1
0
forked from pool/util-linux
util-linux/util-linux-2.12r-mount_rpcsec_gss.patch

117 lines
3.6 KiB
Diff

Index: mount/nfsmount.c
===================================================================
--- mount/nfsmount.c.orig
+++ mount/nfsmount.c
@@ -117,8 +117,10 @@ find_kernel_nfs_mount_version(void) {
nfs_mount_version = 4; /* since 2.2.18pre9 */
else if (kernel_version < MAKE_VERSION(2,3,99))
nfs_mount_version = 3;
+ else if (kernel_version < MAKE_VERSION(2,6,3))
+ nfs_mount_version = 4;
else
- nfs_mount_version = 4; /* since 2.3.99pre4 */
+ nfs_mount_version = 6;
}
if (nfs_mount_version > NFS_MOUNT_VERSION)
nfs_mount_version = NFS_MOUNT_VERSION;
@@ -318,7 +320,6 @@ int nfsmount(const char *spec, const cha
#if NFS_MOUNT_VERSION >= 2
data.namlen = NAME_MAX;
#endif
-
bg = 0;
soft = 0;
intr = 0;
@@ -400,6 +401,38 @@ int nfsmount(const char *spec, const cha
printf(_("Warning: Option namlen is not supported.\n"));
} else if (!strcmp(opt, "addr")) {
/* ignore */;
+#if NFS_MOUNT_VERSION >= 5
+ } else if (!strcmp(opt, "sec")) {
+ char *secflavor = opteq+1;
+ /* see RFC 2623 */
+ if (nfs_mount_version < 5) {
+ printf(_("Warning: this version of mount(1) does not support RPCSEC_GSS, ignoring sec=%s option\n"), secflavor);
+ continue;
+ } else if (!strcmp(secflavor, "sys"))
+ data.pseudoflavor = AUTH_SYS;
+ else if (!strcmp(secflavor, "krb5"))
+ data.pseudoflavor = AUTH_GSS_KRB5;
+ else if (!strcmp(secflavor, "krb5i"))
+ data.pseudoflavor = AUTH_GSS_KRB5I;
+ else if (!strcmp(secflavor, "krb5p"))
+ data.pseudoflavor = AUTH_GSS_KRB5P;
+ else if (!strcmp(secflavor, "lipkey"))
+ data.pseudoflavor = AUTH_GSS_LKEY;
+ else if (!strcmp(secflavor, "lipkey-i"))
+ data.pseudoflavor = AUTH_GSS_LKEYI;
+ else if (!strcmp(secflavor, "lipkey-p"))
+ data.pseudoflavor = AUTH_GSS_LKEYP;
+ else if (!strcmp(secflavor, "spkm3"))
+ data.pseudoflavor = AUTH_GSS_SPKM;
+ else if (!strcmp(secflavor, "spkm3i"))
+ data.pseudoflavor = AUTH_GSS_SPKMI;
+ else if (!strcmp(secflavor, "spkm3p"))
+ data.pseudoflavor = AUTH_GSS_SPKMP;
+ else if(!sloppy) {
+ printf(_("Warning: Unrecognized security flavor %s.\n"), secflavor);
+ goto fail;
+ }
+#endif
} else {
printf(_("unknown nfs mount parameter: "
"%s=%d\n"), opt, val);
@@ -472,6 +505,11 @@ retry_udp:
data.flags |= (noacl ? NFS_MOUNT_NOACL : 0);
}
#endif
+#if NFS_MOUNT_VERSION >= 5
+ if ((nfs_mount_version >= 5) && data.pseudoflavor) {
+ data.flags |= NFS_MOUNT_SECFLAVOUR;
+ }
+#endif
if (nfsvers > MAX_NFSPROT) {
fprintf(stderr, "NFSv%d not supported!\n", nfsvers);
return 0;
@@ -508,6 +546,9 @@ retry_udp:
printf("tcp = %d\n",
(data.flags & NFS_MOUNT_TCP) != 0);
#endif
+#if NFS_MOUNT_VERSION >= 5
+ printf("sec = %u\n", data.pseudoflavor);
+#endif
#endif
data.version = nfs_mount_version;
@@ -715,6 +756,30 @@ retry_udp:
nfs_strerror(status.nfsv3.fhs_status));
goto fail;
}
+#if NFS_MOUNT_VERSION >= 5
+ if (data.pseudoflavor) {
+ mountres3_ok *mountres = &status.nfsv3.mountres3_u.mountinfo;
+ int i = mountres->auth_flavours.auth_flavours_len;
+
+ if (i > 0) {
+ int *flavor = mountres->auth_flavours.auth_flavours_val;
+ while (--i >= 0) {
+ if (flavor[i] == data.pseudoflavor) {
+ break;
+ }
+ }
+
+ if (i < 0) {
+ fprintf(stderr,
+ "mount: %s:%s failed, security flavor not supported\n",
+ hostname, dirname);
+ mountproc3_umnt_3(&dirname,mclient);
+ goto fail;
+ }
+ }
+ }
+#endif
+
fhandle = &status.nfsv3.mountres3_u.mountinfo.fhandle;
memset(data.old_root.data, 0, NFS_FHSIZE);
memset(&data.root, 0, sizeof(data.root));