From owner-svn-src-head@freebsd.org Mon Nov 30 22:11:36 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2216AA3D196; Mon, 30 Nov 2015 22:11:36 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F0D42156C; Mon, 30 Nov 2015 22:11:35 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tAUMBZ06083179; Mon, 30 Nov 2015 22:11:35 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tAUMBZMm083178; Mon, 30 Nov 2015 22:11:35 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <201511302211.tAUMBZMm083178@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Mon, 30 Nov 2015 22:11:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r291534 - head/usr.sbin/nfsuserd X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2015 22:11:36 -0000 Author: rmacklem Date: Mon Nov 30 22:11:34 2015 New Revision: 291534 URL: https://svnweb.freebsd.org/changeset/base/291534 Log: Add support for the "-manage-gids" option to the nfsuserd daemon. When this option is set, the NFS server uses the list of groups acquired via getgrouplist(3) for the uid instead of the list of groups in the RPC request. This can be used to avoid the 16 gid limit for the group list in the RPC request. Suggested by: jpaetzel Tested by: jpaetzel MFC after: 2 weeks Modified: head/usr.sbin/nfsuserd/nfsuserd.c Modified: head/usr.sbin/nfsuserd/nfsuserd.c ============================================================================== --- head/usr.sbin/nfsuserd/nfsuserd.c Mon Nov 30 22:09:55 2015 (r291533) +++ head/usr.sbin/nfsuserd/nfsuserd.c Mon Nov 30 22:11:34 2015 (r291534) @@ -92,7 +92,7 @@ uid_t defaultuid = (uid_t)32767; u_char *defaultgroup = "nogroup"; gid_t defaultgid = (gid_t)32767; int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0; -int defusertimeout = DEFUSERTIMEOUT; +int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0; pid_t slaves[MAXNFSUSERD]; int @@ -110,6 +110,8 @@ main(int argc, char *argv[]) char hostname[MAXHOSTNAMELEN + 1], *cp; struct addrinfo *aip, hints; static uid_t check_dups[MAXUSERMAX]; + gid_t grps[NGROUPS]; + int ngroup; if (modfind("nfscommon") < 0) { /* Not present in kernel, try loading it */ @@ -160,6 +162,8 @@ main(int argc, char *argv[]) verbose = 1; } else if (!strcmp(*argv, "-force")) { forcestart = 1; + } else if (!strcmp(*argv, "-manage-gids")) { + manage_gids = 1; } else if (!strcmp(*argv, "-usermax")) { if (argc == 1) usage(); @@ -297,12 +301,14 @@ main(int argc, char *argv[]) nid.nid_gid = defaultgid; nid.nid_name = dnsname; nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_INITIALIZE; #ifdef DEBUG printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't initialize nfs user/groups"); #endif @@ -316,11 +322,13 @@ main(int argc, char *argv[]) nid.nid_gid = grp->gr_gid; nid.nid_name = grp->gr_name; nid.nid_namelen = strlen(grp->gr_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; #ifdef DEBUG printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add group %s", grp->gr_name); #endif @@ -352,11 +360,23 @@ main(int argc, char *argv[]) nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; nid.nid_namelen = strlen(pwd->pw_name); + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, + &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } nid.nid_flag = NFSID_ADDUID; #ifdef DEBUG printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add user %s", pwd->pw_name); #endif @@ -439,6 +459,8 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP struct info info; struct nfsd_idargs nid; u_int32_t saddr; + gid_t grps[NGROUPS]; + int ngroup; /* * Only handle requests from 127.0.0.1 on a reserved port number. @@ -472,14 +494,28 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_usertimeout = defusertimeout; nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, + grps, &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } } else { nid.nid_usertimeout = 5; nid.nid_uid = (uid_t)info.id; nid.nid_name = defaultuser; + nid.nid_ngroup = 0; + nid.nid_grps = NULL; } nid.nid_namelen = strlen(nid.nid_name); nid.nid_flag = NFSID_ADDUID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -509,8 +545,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = defaultgroup; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -541,8 +579,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDUSERNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -572,8 +612,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGROUPNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -679,5 +721,5 @@ usage(void) { errx(1, - "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]"); + "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]"); }