From owner-svn-src-stable@freebsd.org Mon Dec 14 22:43:45 2015 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 115F7A44B5F; Mon, 14 Dec 2015 22:43:45 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E1C41183F; Mon, 14 Dec 2015 22:43:44 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBEMhidV067126; Mon, 14 Dec 2015 22:43:44 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBEMhip9067125; Mon, 14 Dec 2015 22:43:44 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <201512142243.tBEMhip9067125@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Mon, 14 Dec 2015 22:43:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r292231 - stable/10/usr.sbin/nfsuserd X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2015 22:43:45 -0000 Author: rmacklem Date: Mon Dec 14 22:43:43 2015 New Revision: 292231 URL: https://svnweb.freebsd.org/changeset/base/292231 Log: MFC: r291534 Add support for the "-manage-gids" option to the nfsuserd daemon. When this option is set, the NFS server uses the list of groups acquired via getgrouplist(3) for the uid instead of the list of groups in the RPC request. This can be used to avoid the 16 gid limit for the group list in the RPC request. Relnotes: yes Modified: stable/10/usr.sbin/nfsuserd/nfsuserd.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/nfsuserd/nfsuserd.c ============================================================================== --- stable/10/usr.sbin/nfsuserd/nfsuserd.c Mon Dec 14 22:42:05 2015 (r292230) +++ stable/10/usr.sbin/nfsuserd/nfsuserd.c Mon Dec 14 22:43:43 2015 (r292231) @@ -92,7 +92,7 @@ uid_t defaultuid = (uid_t)32767; u_char *defaultgroup = "nogroup"; gid_t defaultgid = (gid_t)32767; int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0; -int defusertimeout = DEFUSERTIMEOUT; +int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0; pid_t slaves[MAXNFSUSERD]; int @@ -110,6 +110,8 @@ main(int argc, char *argv[]) char hostname[MAXHOSTNAMELEN + 1], *cp; struct addrinfo *aip, hints; static uid_t check_dups[MAXUSERMAX]; + gid_t grps[NGROUPS]; + int ngroup; if (modfind("nfscommon") < 0) { /* Not present in kernel, try loading it */ @@ -160,6 +162,8 @@ main(int argc, char *argv[]) verbose = 1; } else if (!strcmp(*argv, "-force")) { forcestart = 1; + } else if (!strcmp(*argv, "-manage-gids")) { + manage_gids = 1; } else if (!strcmp(*argv, "-usermax")) { if (argc == 1) usage(); @@ -297,12 +301,14 @@ main(int argc, char *argv[]) nid.nid_gid = defaultgid; nid.nid_name = dnsname; nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_INITIALIZE; #ifdef DEBUG printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't initialize nfs user/groups"); #endif @@ -316,11 +322,13 @@ main(int argc, char *argv[]) nid.nid_gid = grp->gr_gid; nid.nid_name = grp->gr_name; nid.nid_namelen = strlen(grp->gr_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; #ifdef DEBUG printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add group %s", grp->gr_name); #endif @@ -352,11 +360,23 @@ main(int argc, char *argv[]) nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; nid.nid_namelen = strlen(pwd->pw_name); + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, + &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } nid.nid_flag = NFSID_ADDUID; #ifdef DEBUG printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add user %s", pwd->pw_name); #endif @@ -439,6 +459,8 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP struct info info; struct nfsd_idargs nid; u_int32_t saddr; + gid_t grps[NGROUPS]; + int ngroup; /* * Only handle requests from 127.0.0.1 on a reserved port number. @@ -472,14 +494,28 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_usertimeout = defusertimeout; nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, + grps, &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } } else { nid.nid_usertimeout = 5; nid.nid_uid = (uid_t)info.id; nid.nid_name = defaultuser; + nid.nid_ngroup = 0; + nid.nid_grps = NULL; } nid.nid_namelen = strlen(nid.nid_name); nid.nid_flag = NFSID_ADDUID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -509,8 +545,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = defaultgroup; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -541,8 +579,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDUSERNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -572,8 +612,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGROUPNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -679,5 +721,5 @@ usage(void) { errx(1, - "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]"); + "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]"); }