diff options
| author | Rick Macklem <rmacklem@FreeBSD.org> | 2015-11-30 22:11:34 +0000 |
|---|---|---|
| committer | Rick Macklem <rmacklem@FreeBSD.org> | 2015-11-30 22:11:34 +0000 |
| commit | e6c623c86ab44c9a81b4ff29fd8f41e7e621bc35 (patch) | |
| tree | d19a5a30325795b8a55f902c692a5d80ece65387 | |
| parent | aeef6b689ac7abc63749c0e72cf8c7ed579cb9ca (diff) | |
Add support for the "-manage-gids" option to the nfsuserd daemon.
When this option is set, the NFS server uses the list of groups
acquired via getgrouplist(3) for the uid instead of the list of
groups in the RPC request. This can be used to avoid the 16 gid
limit for the group list in the RPC request.
Suggested by: jpaetzel
Tested by: jpaetzel
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=291534
| -rw-r--r-- | usr.sbin/nfsuserd/nfsuserd.c | 60 |
1 files changed, 51 insertions, 9 deletions
diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c index 35e2849eae8f..293da7115a50 100644 --- a/usr.sbin/nfsuserd/nfsuserd.c +++ b/usr.sbin/nfsuserd/nfsuserd.c @@ -92,7 +92,7 @@ uid_t defaultuid = (uid_t)32767; u_char *defaultgroup = "nogroup"; gid_t defaultgid = (gid_t)32767; int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0; -int defusertimeout = DEFUSERTIMEOUT; +int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0; pid_t slaves[MAXNFSUSERD]; int @@ -110,6 +110,8 @@ main(int argc, char *argv[]) char hostname[MAXHOSTNAMELEN + 1], *cp; struct addrinfo *aip, hints; static uid_t check_dups[MAXUSERMAX]; + gid_t grps[NGROUPS]; + int ngroup; if (modfind("nfscommon") < 0) { /* Not present in kernel, try loading it */ @@ -160,6 +162,8 @@ main(int argc, char *argv[]) verbose = 1; } else if (!strcmp(*argv, "-force")) { forcestart = 1; + } else if (!strcmp(*argv, "-manage-gids")) { + manage_gids = 1; } else if (!strcmp(*argv, "-usermax")) { if (argc == 1) usage(); @@ -297,12 +301,14 @@ main(int argc, char *argv[]) nid.nid_gid = defaultgid; nid.nid_name = dnsname; nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_INITIALIZE; #ifdef DEBUG printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't initialize nfs user/groups"); #endif @@ -316,11 +322,13 @@ main(int argc, char *argv[]) nid.nid_gid = grp->gr_gid; nid.nid_name = grp->gr_name; nid.nid_namelen = strlen(grp->gr_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; #ifdef DEBUG printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add group %s", grp->gr_name); #endif @@ -352,11 +360,23 @@ main(int argc, char *argv[]) nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; nid.nid_namelen = strlen(pwd->pw_name); + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, + &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } nid.nid_flag = NFSID_ADDUID; #ifdef DEBUG printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add user %s", pwd->pw_name); #endif @@ -439,6 +459,8 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) struct info info; struct nfsd_idargs nid; u_int32_t saddr; + gid_t grps[NGROUPS]; + int ngroup; /* * Only handle requests from 127.0.0.1 on a reserved port number. @@ -472,14 +494,28 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) nid.nid_usertimeout = defusertimeout; nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, + grps, &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } } else { nid.nid_usertimeout = 5; nid.nid_uid = (uid_t)info.id; nid.nid_name = defaultuser; + nid.nid_ngroup = 0; + nid.nid_grps = NULL; } nid.nid_namelen = strlen(nid.nid_name); nid.nid_flag = NFSID_ADDUID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -509,8 +545,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) nid.nid_name = defaultgroup; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -541,8 +579,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDUSERNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -572,8 +612,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGROUPNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -679,5 +721,5 @@ usage(void) { errx(1, - "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]"); + "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]"); } |