MFC: r291534

Add support for the "-manage-gids" option to the nfsuserd daemon. When this option is set, the NFS server uses the list of groups acquired via getgrouplist(3) for the uid instead of the list of groups in the RPC request. This can be used to avoid the 16 gid limit for the group list in the RPC request. Relnotes: yes
2015-12-14 22:43:43 +00:00 · 2015-12-14 22:43:43 +00:00 · 473cb365c9
commit 473cb365c9
parent e16d0d1c5c
1 changed files with 51 additions and 9 deletions
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@ -92,7 +92,7 @@ uid_t defaultuid = (uid_t)32767;
 u_char *defaultgroup = "nogroup";
 gid_t defaultgid = (gid_t)32767;
 int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0;
-int defusertimeout = DEFUSERTIMEOUT;
+int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0;
 pid_t slaves[MAXNFSUSERD];
 int
@ -110,6 +110,8 @@ main(int argc, char *argv[])
 	char hostname[MAXHOSTNAMELEN + 1], *cp;
 	struct addrinfo *aip, hints;
 	static uid_t check_dups[MAXUSERMAX];
 	gid_t grps[NGROUPS];
 	int ngroup;
 	if (modfind("nfscommon") < 0) {
 		/* Not present in kernel, try loading it */
@ -160,6 +162,8 @@ main(int argc, char *argv[])
 			verbose = 1;
 		} else if (!strcmp(*argv, "-force")) {
 			forcestart = 1;
 		} else if (!strcmp(*argv, "-manage-gids")) {
 			manage_gids = 1;
 		} else if (!strcmp(*argv, "-usermax")) {
 			if (argc == 1)
 				usage();
@ -297,12 +301,14 @@ main(int argc, char *argv[])
 		nid.nid_gid = defaultgid;
 	nid.nid_name = dnsname;
 	nid.nid_namelen = strlen(nid.nid_name);
 	nid.nid_ngroup = 0;
 	nid.nid_grps = NULL;
 	nid.nid_flag = NFSID_INITIALIZE;
 #ifdef DEBUG
 	printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid, 
 	    nid.nid_name);
 #else
-	error = nfssvc(NFSSVC_IDNAME, &nid);
+	error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 	if (error)
 		errx(1, "Can't initialize nfs user/groups");
 #endif
@ -316,11 +322,13 @@ main(int argc, char *argv[])
 		nid.nid_gid = grp->gr_gid;
 		nid.nid_name = grp->gr_name;
 		nid.nid_namelen = strlen(grp->gr_name);
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDGID;
 #ifdef DEBUG
 		printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name);
 #else
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error)
 			errx(1, "Can't add group %s", grp->gr_name);
 #endif
@ -352,11 +360,23 @@ main(int argc, char *argv[])
 		nid.nid_uid = pwd->pw_uid;
 		nid.nid_name = pwd->pw_name;
 		nid.nid_namelen = strlen(pwd->pw_name);
 		if (manage_gids != 0) {
 			/* Get the group list for this user. */
 			ngroup = NGROUPS;
 			if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
 			    &ngroup) < 0)
 				syslog(LOG_ERR, "Group list too small");
 			nid.nid_ngroup = ngroup;
 			nid.nid_grps = grps;
 		} else {
 			nid.nid_ngroup = 0;
 			nid.nid_grps = NULL;
 		}
 		nid.nid_flag = NFSID_ADDUID;
 #ifdef DEBUG
 		printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name);
 #else
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error)
 			errx(1, "Can't add user %s", pwd->pw_name);
 #endif
@ -439,6 +459,8 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 	struct info info;
 	struct nfsd_idargs nid;
 	u_int32_t saddr;
 	gid_t grps[NGROUPS];
 	int ngroup;
 	/*
 	 * Only handle requests from 127.0.0.1 on a reserved port number.
@ -472,14 +494,28 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 			nid.nid_usertimeout = defusertimeout;
 			nid.nid_uid = pwd->pw_uid;
 			nid.nid_name = pwd->pw_name;
 			if (manage_gids != 0) {
 				/* Get the group list for this user. */
 				ngroup = NGROUPS;
 				if (getgrouplist(pwd->pw_name, pwd->pw_gid,
 				    grps, &ngroup) < 0)
 					syslog(LOG_ERR, "Group list too small");
 				nid.nid_ngroup = ngroup;
 				nid.nid_grps = grps;
 			} else {
 				nid.nid_ngroup = 0;
 				nid.nid_grps = NULL;
 			}
 		} else {
 			nid.nid_usertimeout = 5;
 			nid.nid_uid = (uid_t)info.id;
 			nid.nid_name = defaultuser;
 			nid.nid_ngroup = 0;
 			nid.nid_grps = NULL;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_flag = NFSID_ADDUID;
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error) {
 			info.retval = error;
 			syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name);
@ -509,8 +545,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 			nid.nid_name = defaultgroup;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDGID;
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error) {
 			info.retval = error;
 			syslog(LOG_ERR, "Can't add group %s\n",
@ -541,8 +579,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 			nid.nid_name = info.name;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDUSERNAME;
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error) {
 			info.retval = error;
 			syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name);
@ -572,8 +612,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 			nid.nid_name = info.name;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDGROUPNAME;
-		error = nfssvc(NFSSVC_IDNAME, &nid);
+		error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
 		if (error) {
 			info.retval = error;
 			syslog(LOG_ERR, "Can't add group %s\n",
@ -679,5 +721,5 @@ usage(void)
 {
 	errx(1,
-	    "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]");
+	    "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]");
 }