Date: Mon, 30 Nov 2015 22:11:35 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r291534 - head/usr.sbin/nfsuserd Message-ID: <201511302211.tAUMBZMm083178@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Mon Nov 30 22:11:34 2015 New Revision: 291534 URL: https://svnweb.freebsd.org/changeset/base/291534 Log: Add support for the "-manage-gids" option to the nfsuserd daemon. When this option is set, the NFS server uses the list of groups acquired via getgrouplist(3) for the uid instead of the list of groups in the RPC request. This can be used to avoid the 16 gid limit for the group list in the RPC request. Suggested by: jpaetzel Tested by: jpaetzel MFC after: 2 weeks Modified: head/usr.sbin/nfsuserd/nfsuserd.c Modified: head/usr.sbin/nfsuserd/nfsuserd.c ============================================================================== --- head/usr.sbin/nfsuserd/nfsuserd.c Mon Nov 30 22:09:55 2015 (r291533) +++ head/usr.sbin/nfsuserd/nfsuserd.c Mon Nov 30 22:11:34 2015 (r291534) @@ -92,7 +92,7 @@ uid_t defaultuid = (uid_t)32767; u_char *defaultgroup = "nogroup"; gid_t defaultgid = (gid_t)32767; int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0; -int defusertimeout = DEFUSERTIMEOUT; +int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0; pid_t slaves[MAXNFSUSERD]; int @@ -110,6 +110,8 @@ main(int argc, char *argv[]) char hostname[MAXHOSTNAMELEN + 1], *cp; struct addrinfo *aip, hints; static uid_t check_dups[MAXUSERMAX]; + gid_t grps[NGROUPS]; + int ngroup; if (modfind("nfscommon") < 0) { /* Not present in kernel, try loading it */ @@ -160,6 +162,8 @@ main(int argc, char *argv[]) verbose = 1; } else if (!strcmp(*argv, "-force")) { forcestart = 1; + } else if (!strcmp(*argv, "-manage-gids")) { + manage_gids = 1; } else if (!strcmp(*argv, "-usermax")) { if (argc == 1) usage(); @@ -297,12 +301,14 @@ main(int argc, char *argv[]) nid.nid_gid = defaultgid; nid.nid_name = dnsname; nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_INITIALIZE; #ifdef DEBUG printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't initialize nfs user/groups"); #endif @@ -316,11 +322,13 @@ main(int argc, char *argv[]) nid.nid_gid = grp->gr_gid; nid.nid_name = grp->gr_name; nid.nid_namelen = strlen(grp->gr_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; #ifdef DEBUG printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add group %s", grp->gr_name); #endif @@ -352,11 +360,23 @@ main(int argc, char *argv[]) nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; nid.nid_namelen = strlen(pwd->pw_name); + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, + &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } nid.nid_flag = NFSID_ADDUID; #ifdef DEBUG printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name); #else - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) errx(1, "Can't add user %s", pwd->pw_name); #endif @@ -439,6 +459,8 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP struct info info; struct nfsd_idargs nid; u_int32_t saddr; + gid_t grps[NGROUPS]; + int ngroup; /* * Only handle requests from 127.0.0.1 on a reserved port number. @@ -472,14 +494,28 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_usertimeout = defusertimeout; nid.nid_uid = pwd->pw_uid; nid.nid_name = pwd->pw_name; + if (manage_gids != 0) { + /* Get the group list for this user. */ + ngroup = NGROUPS; + if (getgrouplist(pwd->pw_name, pwd->pw_gid, + grps, &ngroup) < 0) + syslog(LOG_ERR, "Group list too small"); + nid.nid_ngroup = ngroup; + nid.nid_grps = grps; + } else { + nid.nid_ngroup = 0; + nid.nid_grps = NULL; + } } else { nid.nid_usertimeout = 5; nid.nid_uid = (uid_t)info.id; nid.nid_name = defaultuser; + nid.nid_ngroup = 0; + nid.nid_grps = NULL; } nid.nid_namelen = strlen(nid.nid_name); nid.nid_flag = NFSID_ADDUID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -509,8 +545,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = defaultgroup; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGID; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -541,8 +579,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDUSERNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name); @@ -572,8 +612,10 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXP nid.nid_name = info.name; } nid.nid_namelen = strlen(nid.nid_name); + nid.nid_ngroup = 0; + nid.nid_grps = NULL; nid.nid_flag = NFSID_ADDGROUPNAME; - error = nfssvc(NFSSVC_IDNAME, &nid); + error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid); if (error) { info.retval = error; syslog(LOG_ERR, "Can't add group %s\n", @@ -679,5 +721,5 @@ usage(void) { errx(1, - "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]"); + "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]"); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511302211.tAUMBZMm083178>