puN configure~CITI_NFS4_ALL configure --- nfs-utils-1.0.6/configure~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/configure 2004-10-27 18:02:50.000000000 -0400 @@ -21,11 +21,17 @@ ac_help="$ac_help ac_help="$ac_help --enable-nfsv3 enable support for NFSv3" ac_help="$ac_help + --enable-nfsv4 enable support for NFSv4" +ac_help="$ac_help + --enable-gss enable support for rpcsec_gss" +ac_help="$ac_help --enable-kprefix install progs as rpc.knfsd etc" ac_help="$ac_help --enable-secure-statd Only lockd can use statd (security)" ac_help="$ac_help --enable-rquotad enable rquotad" +ac_help="$ac_help + --with-krb5=DIR use Kerberos v5 installation in DIR" # Initialize some variables set by options. # The variables have the same names as the options, with @@ -590,6 +596,49 @@ EOF enable_nfsv3= fi +# Check whether --enable-nfsv4 or --disable-nfsv4 was given. +if test "${enable_nfsv4+set}" = set; then + enableval="$enable_nfsv4" + enable_nfsv4=$enableval +else + enable_nfsv4=yes +fi + + if test "$enable_nfsv4" = yes; then + cat >> confdefs.h <<\EOF +#define NFS4_SUPPORTED 1 +EOF + + IDMAPD=idmapd + else + enable_nfsv4= + IDMAPD= + fi + + +# Check whether --enable-gss or --disable-gss was given. +if test "${enable_gss+set}" = set; then + enableval="$enable_gss" + enable_gss=$enableval +else + enable_gss=yes +fi + + if test "$enable_gss" = yes; then + cat >> confdefs.h <<\EOF +#define GSS_SUPPORTED 1 +EOF + + GSSD=gssd + SVCGSSD=svcgssd + else + enable_gss= + GSSD= + SVCGSSD= + fi + + + # Check whether --enable-kprefix or --disable-kprefix was given. if test "${enable_kprefix+set}" = set; then enableval="$enable_kprefix" @@ -633,7 +682,7 @@ fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:637: checking for $ac_word" >&5 +echo "configure:686: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -663,7 +712,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:667: checking for $ac_word" >&5 +echo "configure:716: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -714,7 +763,7 @@ fi # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:718: checking for $ac_word" >&5 +echo "configure:767: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -746,7 +795,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:750: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:799: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -757,12 +806,12 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext << EOF -#line 761 "configure" +#line 810 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:815: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -788,12 +837,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:792: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:841: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:797: checking whether we are using GNU C" >&5 +echo "configure:846: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -802,7 +851,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:806: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:855: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -821,7 +870,7 @@ ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:825: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:874: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -853,7 +902,7 @@ else fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:857: checking how to run the C preprocessor" >&5 +echo "configure:906: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -868,13 +917,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:878: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:927: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -885,13 +934,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:895: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:944: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -902,13 +951,13 @@ else rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:912: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:961: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -963,7 +1012,7 @@ ac_configure=$ac_aux_dir/configure # Thi # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:967: checking for a BSD compatible install" >&5 +echo "configure:1016: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1026,7 +1075,7 @@ else { echo "configure: error: can not r fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:1030: checking host system type" >&5 +echo "configure:1079: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -1047,7 +1096,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)- echo "$ac_t""$host" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:1051: checking build system type" >&5 +echo "configure:1100: checking build system type" >&5 build_alias=$build case "$build_alias" in @@ -1073,7 +1122,7 @@ fi # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1077: checking for $ac_word" >&5 +echo "configure:1126: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1105,7 +1154,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1109: checking for $ac_word" >&5 +echo "configure:1158: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1140,7 +1189,7 @@ fi # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1144: checking for $ac_word" >&5 +echo "configure:1193: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1172,7 +1221,7 @@ fi # Extract the first word of "${ac_tool_prefix}ld", so it can be a program name with args. set dummy ${ac_tool_prefix}ld; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1176: checking for $ac_word" >&5 +echo "configure:1225: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1203,12 +1252,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1207: checking for ANSI C header files" >&5 +echo "configure:1256: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1216,7 +1265,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1220: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1233,7 +1282,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1251,7 +1300,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1272,7 +1321,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1283,7 +1332,7 @@ if (XOR (islower (i), ISLOWER (i)) || to exit (0); } EOF -if { (eval echo configure:1287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1336: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1307,12 +1356,12 @@ EOF fi echo $ac_n "checking for GNU libc2""... $ac_c" 1>&6 -echo "configure:1311: checking for GNU libc2" >&5 +echo "configure:1360: checking for GNU libc2" >&5 if eval "test \"`echo '$''{'knfsd_cv_glibc2'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -1321,7 +1370,7 @@ else #endif EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1374: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1344,7 +1393,7 @@ fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1348: checking for main in -lsocket" >&5 +echo "configure:1397: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1352,14 +1401,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1380,7 +1429,7 @@ else fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1384: checking for main in -lnsl" >&5 +echo "configure:1433: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1388,14 +1437,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1448: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1416,7 +1465,7 @@ else fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1420: checking for crypt in -lcrypt" >&5 +echo "configure:1469: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1424,7 +1473,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1488: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1455,9 +1504,185 @@ else echo "$ac_t""no" 1>&6 fi +if test "$enable_nfsv4" = yes; then + echo $ac_n "checking for event_dispatch in -levent""... $ac_c" 1>&6 +echo "configure:1510: checking for event_dispatch in -levent" >&5 +ac_lib_var=`echo event'_'event_dispatch | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-levent $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo event | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + echo $ac_n "checking for nfs4_init_name_mapping in -lnfsidmap""... $ac_c" 1>&6 +echo "configure:1557: checking for nfs4_init_name_mapping in -lnfsidmap" >&5 +ac_lib_var=`echo nfsidmap'_'nfs4_init_name_mapping | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnfsidmap $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo nfsidmap | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_hdr in event.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1607: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1617: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + for ac_hdr in nfsidmap.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1647: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1657: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +fi if test "$knfsd_cv_glibc2" = no; then echo $ac_n "checking for daemon in -lbsd""... $ac_c" 1>&6 -echo "configure:1461: checking for daemon in -lbsd" >&5 +echo "configure:1686: checking for daemon in -lbsd" >&5 ac_lib_var=`echo bsd'_'daemon | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1465,7 +1690,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1705: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1503,14 +1728,14 @@ fi echo $ac_n "checking for the tcp wrapper library""... $ac_c" 1>&6 -echo "configure:1507: checking for the tcp wrapper library" >&5 +echo "configure:1732: checking for the tcp wrapper library" >&5 if eval "test \"`echo '$''{'knfsd_cv_tcp_wrapper'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else old_LIBS="$LIBS" LIBS="$LIBS -lwrap $LIBNSL" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1748: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* knfsd_cv_tcp_wrapper=yes else @@ -1541,16 +1766,358 @@ fi +if test "$enable_gss" = yes; then + echo $ac_n "checking for Kerberos v5""... $ac_c" 1>&6 +echo "configure:1772: checking for Kerberos v5" >&5 + # Check whether --with-krb5 or --without-krb5 was given. +if test "${with_krb5+set}" = set; then + withval="$with_krb5" + case "$withval" in + yes|no) + krb5_with="" + ;; + *) + krb5_with="$withval" + ;; + esac + +fi + + + for dir in $krb5_with /usr/kerberos /usr/local /usr/local/krb5 /usr/krb5 \ + /usr/heimdal /usr/local/heimdal /usr/athena /usr ; do + K5CONFIG="" + if test -f $dir/bin/krb5-config; then + K5CONFIG=$dir/bin/krb5-config + elif test -f "/usr/kerberos/bin/krb5-config"; then + K5CONFIG="/usr/kerberos/bin/krb5-config" + fi + if test "$K5CONFIG" != ""; then + if test -f $dir/include/gssapi/gssapi_krb5.h -a \ + \( -f $dir/lib/libgssapi_krb5.a -o \ + -f $dir/lib/libgssapi_krb5.so \) ; then + cat >> confdefs.h <<\EOF +#define HAVE_KRB5 1 +EOF + + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | awk '{split($4,v,"."); print v[1]v[2]v[3] }'` + cat >> confdefs.h <> confdefs.h <<\EOF +#define USE_PRIVATE_KRB5_FUNCTIONS 1 +EOF + + fi + echo $ac_n "checking for gss_krb5_export_lucid_sec_context in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1818: checking for gss_krb5_export_lucid_sec_context in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_export_lucid_sec_context | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_LUCID_CONTEXT_SUPPORT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_set_allowable_enctypes in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1861: checking for gss_krb5_set_allowable_enctypes in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_set_allowable_enctypes | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SET_ALLOWABLE_ENCTYPES 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_ccache_name in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:1904: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_krb5_ccache_name | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_GSS_KRB5_CCACHE_NAME 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + break + elif test \( -f $dir/include/heim_err.h -o\ + -f $dir/include/heimdal/heim_err.h \) -a \ + -f $dir/lib/libroken.a; then + cat >> confdefs.h <<\EOF +#define HAVE_HEIMDAL 1 +EOF + + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | head -1 | awk '{split($2,v,"."); print v[1]v[2]v[3] }'` + cat >> confdefs.h <&6 +echo "configure:1962: checking for gss_krb5_export_lucid_sec_context in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_export_lucid_sec_context | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_LUCID_CONTEXT_SUPPORT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_set_allowable_enctypes in -lgssapi""... $ac_c" 1>&6 +echo "configure:2005: checking for gss_krb5_set_allowable_enctypes in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_set_allowable_enctypes | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SET_ALLOWABLE_ENCTYPES 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking for gss_krb5_ccache_name in -lgssapi""... $ac_c" 1>&6 +echo "configure:2048: checking for gss_krb5_ccache_name in -lgssapi" >&5 +ac_lib_var=`echo gssapi'_'gss_krb5_ccache_name | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi $KRBLIB $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_GSS_KRB5_CCACHE_NAME 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + break + fi + CFLAGS=$CFLAGS `K5CONFIG --cflags` + fi + done + if test "x$KRBDIR" = "x"; then + if test "x$krb5_with" = "x"; then + { echo "configure: error: Kerberos v5 with GSS support not found" 1>&2; exit 1; } + else + { echo "configure: error: Kerberos v5 with GSS support not found at $krb5_with" 1>&2; exit 1; } + fi + fi + echo "$ac_t""$KRBDIR" 1>&6 + if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then + echo "configure: warning: Using $KRBDIR instead of requested value of $krb5_with for Kerberos!" 1>&2 + fi + + + + +fi + for ac_func in innetgr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1549: checking for $ac_func" >&5 +echo "configure:2116: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1707,7 +2274,7 @@ done ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" -trap 'rm -fr `echo "config.mk nfs-utils.spec utils/Makefile support/include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +trap 'rm -fr `echo "config.mk utils/Makefile support/include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff -puN configure.in~CITI_NFS4_ALL configure.in --- nfs-utils-1.0.6/configure.in~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/configure.in 2004-10-27 18:02:50.000000000 -0400 @@ -39,6 +39,35 @@ AC_ARG_ENABLE(nfsv3, enable_nfsv3= fi AC_SUBST(enable_nfsv3) +AC_ARG_ENABLE(nfsv4, + [ --enable-nfsv4 enable support for NFSv4], + enable_nfsv4=$enableval, + enable_nfsv4=yes) + if test "$enable_nfsv4" = yes; then + AC_DEFINE(NFS4_SUPPORTED) + IDMAPD=idmapd + else + enable_nfsv4= + IDMAPD= + fi + AC_SUBST(IDMAPD) + AC_SUBST(enable_nfsv4) +AC_ARG_ENABLE(gss, + [ --enable-gss enable support for rpcsec_gss], + enable_gss=$enableval, + enable_gss=yes) + if test "$enable_gss" = yes; then + AC_DEFINE(GSS_SUPPORTED) + GSSD=gssd + SVCGSSD=svcgssd + else + enable_gss= + GSSD= + SVCGSSD= + fi + AC_SUBST(GSSD) + AC_SUBST(SVCGSSD) + AC_SUBST(enable_gss) AC_ARG_ENABLE(kprefix, [ --enable-kprefix install progs as rpc.knfsd etc], test "$enableval" = "yes" && kprefix=k, @@ -87,6 +116,12 @@ dnl ************************************ AC_CHECK_LIB(socket, main, [LIBSOCKET="-lnsl"]) AC_CHECK_LIB(nsl, main, [LIBNSL="-lnsl"]) AC_CHECK_LIB(crypt, crypt, [LIBCRYPT="-lcrypt"]) +if test "$enable_nfsv4" = yes; then + AC_CHECK_LIB(event, event_dispatch) + AC_CHECK_LIB(nfsidmap, nfs4_init_name_mapping) + AC_CHECK_HEADERS(event.h) + AC_CHECK_HEADERS(nfsidmap.h) +fi if test "$knfsd_cv_glibc2" = no; then AC_CHECK_LIB(bsd, daemon, [LIBBSD="-lbsd"]) fi @@ -98,6 +133,94 @@ AC_SUBST(LIBBSD) AC_TCP_WRAPPER AC_SUBST(LIBWRAP) +if test "$enable_gss" = yes; then + dnl Checks for Kerberos + dnl NOTE: while we intend to do generic gss-api, currently we + dnl have a requirement to get an initial Kerberos machine + dnl credential. Thus, the requirement for Kerberos. + dnl The Kerberos gssapi library will be dynamically loaded? + AC_MSG_CHECKING(for Kerberos v5) + AC_ARG_WITH(krb5, + [ --with-krb5=DIR use Kerberos v5 installation in DIR], + [ case "$withval" in + yes|no) + krb5_with="" + ;; + *) + krb5_with="$withval" + ;; + esac ] + ) + + for dir in $krb5_with /usr/kerberos /usr/local /usr/local/krb5 /usr/krb5 \ + /usr/heimdal /usr/local/heimdal /usr/athena /usr ; do + dnl This ugly hack brought on by the split installation of + dnl MIT Kerberos on Fedora Core 1 + K5CONFIG="" + if test -f $dir/bin/krb5-config; then + K5CONFIG=$dir/bin/krb5-config + elif test -f "/usr/kerberos/bin/krb5-config"; then + K5CONFIG="/usr/kerberos/bin/krb5-config" + fi + if test "$K5CONFIG" != ""; then + if test -f $dir/include/gssapi/gssapi_krb5.h -a \ + \( -f $dir/lib/libgssapi_krb5.a -o \ + -f $dir/lib/libgssapi_krb5.so \) ; then + AC_DEFINE(HAVE_KRB5) + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | awk '{split($4,v,"."); print v[[1]]v[[2]]v[[3]] }'` + AC_DEFINE_UNQUOTED(KRB5_VERSION,$K5VERS) + KRBLIB=`$K5CONFIG --libs gssapi` + if test $K5VERS -le 131; then + AC_DEFINE(USE_PRIVATE_KRB5_FUNCTIONS) + fi + AC_CHECK_LIB(gssapi_krb5, gss_krb5_export_lucid_sec_context, + AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT),,$KRBLIB) + AC_CHECK_LIB(gssapi_krb5, gss_krb5_set_allowable_enctypes, + AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES),,$KRBLIB) + AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, + AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME),,$KRBLIB) + break + dnl The following ugly hack brought on by the split installation + dnl of Heimdal Kerberos on SuSe + elif test \( -f $dir/include/heim_err.h -o\ + -f $dir/include/heimdal/heim_err.h \) -a \ + -f $dir/lib/libroken.a; then + AC_DEFINE(HAVE_HEIMDAL) + KRBDIR="$dir" + K5VERS=`$K5CONFIG --version | head -1 | awk '{split($2,v,"."); print v[[1]]v[[2]]v[[3]] }'` + AC_DEFINE_UNQUOTED(KRB5_VERSION,$K5VERS) + KRBLIB=`$K5CONFIG --libs gssapi` + AC_CHECK_LIB(gssapi, gss_krb5_export_lucid_sec_context, + AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT),,$KRBLIB) + AC_CHECK_LIB(gssapi, gss_krb5_set_allowable_enctypes, + AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES),,$KRBLIB) + AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, + AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME),,$KRBLIB) + break + fi + CFLAGS=$CFLAGS `K5CONFIG --cflags` + fi + done + dnl We didn't find a usable Kerberos environment + if test "x$KRBDIR" = "x"; then + if test "x$krb5_with" = "x"; then + AC_MSG_ERROR(Kerberos v5 with GSS support not found) + else + AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with) + fi + fi + AC_MSG_RESULT($KRBDIR) + dnl If they specified a directory and it didn't work, give them a warning + if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then + AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) + fi + + AC_SUBST([KRBDIR]) + AC_SUBST([KRBLIB]) + AC_SUBST([K5VERS]) +fi + dnl ************************************************************* dnl Check for headers dnl ************************************************************* @@ -116,4 +239,4 @@ AC_DEFINE_UNQUOTED(NFS_STATEDIR, "$state AC_SUBST(LDFLAGS) AC_SUBST(CXXFLAGS) AC_SUBST(CFLAGS) -AC_OUTPUT(config.mk nfs-utils.spec utils/Makefile) +AC_OUTPUT(config.mk utils/Makefile) diff -puN debian/changelog~CITI_NFS4_ALL debian/changelog --- nfs-utils-1.0.6/debian/changelog~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/changelog 2004-10-27 18:02:50.000000000 -0400 @@ -1,3 +1,53 @@ +nfs-utils (1:1.0.6.nfsv4-5) unstable; urgency=low + + * Fix gssd hang that would happen after a downcall failure (e.g. because + a user without credentials attempted a filesystem operation). + + -- J. Bruce Fields Wed, 27 Oct 2004 17:52:50 -0400 + +nfs-utils (1:1.0.6.nfsv4-4) unstable; urgency=low + + * Miscellaneous bugfixes + * Get default domain from libnfsidmapd instead of from config file + + -- J. Bruce Fields Sun, 17 Oct 2004 15:57:13 -0400 + +nfs-utils (1:1.0.6.nfsv4-3) unstable; urgency=low + * Change version to .nfsv4 + * Move idmapd and gssd into nfs-common + * Add build dependency on libevent-dev + + -- Trond Myklebust Wed, 1 Sep 2004 15:52:20 -0400 + +nfs-utils (2:1.0.6-3) unstable; urgency=low + + * Add nfsv4 and rpcsec_gss support. + + -- J. Bruce Fields Tue, 13 Jul 2004 17:33:25 -0500 + +nfs-utils (1:1.0.6-3) unstable; urgency=medium + + * Remove obsolete debconf-related files in debian/rules, because source + diffs don't implement removals. (closes: #239331) + + -- Chip Salzenberg Wed, 24 Mar 2004 18:09:21 -0500 + +nfs-utils (1:1.0.6-2) unstable; urgency=medium + + * Upstream CVS sync. + * Urgency "medium" to get debconf fix into testing. + * Remove debconf warning notes in favor of nfs-kernel-server.NEWS. + (closes: #228365) + * Make /etc/exports a conffile. (closes: #224557) + * Clean up /var/lib/nfs in postrm. + * Test kernel version in init script; all kernels from 2.4 forward + have a lockd thread, and don't need rpc.lockd. Probe older kernels + by checking for lockd-related symbols. When in doubt, go ahead and + run rpc.lockd; if it's not needed, it exits. (closes: #205867) + * Don't bother removing nfs-server's init links; it's long dead. + + -- Chip Salzenberg Thu, 18 Mar 2004 17:06:00 -0500 + nfs-utils (1:1.0.6-1) unstable; urgency=low * New upstream version: diff -puN debian/control~CITI_NFS4_ALL debian/control --- nfs-utils-1.0.6/debian/control~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/control 2004-10-27 18:02:49.000000000 -0400 @@ -2,7 +2,7 @@ Source: nfs-utils Priority: standard Section: net Maintainer: Chip Salzenberg -Build-Depends: debhelper (>= 4.1.16), libwrap0-dev +Build-Depends: debhelper (>= 4.1.16), libwrap0-dev, libevent-dev, libnfsidmap-dev, libkrb5-dev Standards-Version: 3.1.1.1 Package: nfs-kernel-server diff -puN /dev/null debian/etc.exports --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/etc.exports 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,2 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). diff -L debian/gssapi_mech.conf -puN /dev/null /dev/null diff -puN /dev/null debian/idmapd.conf --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/idmapd.conf 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,10 @@ +[General] + +Verbosity = 0 +Pipefs-Directory = /var/lib/nfs/rpc_pipefs +Domain = localdomain + +[Mapping] + +Nobody-User = nobody +Nobody-Group = nogroup diff -puN debian/nfs-common.conffiles~CITI_NFS4_ALL debian/nfs-common.conffiles --- nfs-utils-1.0.6/debian/nfs-common.conffiles~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.conffiles 2004-10-27 18:02:50.000000000 -0400 @@ -1,2 +1,3 @@ /etc/default/nfs-common /etc/init.d/nfs-common +/etc/idmapd.conf diff -L debian/nfs-common.config -puN debian/nfs-common.config~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/debian/nfs-common.config +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,10 +0,0 @@ -#!/bin/sh -e - -. /usr/share/debconf/confmodule - -if egrep -q 'ALL|[0-9]\.' /etc/hosts.deny -then - db_input high nfs-common/tcpwrappers-statd || true -fi - -db_go diff -puN debian/nfs-common.default~CITI_NFS4_ALL debian/nfs-common.default --- nfs-utils-1.0.6/debian/nfs-common.default~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.default 2004-10-27 18:02:49.000000000 -0400 @@ -6,3 +6,11 @@ STATDOPTS= # Are you _sure_ that your kernel does or does not need a lockd daemon? # If so, set this variable to either "yes" or "no". NEED_LOCKD= + +# If you are not using NFSv4 and wish to disable the idmapd daemon +# then uncomment the following line +# NEED_IDMAPD=no + +# If you are not running NFS with RPCSEC_GSS security, and wish to +# disable the gssd client daemon then uncomment the following line +# NEED_GSSD=no diff -puN debian/nfs-common.files~CITI_NFS4_ALL debian/nfs-common.files --- nfs-utils-1.0.6/debian/nfs-common.files~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.files 2004-10-27 18:02:49.000000000 -0400 @@ -1,4 +1,6 @@ usr/sbin/nfsstat +usr/sbin/rpc.gssd +usr/sbin/rpc.idmapd usr/share/man/man8/*lockd* usr/share/man/man8/*statd* usr/share/man/man8/nfsstat* diff -puN debian/nfs-common.init~CITI_NFS4_ALL debian/nfs-common.init --- nfs-utils-1.0.6/debian/nfs-common.init~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.init 2004-10-27 18:02:49.000000000 -0400 @@ -18,26 +18,60 @@ DESC="NFS common utilities" DEFAULTFILE=/etc/default/nfs-common PREFIX= NEED_LOCKD= +NEED_IDMAPD=yes +IDMAPD_PIDFILE=/var/run/rpc.idmapd.pid +NEED_GSSD=yes +GSSD_PIDFILE=/var/run/rpc.gssd.pid +PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs +RPCGSSDOPTS= if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi -# Determine whether lockd is required +# Determine whether lockd daemon is required. case "$NEED_LOCKD" in yes|no) ;; -*) # We must be conservative and run lockd, - # unless we can prove that it's not required. - NEED_LOCKD=yes - if test -f /proc/ksyms - then - grep -q lockdctl /proc/ksyms || NEED_LOCKD=no - fi +*) case `uname -r` in + '' | [01].* | 2.[0123].* ) + # Older kernels may or may not need a lockd daemon. + # We must assume they do, unless we can prove otherwise. + # (A false positive here results only in a harmless message.) + NEED_LOCKD=yes + if test -f /proc/ksyms + then + grep -q lockdctl /proc/ksyms || NEED_LOCKD=no + fi + ;; + + *) # Modern kernels (>= 2.4) start a lockd thread automatically. + NEED_LOCKD=no + ;; + esac ;; esac # Exit if required binaries are missing. [ -x $PREFIX/sbin/rpc.statd ] || exit 0 [ -x $PREFIX/sbin/rpc.lockd ] || [ "$NEED_LOCKD" = no ] || exit 0 +[ -x /usr/sbin/rpc.idmapd ] || [ "$NEED_IDMAPD" = no ] || exit 0 +[ -x /usr/sbin/rpc.gssd ] || [ "$NEED_GSSD" = no ] || exit 0 + +do_modprobe() { + modprobe -q $1 || true +} + +do_mount() { + if ! grep -E -qs "$1\$" /proc/filesystems + then + return 1 + fi + if ! mountpoint -q $2 + then + mount -t $1 $3 $1 $2 + return + fi + return 0 +} # See how we were called. case "$1" in @@ -53,11 +87,46 @@ case "$1" in start-stop-daemon --start --quiet \ --exec $PREFIX/sbin/rpc.lockd || true fi + if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ] + then + do_modprobe nfs + if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT; + then + if [ "$NEED_IDMAPD" = yes ] + then + printf " idmapd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile $IDMAPD_PIDFILE \ + --exec /usr/sbin/rpc.idmapd + fi + if [ "$NEED_GSSD" = yes ] + then + printf " gssd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile $GSSD_PIDFILE \ + --exec /usr/sbin/rpc.gssd -- $RPCGSSDOPTS + fi + fi + fi echo "." ;; stop) printf "Stopping $DESC:" + if [ "$NEED_GSSD" = yes ] + then + printf " gssd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.gssd --user 0 + rm -f $GSSD_PIDFILE + fi + if [ "$NEED_IDMAPD" = yes ] + then + printf " idmapd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.idmapd --user 0 + rm -f $IDMAPD_PIDFILE + fi if [ "$NEED_LOCKD" = yes ] then printf " lockd" diff -puN /dev/null debian/nfs-common.install --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.install 2004-10-27 18:02:50.000000000 -0400 @@ -0,0 +1 @@ +debian/idmapd.conf etc diff -puN debian/nfs-common.postinst~CITI_NFS4_ALL debian/nfs-common.postinst --- nfs-utils-1.0.6/debian/nfs-common.postinst~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.postinst 2004-10-27 18:02:49.000000000 -0400 @@ -12,6 +12,13 @@ case "$1" in update-rc.d -f nfs-common remove >/dev/null 2>&1 || true fi update-rc.d nfs-common defaults 21 79 >/dev/null + + # Remove obsolete debconf questions + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_unregister nfs-common/tcpwrappers-statd || true + db_stop + fi ;; esac diff -puN debian/nfs-common.postrm~CITI_NFS4_ALL debian/nfs-common.postrm --- nfs-utils-1.0.6/debian/nfs-common.postrm~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-common.postrm 2004-10-27 18:02:49.000000000 -0400 @@ -5,5 +5,9 @@ case "$1" in purge) update-rc.d nfs-common remove >/dev/null + + rm -f /var/lib/nfs/state \ + /var/lib/nfs/sm/* \ + /var/lib/nfs/sm.bak/* ;; esac diff -L debian/nfs-common.templates -puN debian/nfs-common.templates~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/debian/nfs-common.templates +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,5 +0,0 @@ -Template: nfs-common/tcpwrappers-statd -Type: note -_Description: statd uses tcpwrappers - The statd daemon uses tcpwrappers to control access. To configure it, use - program name "statd" in /etc/hosts.allow and /etc/hosts.deny. diff -puN debian/nfs-kernel-server.conffiles~CITI_NFS4_ALL debian/nfs-kernel-server.conffiles --- nfs-utils-1.0.6/debian/nfs-kernel-server.conffiles~CITI_NFS4_ALL 2004-10-27 18:02:43.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.conffiles 2004-10-27 18:02:49.000000000 -0400 @@ -1,2 +1,3 @@ +/etc/exports /etc/default/nfs-kernel-server /etc/init.d/nfs-kernel-server diff -L debian/nfs-kernel-server.config -puN debian/nfs-kernel-server.config~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/debian/nfs-kernel-server.config +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,15 +0,0 @@ -#!/bin/sh -e - -. /usr/share/debconf/confmodule - -if grep -s '^/' /etc/exports | grep -vq sync -then - db_input high nfs-kernel-server/sync-default || true -fi - -if fgrep -q 'rpc' /etc/hosts.allow /etc/hosts.deny -then - db_input high nfs-kernel-server/tcpwrappers-mountd || true -fi - -db_go diff -puN debian/nfs-kernel-server.init~CITI_NFS4_ALL debian/nfs-kernel-server.init --- nfs-utils-1.0.6/debian/nfs-kernel-server.init~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.init 2004-10-27 18:02:49.000000000 -0400 @@ -20,26 +20,58 @@ PREFIX=/usr [ -x $PREFIX/sbin/rpc.nfsd ] || exit 0 [ -x $PREFIX/sbin/rpc.mountd ] || exit 0 [ -x $PREFIX/sbin/exportfs ] || exit 0 +[ -x $PREFIX/sbin/rpc.svcgssd ] || exit 0 # Read config DEFAULTFILE=/etc/default/nfs-kernel-server RPCNFSDCOUNT=8 RPCMOUNTDOPTS= +NEED_SVCGSSD=yes +RPCGSSDOPTS= +RPCSVCGSSDOPTS= +PROCNFSD_MOUNTPOINT=/proc/fs/nfsd if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi +do_modprobe() { + modprobe -q $1 || true +} + +do_mount() { + if ! grep -E -qs "$1\$" /proc/filesystems + then + return 1 + fi + if ! mountpoint -q $2 + then + mount -t $1 $3 $1 $2 + return + fi + return 0 +} + # See how we were called. case "$1" in start) cd / # daemons should have root dir as cwd if grep -q '^/' /etc/exports then + do_modprobe nfsd + do_mount nfsd $PROCNFSD_MOUNTPOINT || NEED_SVCGSSD=no printf "Exporting directories for $DESC..." $PREFIX/sbin/exportfs -r echo "done." printf "Starting $DESC:" + if [ "$NEED_SVCGSSD" = yes ] + then + printf " svcgssd" + start-stop-daemon --start --quiet \ + --make-pidfile --pidfile /var/run/rpc.svcgssd.pid \ + --exec $PREFIX/sbin/rpc.svcgssd -- $RPCSVCGSSDOPTS + fi + printf " nfsd" start-stop-daemon --start --quiet \ --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT @@ -73,6 +105,13 @@ case "$1" in printf "Stopping $DESC: mountd" start-stop-daemon --stop --oknodo --quiet \ --name rpc.mountd --user 0 + if [ "$NEED_SVCGSSD" = yes ] + then + printf " svcgssd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.svcgssd --user 0 + rm -f /var/run/rpc.svcgssd.pid + fi printf " nfsd" start-stop-daemon --stop --oknodo --quiet \ --name nfsd --user 0 --signal 2 diff -puN /dev/null debian/nfs-kernel-server.NEWS --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.NEWS 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,8 @@ +nfs-utils (1:1.0.1-1) unstable; urgency=low + + * Exports default to "sync", that is, synchronous writes. + This is safer but MUCH SLOWER than the old default of "async". + All exports should be marked as either "sync" or "async" to + avoid a warning from exportfs. + + -- Chip Salzenberg Mon, 26 Aug 2002 12:17:57 -0400 diff -puN debian/nfs-kernel-server.postinst~CITI_NFS4_ALL debian/nfs-kernel-server.postinst --- nfs-utils-1.0.6/debian/nfs-kernel-server.postinst~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.postinst 2004-10-27 18:02:49.000000000 -0400 @@ -2,36 +2,26 @@ #DEBHELPER# -. /usr/share/debconf/confmodule - case "$1" in configure) - db_get nfs-kernel-server/tcpwrappers-mountd || true + for f in /var/lib/nfs/etab \ + /var/lib/nfs/rmtab \ + /var/lib/nfs/xtab; do + [ -e $f ] || touch $f + done - touch /var/lib/nfs/etab \ - /var/lib/nfs/rmtab \ - /var/lib/nfs/xtab + update-rc.d nfs-kernel-server defaults 20 80 >/dev/null - if test -s /etc/exports - then - : do nothing - else - cat </etc/exports -# /etc/exports: the access control list for filesystems which may be exported -# to NFS clients. See exports(5). -EOF + # Remove obsolete debconf questions + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_unregister nfs-kernel-server/sync-default || true + db_unregister nfs-kernel-server/tcpwrappers-mountd || true + db_stop fi - - # The old nfs-server's init script can't tell that it's been - # removed, so we have to kill the symlinks to it. - update-rc.d -f nfs-server remove >/dev/null - - update-rc.d nfs-kernel-server defaults 20 80 >/dev/null ;; esac -db_stop - act="restart" [ "$1:$2" = "configure:" ] && act="start" invoke-rc.d nfs-kernel-server $act diff -puN debian/nfs-kernel-server.postrm~CITI_NFS4_ALL debian/nfs-kernel-server.postrm --- nfs-utils-1.0.6/debian/nfs-kernel-server.postrm~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/nfs-kernel-server.postrm 2004-10-27 18:02:49.000000000 -0400 @@ -5,6 +5,10 @@ case "$1" in purge) update-rc.d nfs-kernel-server remove >/dev/null + + rm -f /var/lib/nfs/etab \ + /var/lib/nfs/rmtab \ + /var/lib/nfs/xtab ;; esac diff -L debian/nfs-kernel-server.templates -puN debian/nfs-kernel-server.templates~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/debian/nfs-kernel-server.templates +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,17 +0,0 @@ -Template: nfs-kernel-server/sync-default -Type: note -_Description: NFS server defaults to synchronous writes - To comply with standards and increase data safety, the Linux NFS server - now defaults to synchronous writes. Since this is a major change, it is - not silent: All exports should be explicitly marked as either "sync" or - "async". Exports not so marked will elicit warnings. - -Template: nfs-kernel-server/tcpwrappers-mountd -Type: note -_Description: in /etc/hosts.{allow,deny}, replace "rpc.mountd" with "mountd" - The mount daemon uses tcpwrappers to control access. To configure it, use - program name "mountd" in /etc/hosts.allow and /etc/hosts.deny. - . - Older versions of nfs-kernel-server included a mount daemon that called - itself "rpc.mountd". Therefore, you should replace all occurrences of - "rpc.mountd" with "mountd" in /etc/hosts.allow and /etc/hosts.deny. diff -puN debian/rules~CITI_NFS4_ALL debian/rules --- nfs-utils-1.0.6/debian/rules~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/debian/rules 2004-10-27 18:02:49.000000000 -0400 @@ -13,6 +13,13 @@ DEBTMP := $(shell pwd)/debian/tmp build: build-stamp build-stamp: + # Debian source diffs don't reflect removals. + # This kludge will suffice until the next upstream version. *sigh* + rm -f debian/nfs-common.config \ + debian/nfs-common.templates \ + debian/nfs-kernel-server.config \ + debian/nfs-kernel-server.templates + dh_testdir # Add here commands to compile the package. $(SETGCC) ./configure \ @@ -39,6 +46,7 @@ binary-arch: build dh_testroot dh_clean -k dh_installdirs + dh_install # Add here commands to install the files into debian/tmp $(MAKE) install_prefix='$(DEBTMP)' install dh_movefiles @@ -51,7 +59,8 @@ binary-arch: build done; \ rm -f tmp/usr/sbin/*quota*; \ rm -f tmp/usr/share/man/man8/*quota*; \ - rm -rf tmp/var/lib/nfs/* + rm -rf tmp/var/lib/nfs/*; \ + cp --preserve=timestamps etc.exports tmp/etc/exports # Fixups End Here # dh_installdocs -A README dh_installexamples diff -L etc/nodist/nfs-server -puN etc/nodist/nfs-server~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/etc/nodist/nfs-server +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,129 +0,0 @@ -#!/bin/sh -# nfs This shell script starts and stops the nfs services in a distribution -# independent fashion. -# -# description: starts and stops nfs server services -# chkconfig: 2345 60 20 -# -# Copyright (c) 2000-2001 Mission Critical Linux, Inc. -# - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -export PATH - -# Who am I? -SCRIPT_NAME=`basename $0` - -# Grab our daemon functions. -. `dirname $0`/nfs-functions - -# Kernel daemons and options -PREFIX="rpc." # Prefix for kernel execs (usually "rpc.") -NFSD="nfsd" # Kernel NFS Server -RPCNFSDCOUNT="8" # Number of nfsd threads - -# User daemons and options -RQUOTAD="rpc.rquotad" # Remote quota server -MOUNTD="rpc.mountd" # Mount server -RPCMOUNTDOPTS="" # options for rpc.mountd -EXPORTFS="exportfs" # Exportfs command - -SCRIPT_NAME=`basename $0` -DESC="NFS kernel daemon" - -# We use "type -path" instead of "which" since it's internal to bash. -[ -x "`type -path $PREFIX$NFSD`" ] || exit 0 -[ -x "`type -path $MOUNTD`" ] || exit 0 - -# Also make sure we have our exportfs command. -[ -x "`type -path $EXPORTFS`" ] || exit 0 -[ -s /etc/exports ] || exit 0 - -# rquotad is not required for NFS to work, however. -# Unset if it is not present. -[ -x "`type -path $RQUOTAD`" ] || unset RQUOTAD - -# Handle how we were called. -case "$1" in -start) - echo -n "Exporting directories for $DESC..." - $EXPORTFS -r - echo "done." - - echo -n "Starting $NFSD: " - startdaemon $PREFIX$NFSD $RPCNFSDCOUNT - - # Disable NFSv3 on mountd if we don't have NFSv3 - ClearAddr= - if [ -f /proc/net/rpc/auth.unix.ip/channel ] ; then - if grep -s 127.0.0.1 /proc/net/rpc/auth.unix.ip/content > /dev/null ; then - : address already known - else - echo nfsd 127.0.0.1 2147483647 localhost > /proc/net/rpc/auth.unix.ip/channel - ClearAddr= - fi - fi - rpcinfo -u localhost nfs 3 &>/dev/null - if [ "$?" != "0" ] - then - RPCMOUNTDOPTS="$RPCMOUNTDOPTS --no-nfs-version 3" - fi - if [ -n "$ClearAddr" ]; then - echo nfsd 127.0.0.1 1 > /proc/net/rpc/auth.unix.ip/channel - fi - - echo -n "Starting $MOUNTD: " - startdaemon $MOUNTD $RPCMOUNTDOPTS - - # Start rquotad if it is set - if [ -n "$RQUOTAD" ] - then - echo -n "Starting $RQUOTAD: " - startdaemon $RQUOTAD - fi - - # if this lock file doesn't exist, init won't even try to run - # the shutdown script for this service on RedHat systems! - # on non-RedHat systems, /var/lock/subsys may not exist. - touch /var/lock/subsys/$SCRIPT_NAME &> /dev/null - ;; - -stop) - for process in $RQUOTAD $MOUNTD $NFSD - do - echo -n "Stopping $process: " - stopdaemon $process - done - - echo "Unexporting directories for $DESC..." - $EXPORTFS -au - rm -f /var/lock/subsys/$SCRIPT_NAME - echo "done." - ;; - -restart) - $0 stop - $0 start - ;; - -reload) - # Update exports - echo "Re-exporting directories for $DESC..." - $EXPORTFS -r - touch /var/lock/subsys/$SCRIPT_NAME &> /dev/null - echo "done." - ;; - -status) - # First, check status of userland daemons - for process in $RQUOTAD $MOUNTD $NFSD - do - daemonstatus $process - done - exit 0 - ;; - -*) - echo "Usage: $0 {start|stop|status|restart|reload}" - exit 1 -esac diff -L etc/redhat/nfs -puN etc/redhat/nfs~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/etc/redhat/nfs +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,31 +0,0 @@ -# For more information on nfs tuning, please see the NFS-HOWTO -# http://nfs.sourceforge.net/nfs-howto/ - -# Pass any additional options for mountd. -# MOUNTD_OPTIONS= - -# Pin mountd to a given port rather than random one from portmapper -# MOUNTD_PORT= - -# Don't advertise TCP for mount. -# MOUNTD_TCP=no - -# NFS V3 -# MOUNTD_NFS_V3=auto|yes|no - -# NFS V2 -# MOUNTD_NFS_V2=auto|yes|no - -# The number of open file descriptors -# MOUNTD_OPEN_FILES=128 - -# Pass the number of instances of nfsd (8 is default; 16 or more -# might be needed to handle heavy client traffic) -# NFSDCOUNT=8 - -# Increase the memory limits on the socket input queues for -# the nfs processes .. NFS benchmark SPECsfs demonstrate a -# need for a larger than default size (64kb) .. setting -# TUNE_QUEUE to yes will set the values to 256kb. -# TUNE_QUEUE="yes" -# NFS_QS=262144 diff -L etc/redhat/nfs.init -puN etc/redhat/nfs.init~CITI_NFS4_ALL /dev/null --- nfs-utils-1.0.6/etc/redhat/nfs.init +++ /dev/null 2004-08-19 17:44:20.000000000 -0400 @@ -1,182 +0,0 @@ -#!/bin/sh -# -# nfs This shell script takes care of starting and stopping -# the NFS services. -# -# chkconfig: - 60 20 -# description: NFS is a popular protocol for file sharing across TCP/IP \ -# networks. This service provides NFS server functionality, \ -# which is configured via the /etc/exports file. -# probe: true -# config: /etc/sysconfig/nfs - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -if [ ! -f /etc/sysconfig/network ]; then - exit 0 -fi - -. /etc/sysconfig/network - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -[ -x /usr/sbin/rpc.nfsd ] || exit 0 -[ -x /usr/sbin/rpc.mountd ] || exit 0 -[ -x /usr/sbin/exportfs ] || exit 0 -[ -s /etc/exports ] || exit 0 - -# Check for and source configuration file otherwise set defaults -# TUNE_QUEUE: controls whether to up the size of input queues -[ -f /etc/sysconfig/nfs ] && . /etc/sysconfig/nfs - -[ -z "$MOUNTD_NFS_V2" ] && MOUNTD_NFS_V2=auto -[ -z "$MOUNTD_NFS_V3" ] && MOUNTD_NFS_V3=auto - -# Number of servers to be started by default -[ -z "$NFSDCOUNT" ] && NFSDCOUNT=8 - -# Remote quota server -[ -z "$RQUOTAD" ] && RQUOTAD=`type -path rpc.rquotad` - -# Get the initial values for the input sock queues -# at the time of running the script. -if [ "$TUNE_QUEUE" = "yes" ]; then - RMEM_DEFAULT=`/sbin/sysctl -n net.core.rmem_default` - RMEM_MAX=`/sbin/sysctl -n net.core.rmem_max` - # 256kb recommended minimum size based on SPECsfs NFS benchmarks - [ -z "$NFS_QS" ] && NFS_QS=262144 -fi - -# See how we were called. -case "$1" in - start) - # Start daemons. - # Apply input queue increase for nfs server - if [ "$TUNE_QUEUE" = "yes" ]; then - /sbin/sysctl -w net.core.rmem_default=$NFSD_QS >/dev/null 2>&1 - /sbin/sysctl -w net.core.rmem_max=$NFSD_QS >/dev/null 2>&1 - fi - action "Starting NFS services: " /usr/sbin/exportfs -r - if [ -n "$RQUOTAD" -a "$RQUOTAD" != "no" ]; then - echo -n "Starting NFS quotas: " - daemon rpc.rquotad - echo - fi - echo -n "Starting NFS daemon: " - daemon rpc.nfsd $NFSDCOUNT - echo - - [ -n "$MOUNTD_PORT" ] \ - && MOUNTD_OPTIONS="$MOUNTD_OPTIONS -p $MOUNTD_PORT" - [ "$MOUNTD_TCP" = "no" -o "$MOUNTD_TCP" = "NO" ] \ - && MOUNTD_OPTIONS="$MOUNTD_OPTIONS --no-tcp" - - case $MOUNTD_NFS_V2 in - auto|AUTO) - # Let's see if we support NFS version 2. - ClearAddr= - if [ -f /proc/net/rpc/auth.unix.ip/channel ] ; then - if grep -s 127.0.0.1 /proc/net/rpc/auth.unix.ip/content > /dev/null ; then - : address already known - else - echo nfsd 127.0.0.1 2147483647 localhost > /proc/net/rpc/auth.unix.ip/channel - ClearAddr=yes - fi - fi - /usr/sbin/rpcinfo -u localhost nfs 2 &>/dev/null - if [ $? -ne 0 ]; then - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --no-nfs-version 2" - fi - if [ -n "$ClearAddr" ]; then - echo nfsd 127.0.0.1 1 > /proc/net/rpc/auth.unix.ip/channel - fi - ;; - no|NO) - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --no-nfs-version 2" - ;; - yes|YES) - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --nfs-version 2" - ;; - esac - - case $MOUNTD_NFS_V3 in - auto|AUTO) - # Let's see if we support NFS version 3. - /usr/sbin/rpcinfo -u localhost nfs 3 &>/dev/null - if [ $? -ne 0 ]; then - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --no-nfs-version 3" - fi - ;; - no|NO) - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --no-nfs-version 3" - ;; - yes|YES) - MOUNTD_OPTIONS="$MOUNTD_OPTIONS --nfs-version 3" - ;; - esac - - echo -n "Starting NFS mountd: " - daemon rpc.mountd $MOUNTD_OPTIONS - echo - touch /var/lock/subsys/nfs - # reset input queue for rest of network services - if [ "$TUNE_QUEUE" = "yes" ]; then - /sbin/sysctl -w net.core.rmem_default=$RMEM_DEFAULT >/dev/null 2>&1 - /sbin/sysctl -w net.core.rmem_max=$RMEM_MAX >/dev/null 2>&1 - fi - ;; - stop) - # Stop daemons. - echo -n "Shutting down NFS mountd: " - killproc rpc.mountd - echo - echo -n "Shutting down NFS daemon: " - killproc nfsd - echo - if [ -n "$RQUOTAD" ]; then - echo -n "Shutting down NFS quotas: " - killproc rpc.rquotad - echo - fi - # Do it the last so that clients can still access the server - # when the server is running. - action "Shutting down NFS services: " /usr/sbin/exportfs -au - rm -f /var/lock/subsys/nfs - ;; - status) - status rpc.mountd - status nfsd - if [ -n "$RQUOTAD" ]; then - status rpc.rquotad - fi - ;; - restart) - $0 stop - $0 start - ;; - reload) - /usr/sbin/exportfs -r - touch /var/lock/subsys/nfs - ;; - probe) - if [ ! -f /var/lock/subsys/nfs ] ; then - echo start; exit 0 - fi - /sbin/pidof rpc.mountd >/dev/null 2>&1; MOUNTD="$?" - /sbin/pidof nfsd >/dev/null 2>&1; NFSD="$?" - if [ $MOUNTD = 1 -o $NFSD = 1 ] ; then - echo restart; exit 0 - fi - if [ /etc/exports -nt /var/lock/subsys/nfs ] ; then - echo reload; exit 0 - fi - ;; - *) - echo "Usage: nfs {start|stop|status|restart|reload}" - exit 1 -esac - -exit 0 diff -L etc/redhat/rpcidmapd.init -puN /dev/null /dev/null diff -puN support/export/client.c~CITI_NFS4_ALL support/export/client.c --- nfs-utils-1.0.6/support/export/client.c~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/export/client.c 2004-10-27 18:02:49.000000000 -0400 @@ -392,6 +392,8 @@ client_check(nfs_client *clp, struct hos #endif case MCL_ANONYMOUS: return 1; + case MCL_GSS: + return 0; default: xlog(L_FATAL, "internal: bad client type %d", clp->m_type); } @@ -425,6 +427,8 @@ client_gettype(char *ident) if (ident[0] == '\0' || strcmp(ident, "*")==0) return MCL_ANONYMOUS; + if (strncmp(ident, "gss/", 4) == 0) + return MCL_GSS; if (ident[0] == '@') { #ifndef HAVE_INNETGR xlog(L_WARNING, "netgroup support not compiled in"); diff -puN support/export/nfsctl.c~CITI_NFS4_ALL support/export/nfsctl.c --- nfs-utils-1.0.6/support/export/nfsctl.c~CITI_NFS4_ALL 2004-10-27 18:02:44.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/export/nfsctl.c 2004-10-27 18:02:49.000000000 -0400 @@ -27,7 +27,7 @@ export_export(nfs_export *exp) struct nfsctl_export exparg; struct nfsctl_client cltarg; - if (!clp->m_exported) { + if (!clp->m_exported && (clp->m_type != MCL_GSS)) { if (!cltsetup(&cltarg, clp)) return 0; if (nfsaddclient(&cltarg) < 0) diff -puN /dev/null support/gssapi/g_accept_sec_context.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_accept_sec_context.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,213 @@ +/* #ident "@(#)gss_accept_sec_context.c 1.19 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_accept_sec_context + */ + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gss_accept_sec_context (minor_status, + context_handle, + verifier_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle) + +OM_uint32 * minor_status; +gss_ctx_id_t * context_handle; +gss_cred_id_t verifier_cred_handle; +gss_buffer_t input_token_buffer; +gss_channel_bindings_t input_chan_bindings; +gss_name_t * src_name; +gss_OID * mech_type; +gss_buffer_t output_token; +OM_uint32 * ret_flags; +OM_uint32 * time_rec; +gss_cred_id_t * delegated_cred_handle; + +{ + OM_uint32 status, temp_status, temp_minor_status; + gss_union_ctx_id_t union_ctx_id; + gss_union_cred_t union_cred; + gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL; + gss_name_t internal_name; + gss_OID_desc token_mech_type_desc; + gss_OID token_mech_type = &token_mech_type_desc; + gss_mechanism mech; + + gss_initialize(); + + if (context_handle == NULL) + return GSS_S_NO_CONTEXT; + + /* + * if context_handle is GSS_C_NO_CONTEXT, allocate a union context + * descriptor to hold the mech type information as well as the + * underlying mechanism context handle. Otherwise, cast the + * value of *context_handle to the union context variable. + */ + + if(*context_handle == GSS_C_NO_CONTEXT) { + + /* Get the token mech type */ + status = __gss_get_mech_type(token_mech_type, input_token_buffer); + if (status) + return status; + + status = GSS_S_FAILURE; + union_ctx_id = (gss_union_ctx_id_t) + malloc(sizeof(gss_union_ctx_id_desc)); + if (!union_ctx_id) { + *minor_status = ENOMEM; + goto error_out; + } + + union_ctx_id->mech_type = (gss_OID) malloc(sizeof(gss_OID_desc)); + if (!union_ctx_id->mech_type) { + *minor_status = ENOMEM; + goto error_out; + } + + union_ctx_id->mech_type->elements = (void *) + malloc(token_mech_type->length); + if (!union_ctx_id->mech_type->elements) { + *minor_status = ENOMEM; + goto error_out; + } + + union_ctx_id->mech_type->length = token_mech_type->length; + memcpy(union_ctx_id->mech_type->elements, + token_mech_type->elements, + token_mech_type->length); + + /* copy the supplied context handle */ + + union_ctx_id->internal_ctx_id = *context_handle; + } else { + union_ctx_id = *context_handle; + token_mech_type = union_ctx_id->mech_type; + } + + /* + * get the appropriate cred handle from the union cred struct. + * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will + * use the default credential. + */ + union_cred = (gss_union_cred_t) verifier_cred_handle; + input_cred_handle = __gss_get_mechanism_cred(union_cred, token_mech_type); + + /* + * now select the approprate underlying mechanism routine and + * call it. + */ + + mech = __gss_get_mechanism (token_mech_type); + if (mech && mech->gss_accept_sec_context) { + + status = mech->gss_accept_sec_context( +#ifdef USE_MECH_CONTEXT + mech->context, +#endif + minor_status, + &union_ctx_id->internal_ctx_id, + input_cred_handle, + input_token_buffer, + input_chan_bindings, + &internal_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + + /* If there's more work to do, keep going... */ + if (status == GSS_S_CONTINUE_NEEDED) + return GSS_S_CONTINUE_NEEDED; + + /* if the call failed, return with failure */ + if (status != GSS_S_COMPLETE) + goto error_out; + + /* + * if src_name is non-NULL, + * convert internal_name into a union name equivalent + * First call the mechanism specific display_name() + * then call gss_import_name() to create + * the union name struct cast to src_name + */ +#if 0 + /* ANDROS: src_name is never null, it is a ptr from the gss_accept_sec_context + * caller. internal_name may or may not be set by the mechanism. so, don't + * call __gss_convert_name_to_union_name which sets the src_name + * unless the internal name is set + * by the above mech->gss_accept_sec_context. + */ + if (internal_name != NULL && status == GSS_S_COMPLETE) { +#else + if (src_name != NULL && status == GSS_S_COMPLETE) { +#endif + temp_status = __gss_convert_name_to_union_name( + &temp_minor_status, mech, internal_name, src_name); + if (temp_status != GSS_S_COMPLETE) { + if (minor_status) + *minor_status = temp_minor_status; + gss_release_buffer(&temp_minor_status, output_token); + __gss_release_internal_name(&temp_minor_status, + &mech->mech_type, &internal_name); + return (temp_status); + } + } + + if(*context_handle == GSS_C_NO_CONTEXT) + *context_handle = (gss_ctx_id_t *) union_ctx_id; + + return(status); + } + + return(GSS_S_BAD_MECH); + +error_out: + if (union_ctx_id) { + if (union_ctx_id->mech_type) { + if (union_ctx_id->mech_type->elements) + free(union_ctx_id->mech_type->elements); + free(union_ctx_id->mech_type); + } + free(union_ctx_id); + } + return (status); +} + diff -puN /dev/null support/gssapi/g_acquire_cred.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_acquire_cred.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,539 @@ +/* #ident "@(#)gss_acquire_cred.c 1.19 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_acquire_cred + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include +#include + +#define g_OID_equal(o1,o2) \ + (((o1)->length == (o2)->length) && \ + (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) + +static gss_OID_set +create_actual_mechs(creds) + gss_union_cred_t creds; +{ + gss_OID_set actual_mechs; + int i; + + actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); + if (!actual_mechs) + return NULL; + + actual_mechs->elements = (gss_OID) + malloc(sizeof(gss_OID_desc) * creds->count); + if (!actual_mechs->elements) { + free(actual_mechs); + return NULL; + } + + actual_mechs->count = creds->count; + + for (i=0; i < creds->count; i++) { + actual_mechs->elements[i].length = creds->mechs_array[i].length; + actual_mechs->elements[i].elements = (void *) + malloc(creds->mechs_array[i].length); + memcpy(actual_mechs->elements[i].elements, + creds->mechs_array[i].elements, creds->mechs_array[i].length); + } + + return actual_mechs; +} + + +OM_uint32 KRB5_CALLCONV +gss_acquire_cred(minor_status, + desired_name, + time_req, + desired_mechs, + cred_usage, + output_cred_handle, + actual_mechs, + time_rec) + +OM_uint32 * minor_status; +gss_name_t desired_name; +OM_uint32 time_req; +gss_OID_set desired_mechs; +int cred_usage; +gss_cred_id_t * output_cred_handle; +gss_OID_set * actual_mechs; +OM_uint32 * time_rec; + +{ + OM_uint32 status, temp_minor_status, temp_time_rec = ~0; + unsigned int i, j, creds_acquired = 0; + int k; + gss_union_name_t union_name; + gss_name_t internal_name; + gss_union_cred_t creds; + gss_OID_set_desc default_OID_set; + gss_OID_desc default_OID; + gss_OID specific_mech_type = 0; + gss_mechanism mech; + + /* + * This struct is used to keep track of which mech_types are + * actually available and to store the credentials returned + * from them by each mechanism specific gss_acquire_cred() call. + * The results are used to construct the final union_cred + * structure returned by the glue layer gss_acquire_cred() call + * and the actual_mechs gss_OID_set returned. + */ + + struct creds_returned { + unsigned char available; + gss_cred_id_t cred; + } *creds_returned; + + gss_initialize(); + + /* Set this to NULL for now */ + + if (actual_mechs) + *actual_mechs = GSS_C_NULL_OID_SET; + + if (minor_status) + *minor_status = 0; + + /* No need to continue if we don't have a place to store the creds */ + if (output_cred_handle == NULL) + return GSS_S_COMPLETE; + + /* get desired_name cast as a union_name type */ + + union_name = (gss_union_name_t) desired_name; + + if (union_name) + specific_mech_type = union_name->mech_type; + + /* + * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an + * appropriate default. + */ + if(desired_mechs == GSS_C_NULL_OID_SET) { + /* + * If union_name->mech_type is NULL then we get the default + * mechanism; otherwise, we get the mechanism for the + * mechanism-specific name. + */ + mech = __gss_get_mechanism(specific_mech_type); + if (mech == NULL) + return (GSS_S_BAD_MECH); + + desired_mechs = &default_OID_set; + default_OID_set.count = 1 ; + default_OID_set.elements = &default_OID; + default_OID.length = mech->mech_type.length; + default_OID.elements = mech->mech_type.elements; + } + + /* + * Now allocate the creds returned array. There is one element + * for each member of the desired_mechs argument. + */ + + creds_returned = (struct creds_returned *) + malloc(sizeof(struct creds_returned) * desired_mechs->count); + + /* + * For each requested mechanism in desired_mechs, determine if it + * is supported. If so, mark the corresponding element in + * creds_returned->available as 1 and call the mechanism + * specific gss_acquire_cred(), placing the returned cred in + * creds_returned->cred. If not, mark creds_returned->available as + * 0. + */ + status = GSS_S_BAD_MECH; + for (j=0; j < desired_mechs->count; j++) { + creds_returned[j].available = 0; + + mech = __gss_get_mechanism (&desired_mechs->elements[j]); + if (!mech || !mech->gss_acquire_cred) + continue; + /* + * If this is a mechanism-specific name, then only use the + * mechanism of the name. + */ + if (specific_mech_type && !g_OID_equal(specific_mech_type, + &mech->mech_type)) + continue; + /* + * If this is not a mechanism-specific name, then we need to + * do an import the external name in union_name first. + */ + if (union_name == 0) + internal_name = (gss_name_t) 0; + else if (!union_name->mech_type) { + if (__gss_import_internal_name(&temp_minor_status, + &mech->mech_type, + union_name, &internal_name)) { + continue; + } + } else + internal_name = union_name->mech_name; + +#ifdef USE_MECH_CONTEXT + status = mech->gss_acquire_cred(mech->context, minor_status, +#else + status = mech->gss_acquire_cred(minor_status, +#endif + internal_name, time_req, + desired_mechs, cred_usage, + &creds_returned[j].cred, + NULL, &temp_time_rec); + + /* Release the internal name, if allocated above */ + if (union_name && !union_name->mech_type) { + (void) __gss_release_internal_name(&temp_minor_status, + &mech->mech_type, + &internal_name); + } + + if (status != GSS_S_COMPLETE) + continue; + + /* + * Add this into the creds_returned structure, if we got + * a good credential for this mechanism. + */ + if (time_rec) { + *time_rec = *time_rec > temp_time_rec ? temp_time_rec : *time_rec; + temp_time_rec = *time_rec; + } + + creds_returned[j].available = 1; + creds_acquired++; + + /* + * If union_name is set, then we're done. Continue, and + * declare success. Otherwise, if do an inquire credentials + * from the first mechanism that succeeds and use that as the + * union name. + */ + if (union_name) + continue; + +#ifdef USE_MECH_CONTEXT + status = mech->gss_inquire_cred(mech->context, &temp_minor_status, +#else + status = mech->gss_inquire_cred(&temp_minor_status, +#endif + creds_returned[j].cred, + &internal_name, 0, 0, 0); + if (status) { + /* Should never happen */ + creds_returned[j].available = 0; + creds_acquired--; + if (mech->gss_release_cred) +#ifdef USE_MECH_CONTEXT + mech->gss_release_cred(mech->context, minor_status, +#else + mech->gss_release_cred(minor_status, +#endif + &creds_returned[j].cred); + continue; + } + + status = __gss_convert_name_to_union_name(&temp_minor_status, mech, + internal_name, + (gss_name_t *) &union_name); + } + + /* + * Now allocate the creds struct, which will be cast as a gss_cred_id_t + * and returned in the output_cred_handle argument. If there were + * no credentials found, return an error. Also, allocate the + * actual_mechs data. + */ + if (creds_acquired == 0) { + free (creds_returned); + return (status); + } + + creds = (gss_union_cred_t) malloc(sizeof(gss_union_cred_desc)); + + creds->count = creds_acquired; + + creds->mechs_array = (gss_OID) + malloc(sizeof(gss_OID_desc) * creds_acquired); + + creds->cred_array = (gss_cred_id_t *) + malloc(sizeof(gss_cred_id_t) * creds_acquired); + + if(actual_mechs != NULL) { + *actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); + + (*actual_mechs)->count = creds_acquired; + + (*actual_mechs)->elements = (gss_OID) + malloc(sizeof(gss_OID_desc) * creds_acquired); + } + + /* + * copy the mechanisms found and their allocated credentials into the + * creds structure. At the same time, build up the actual_mechs + * data. + */ + + j = 0; + + for (i=0; icount; i++) { + if(creds_returned[i].available) { + + creds->mechs_array[j].length = + desired_mechs->elements[i].length; + creds->mechs_array[j].elements = (void *) + malloc(desired_mechs->elements[i].length); + memcpy(creds->mechs_array[j].elements, + desired_mechs->elements[i].elements, + desired_mechs->elements[i].length); + creds->cred_array[j] = creds_returned[i].cred; + if (actual_mechs) { + (*actual_mechs)->elements[j].length = + desired_mechs->elements[i].length; + (*actual_mechs)->elements[j].elements = (void *) + malloc(desired_mechs->elements[i].length); + memcpy((*actual_mechs)->elements[j].elements, + desired_mechs->elements[i].elements, + desired_mechs->elements[i].length); + } + j++; + } + } + + /* free the creds_returned struct, since we are done with it. */ + + free(creds_returned); + + /* record the information needed for gss_inquire_cred() */ + + creds->auxinfo.creation_time = time(0); + creds->auxinfo.time_rec = temp_time_rec; + creds->auxinfo.cred_usage = cred_usage; + + /* + * we can't just record the internal name, desired_name, since + * it may be destroyed between now and the time gss_inquire_cred() + * is called. So we must record the printable name in a + * gss_buffer_t, calling gss_display_name() to fill it in. When + * gss_inquire_name() is called, we must then call gss_import_name() + * to get the internal name that is required at that point. + */ + if (desired_name) { + status = gss_display_name(&temp_minor_status, desired_name, + &creds->auxinfo.name, + &creds->auxinfo.name_type); + if (status) { + status = GSS_S_BAD_NAME; + goto error_out; + } + } else { + status = gss_display_name(&temp_minor_status, union_name, + &creds->auxinfo.name, + &creds->auxinfo.name_type); + if (status) { + status = GSS_S_BAD_NAME; + goto error_out; + } + } + + *output_cred_handle = (gss_cred_id_t) creds; + return(GSS_S_COMPLETE); + +error_out: + for (k=0; k < creds->count; k++) { + free(creds->mechs_array[k].elements); + if (actual_mechs) + free((*actual_mechs)->elements[k].elements); + } + + if (actual_mechs) { + free((*actual_mechs)->elements); + free(*actual_mechs); + *actual_mechs = GSS_C_NULL_OID_SET; + } + free(creds->cred_array); + free(creds->mechs_array); + free(creds); + + return(status); +} + +/* V2 KRB5_CALLCONV */ +OM_uint32 KRB5_CALLCONV +gss_add_cred(minor_status, input_cred_handle, + desired_name, desired_mech, cred_usage, + initiator_time_req, acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec) + OM_uint32 *minor_status; + gss_cred_id_t input_cred_handle; + gss_name_t desired_name; + gss_OID desired_mech; + gss_cred_usage_t cred_usage; + OM_uint32 initiator_time_req; + OM_uint32 acceptor_time_req; + gss_cred_id_t *output_cred_handle; + gss_OID_set *actual_mechs; + OM_uint32 *initiator_time_rec; + OM_uint32 *acceptor_time_rec; +{ + OM_uint32 status, temp_minor_status; + OM_uint32 time_req, time_rec; + gss_union_name_t union_name; + gss_union_cred_t new_union_cred, union_cred; + gss_name_t internal_name; + gss_mechanism mech; + gss_cred_id_t cred; + gss_OID new_mechs_array; + gss_cred_id_t * new_cred_array; + + if (input_cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_NO_CRED; + + union_cred = (gss_union_cred_t) input_cred_handle; + + mech = __gss_get_mechanism(desired_mech); + if (!mech) + return GSS_S_BAD_MECH; + + if (__gss_get_mechanism_cred(union_cred, desired_mech) != + GSS_C_NO_CREDENTIAL) + return GSS_S_DUPLICATE_ELEMENT; + + union_name = (gss_union_name_t) desired_name; + if (union_name->mech_type) { + if (!g_OID_equal(desired_mech, union_name->mech_type)) + return GSS_S_BAD_NAMETYPE; + internal_name = union_name->mech_name; + } else { + if (__gss_import_internal_name(minor_status, desired_mech, + union_name, &internal_name)) + return (GSS_S_BAD_NAME); + } + + if (cred_usage == GSS_C_ACCEPT) + time_req = acceptor_time_req; + else if (cred_usage == GSS_C_INITIATE) + time_req = initiator_time_req; + else if (cred_usage == GSS_C_BOTH) + time_req = (acceptor_time_req > initiator_time_req) ? + acceptor_time_req : initiator_time_req; + +#ifdef USE_MECH_CONTEXT + status = mech->gss_acquire_cred(mech->context, minor_status, +#else + status = mech->gss_acquire_cred(minor_status, +#endif + internal_name, time_req, + GSS_C_NULL_OID_SET, cred_usage, + &cred, NULL, &time_rec); + if (status != GSS_S_COMPLETE) + goto errout; + + new_mechs_array = (gss_OID) + malloc(sizeof(gss_OID_desc) * (union_cred->count+1)); + + new_cred_array = (gss_cred_id_t *) + malloc(sizeof(gss_cred_id_t) * (union_cred->count+1)); + + if (!new_mechs_array || !new_cred_array) { + *minor_status = ENOMEM; + status = GSS_S_FAILURE; + goto errout; + } + + + if (acceptor_time_rec) + if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) + *acceptor_time_rec = time_rec; + if (initiator_time_rec) + if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) + *initiator_time_rec = time_rec; + + /* + * OK, expand the mechanism array in the union credentials + * (Look for the union label...) + */ + memcpy(new_mechs_array, union_cred->mechs_array, + sizeof(gss_OID_desc) * union_cred->count); + memcpy(new_cred_array, union_cred->cred_array, + sizeof(gss_cred_id_t) * union_cred->count); + + new_cred_array[union_cred->count] = cred; + new_mechs_array[union_cred->count].length = desired_mech->length; + new_mechs_array[union_cred->count].elements = malloc(desired_mech->length); + if (!new_mechs_array[union_cred->count].elements) { + *minor_status = ENOMEM; + goto errout; + } + memcpy(new_mechs_array[union_cred->count].elements, desired_mech->elements, + desired_mech->length); + + if (output_cred_handle == NULL) { + free(union_cred->mechs_array); + free(union_cred->cred_array); + new_union_cred = union_cred; + } else { + new_union_cred = malloc(sizeof(gss_union_cred_desc)); + if (new_union_cred == NULL) { + *minor_status = ENOMEM; + goto errout; + } + *new_union_cred = *union_cred; + *output_cred_handle = new_union_cred; + } + new_union_cred->mechs_array = new_mechs_array; + new_union_cred->cred_array = new_cred_array; + new_union_cred->count++; + new_mechs_array = 0; + new_cred_array = 0; + + if (actual_mechs) + *actual_mechs = create_actual_mechs(new_union_cred); + + status = GSS_S_COMPLETE; + +errout: + if (new_mechs_array) + free(new_mechs_array); + if (new_cred_array) + free(new_cred_array); + if (!union_name->mech_type) { + (void) __gss_release_internal_name(&temp_minor_status, + desired_mech, &internal_name); + } + + return(status); +} diff -puN /dev/null support/gssapi/g_compare_name.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_compare_name.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,165 @@ +/* #ident "@(#)gss_compare_name.c 1.13 95/08/02 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_compare_name + * + */ + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include +#endif +#include + +#define g_OID_equal(o1,o2) \ + (((o1)->length == (o2)->length) && \ + (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) + +OM_uint32 KRB5_CALLCONV +gss_compare_name (minor_status, + name1, + name2, + name_equal) + +OM_uint32 * minor_status; +gss_name_t name1; +gss_name_t name2; +int * name_equal; + +{ + OM_uint32 major_status, temp_minor; + gss_union_name_t union_name1, union_name2; + gss_mechanism mech; + gss_name_t internal_name; + + gss_initialize(); + + if (name1 == 0 || name2 == 0) { + if (name_equal) + *name_equal = 0; + return GSS_S_BAD_NAME; + } + + union_name1 = (gss_union_name_t) name1; + union_name2 = (gss_union_name_t) name2; + /* + * Try our hardest to make union_name1 be the mechanism-specific + * name. (Of course we can't if both names aren't + * mechanism-specific.) + */ + if (union_name1->mech_type == 0) { + union_name1 = (gss_union_name_t) name2; + union_name2 = (gss_union_name_t) name1; + } + /* + * If union_name1 is mechanism specific, then fetch its mechanism + * information. + */ + if (union_name1->mech_type) { + mech = __gss_get_mechanism (union_name1->mech_type); + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_BAD_BINDINGS); + } + + if (name_equal == NULL) + return GSS_S_COMPLETE; + + *name_equal = 0; /* Default to *not* equal.... */ + + /* + * First case... both names are mechanism-specific + */ + if (union_name1->mech_type && union_name2->mech_type) { + if (!g_OID_equal(union_name1->mech_type, union_name2->mech_type)) + return (GSS_S_COMPLETE); + if ((union_name1->mech_name == 0) || (union_name2->mech_name == 0)) + /* should never happen */ + return (GSS_S_BAD_NAME); +#ifdef USE_MECH_CONTEXT + return (mech->gss_compare_name(mech->context, minor_status, +#else + return (mech->gss_compare_name(minor_status, +#endif + union_name1->mech_name, + union_name2->mech_name, name_equal)); + + } + + /* + * Second case... both names are NOT mechanism specific. + * + * All we do here is make sure the two name_types are equal and then + * that the external_names are equal. Note the we do not take care + * of the case where two different external names map to the same + * internal name. We cannot determine this, since we as yet do not + * know what mechanism to use for calling the underlying + * gss_import_name(). + */ + if (!union_name1->mech_type && !union_name2->mech_type) { + if (!g_OID_equal(union_name1->name_type, union_name2->name_type)) + return (GSS_S_COMPLETE); + if ((union_name1->external_name->length != + union_name2->external_name->length) || + (memcmp(union_name1->external_name->value, + union_name2->external_name->value, + union_name1->external_name->length) != 0)) + return (GSS_S_COMPLETE); + *name_equal = 1; + return (GSS_S_COMPLETE); + } + + /* + * Final case... one name is mechanism specific, the other isn't. + * + * We attempt to convert the general name to the mechanism type of + * the mechanism-specific name, and then do the compare. If we + * can't import the general name, then we return that the name is + * _NOT_ equal. + */ + if (union_name2->mech_type) { + /* We make union_name1 the mechanism specific name. */ + union_name1 = (gss_union_name_t) name2; + union_name2 = (gss_union_name_t) name1; + } + major_status = __gss_import_internal_name(minor_status, + union_name1->mech_type, + union_name2, + &internal_name); + if (major_status != GSS_S_COMPLETE) + return (GSS_S_COMPLETE); +#ifdef USE_MECH_CONTEXT + major_status = mech->gss_compare_name(mech->context, minor_status, +#else + major_status = mech->gss_compare_name(minor_status, +#endif + union_name1->mech_name, + internal_name, name_equal); + __gss_release_internal_name(&temp_minor, union_name1->mech_type, + &internal_name); + return (major_status); + +} diff -puN /dev/null support/gssapi/g_context_time.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_context_time.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,75 @@ +/* #ident "@(#)gss_context_time.c 1.8 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routines for gss_context_time + */ + +#include "mglueP.h" + +OM_uint32 KRB5_CALLCONV +gss_context_time (minor_status, + context_handle, + time_rec) + +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +OM_uint32 * time_rec; + +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + gss_initialize(); + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = __gss_get_mechanism (ctx->mech_type); + + if (mech) { + + if (mech->gss_context_time) + status = mech->gss_context_time( +#ifdef USE_MECH_CONTEXT + mech->context, +#endif + minor_status, + ctx->internal_ctx_id, + time_rec); + else + status = GSS_S_BAD_BINDINGS; + + return(status); + } + + return(GSS_S_NO_CONTEXT); +} diff -puN /dev/null support/gssapi/g_delete_sec_context.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_delete_sec_context.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,88 @@ +/* #ident "@(#)gss_delete_sec_context.c 1.10 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_delete_sec_context + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif + +OM_uint32 KRB5_CALLCONV +gss_delete_sec_context (minor_status, + context_handle, + output_token) + +OM_uint32 * minor_status; +gss_ctx_id_t * context_handle; +gss_buffer_t output_token; + +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + gss_initialize(); + + /* if the context_handle is Null, return NO_CONTEXT error */ + + if(context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) + return(GSS_S_NO_CONTEXT); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) *context_handle; + mech = __gss_get_mechanism (ctx->mech_type); + + if (mech) { + + if (mech->gss_delete_sec_context) + status = mech->gss_delete_sec_context( +#ifdef USE_MECH_CONTEXT + mech->context, +#endif + minor_status, + &ctx->internal_ctx_id, + output_token); + else + status = GSS_S_BAD_BINDINGS; + + /* now free up the space for the union context structure */ + + free(ctx->mech_type->elements); + free(ctx->mech_type); + free(*context_handle); + *context_handle = NULL; + + return(status); + } + + return(GSS_S_NO_CONTEXT); +} diff -puN /dev/null support/gssapi/g_dsp_name.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_dsp_name.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,96 @@ +/* #ident "@(#)g_dsp_name.c 1.2 96/02/06 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_display_name() + * + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include + +OM_uint32 KRB5_CALLCONV +gss_display_name (minor_status, + input_name, + output_name_buffer, + output_name_type) + +OM_uint32 * minor_status; +gss_name_t input_name; +gss_buffer_t output_name_buffer; +gss_OID * output_name_type; + +{ + OM_uint32 major_status; + gss_union_name_t union_name; + + if (input_name == 0) + return GSS_S_BAD_NAME; + + union_name = (gss_union_name_t) input_name; + + if (union_name->mech_type) { + /* + * OK, we have a mechanism-specific name; let's use it! + */ + return (__gss_display_internal_name(minor_status, + union_name->mech_type, + union_name->mech_name, + output_name_buffer, + output_name_type)); + } + + /* + * copy the value of the external_name component of the union + * name into the output_name_buffer and point the output_name_type + * to the name_type component of union_name + */ + if (output_name_type != NULL) { + major_status = generic_gss_copy_oid(minor_status, + union_name->name_type, + output_name_type); + if (major_status) + return (major_status); + } + + if (output_name_buffer != NULL) { + output_name_buffer->length = union_name->external_name->length; + + output_name_buffer->value = + (void *) malloc(output_name_buffer->length); + + memcpy(output_name_buffer->value, + union_name->external_name->value, + output_name_buffer->length); + } + + if (minor_status) + *minor_status = 0; + + return(GSS_S_COMPLETE); +} diff -puN /dev/null support/gssapi/g_dsp_status.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_dsp_status.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,86 @@ +/* #ident "@(#)gss_display_status.c 1.8 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine gss_display_status + * + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif + +OM_uint32 KRB5_CALLCONV +gss_display_status (minor_status, + status_value, + status_type, + req_mech_type, + message_context, + status_string) + +OM_uint32 * minor_status; +OM_uint32 status_value; +int status_type; +gss_OID req_mech_type; +OM_uint32 * message_context; +gss_buffer_t status_string; + +{ + OM_uint32 status; + gss_OID mech_type = (gss_OID) req_mech_type; + gss_mechanism mech; + + gss_initialize(); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + mech = __gss_get_mechanism (mech_type); + + if (mech == NULL) + return (GSS_S_BAD_MECH); + + if (mech_type == GSS_C_NULL_OID) + mech_type = &mech->mech_type; + + if (mech->gss_display_status) + status = mech->gss_display_status( +#ifdef USE_MECH_CONTEXT + mech->context, +#endif + minor_status, + status_value, + status_type, + mech_type, + message_context, + status_string); + else + status = GSS_S_BAD_BINDINGS; + + return(status); +} diff -puN /dev/null support/gssapi/g_dup_name.c --- /dev/null 2004-08-19 17:44:20.000000000 -0400 +++ nfs-utils-1.0.6-bfields/support/gssapi/g_dup_name.c 2004-10-27 18:02:49.000000000 -0400 @@ -0,0 +1,162 @@ +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + * + * created andros 2.24.01 from g_compare_name.c + */ + +/* + * glue routine for gss_duplicate_name + * + */ + +#include +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gss_duplicate_name (minor_status, + in_name, + exp_name) +OM_uint32 * minor_status; +const gss_name_t in_name; +gss_name_t *exp_name; +{ + OM_uint32 tmp,major_status = GSS_S_COMPLETE; + gss_union_name_t union_in_name, union_exp_name; + gss_mechanism mech; + + gss_initialize(); + + /* if exp_name is NULL, simply return */ + if (exp_name == NULL) + return (GSS_S_COMPLETE); + + *exp_name = NULL; + + if (in_name == 0) + return (GSS_S_BAD_NAME); + + union_in_name = (gss_union_name_t) in_name; + + /* + * Create the union name struct that will hold the exported + * name and the name type. + */ + + union_exp_name = (gss_union_name_t) malloc (sizeof(gss_union_name_desc)); + if (!union_exp_name) { + *minor_status = ENOMEM; + goto allocation_failure; + } +#ifdef DEBUG + fprintf(stderr, "gss_duplicate_name: copying *oid %p\n", + union_in_name->mech_type); +#endif + union_exp_name->gss_mech = union_in_name->gss_mech; + union_exp_name->mech_type = GSS_C_NO_OID; + if (union_in_name->mech_type != GSS_C_NO_OID && + (generic_gss_copy_oid(&tmp, union_in_name->mech_type, + &union_exp_name->mech_type) != GSS_S_COMPLETE)) { + *minor_status = ENOMEM; + goto allocation_failure; + } + union_exp_name->mech_name = NULL; + union_exp_name->name_type = GSS_C_NO_OID; + if (union_in_name->name_type != GSS_C_NO_OID && + (generic_gss_copy_oid(&tmp, union_in_name->name_type, + &union_exp_name->name_type) != GSS_S_COMPLETE)) { + *minor_status = ENOMEM; + goto allocation_failure; + } + union_exp_name->external_name = NULL; + union_exp_name->external_name = + (gss_buffer_t) malloc(sizeof(gss_buffer_d