[Midnightbsd-cvs] src [10372] trunk/usr.sbin/nfsuserd/nfsuserd.c: sync with freebsd
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jun 3 19:17:01 EDT 2018
Revision: 10372
http://svnweb.midnightbsd.org/src/?rev=10372
Author: laffer1
Date: 2018-06-03 19:17:01 -0400 (Sun, 03 Jun 2018)
Log Message:
-----------
sync with freebsd
Modified Paths:
--------------
trunk/usr.sbin/nfsuserd/Makefile
trunk/usr.sbin/nfsuserd/nfsuserd.8
trunk/usr.sbin/nfsuserd/nfsuserd.c
Property Changed:
----------------
trunk/usr.sbin/nfsuserd/nfsuserd.8
Modified: trunk/usr.sbin/nfsuserd/Makefile
===================================================================
--- trunk/usr.sbin/nfsuserd/Makefile 2018-06-03 23:16:31 UTC (rev 10371)
+++ trunk/usr.sbin/nfsuserd/Makefile 2018-06-03 23:17:01 UTC (rev 10372)
@@ -1,4 +1,5 @@
# $MidnightBSD$
+# $FreeBSD: stable/10/usr.sbin/nfsuserd/Makefile 193070 2009-05-29 22:19:45Z delphij $
PROG= nfsuserd
MAN= nfsuserd.8
Modified: trunk/usr.sbin/nfsuserd/nfsuserd.8
===================================================================
--- trunk/usr.sbin/nfsuserd/nfsuserd.8 2018-06-03 23:16:31 UTC (rev 10371)
+++ trunk/usr.sbin/nfsuserd/nfsuserd.8 2018-06-03 23:17:01 UTC (rev 10372)
@@ -1,3 +1,4 @@
+.\" $MidnightBSD$
.\" Copyright (c) 2009 Rick Macklem, University of Guelph
.\" All rights reserved.
.\"
@@ -22,9 +23,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $MidnightBSD$
+.\" $FreeBSD: stable/10/usr.sbin/nfsuserd/nfsuserd.8 321175 2017-07-18 20:46:29Z rmacklem $
.\"
-.Dd April 25, 2009
+.Dd July 4, 2017
.Dt NFSUSERD 8
.Os
.Sh NAME
@@ -31,7 +32,7 @@
.Nm nfsuserd
.Nd load user and group information into the kernel for
.Tn NFSv4
-services
+services plus support manage-gids for all NFS versions
.Sh SYNOPSIS
.Nm nfsuserd
.Op Fl domain Ar domain_name
@@ -39,11 +40,14 @@
.Op Fl usermax Ar max_cache_size
.Op Fl verbose
.Op Fl force
+.Op Fl manage-gids
.Op Ar num_servers
.Sh DESCRIPTION
.Nm
loads user and group information into the kernel for NFSv4.
It must be running for NFSv4 to function correctly, either client or server.
+It also provides support for manage-gids and must be running on the server if
+this is being used for any version of NFS.
.Pp
Upon startup, it loads the machines DNS domain name, plus timeout and
cache size limit into the kernel. It then preloads the cache with group
@@ -61,8 +65,8 @@
reported by
.Xr getaddrinfo 3 .
.It Fl usertimeout Ar minutes
-Overrides the default timeout for cache entries, in minutes. If the
-timeout is specified as 0, cache entries never time out. The longer the
+Overrides the default timeout for cache entries, in minutes.
+The longer the
time out, the better the performance, but the longer it takes for replaced
entries to be seen. If your user/group database management system almost
never re-uses the same names or id numbers, a large timeout is recommended.
@@ -79,6 +83,15 @@
This flag option must be set to restart the daemon after it has gone away
abnormally and refuses to start, because it thinks nfsuserd is already
running.
+.It Fl manage-gids
+This flag enables manage-gids for the NFS server
+.Xr nfsd 8 .
+When this is enabled, all NFS requests using
+AUTH_SYS authentication take the uid from the RPC request
+and uses the group list for that uid provided by
+.Xr getgrouplist 3
+on the server instead of the list of groups provided in the RPC authenticator.
+This can be used to avoid the 16 group limit for AUTH_SYS.
.It Ar num_servers
Specifies how many servers to create (max 20).
The default of 4 may be sufficient. You should run enough servers, so that
@@ -89,8 +102,9 @@
such as a process table entry and swap space.
.El
.Sh SEE ALSO
+.Xr getgrent 3 ,
+.Xr getgrouplist 3 ,
.Xr getpwent 3 ,
-.Xr getgrent 3 ,
.Xr nfsv4 4 ,
.Xr group 5 ,
.Xr passwd 5 ,
@@ -103,7 +117,8 @@
The
.Nm
use
-.Xr getgrent 3
+.Xr getgrent 3 ,
+.Xr getgrouplist 3
and
.Xr getpwent 3
library calls to resolve requests and will hang if the servers handling
@@ -112,3 +127,9 @@
and
.Xr passwd 5
for more information on how the databases are accessed.
+.Pp
+Since the kernel communicates with the
+.Nm
+daemon via an upcall that uses the IP address 127.0.0.1, it does not work correctly when
+.Xr jail 8
+are used and can crash the system.
Property changes on: trunk/usr.sbin/nfsuserd/nfsuserd.8
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/usr.sbin/nfsuserd/nfsuserd.c
===================================================================
--- trunk/usr.sbin/nfsuserd/nfsuserd.c 2018-06-03 23:16:31 UTC (rev 10371)
+++ trunk/usr.sbin/nfsuserd/nfsuserd.c 2018-06-03 23:17:01 UTC (rev 10372)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2009 Rick Macklem, University of Guelph
* All rights reserved.
@@ -26,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__MBSDID("$MidnightBSD$");
+__FBSDID("$FreeBSD: stable/10/usr.sbin/nfsuserd/nfsuserd.c 317920 2017-05-07 20:50:32Z rmacklem $");
#include <sys/param.h>
#include <sys/errno.h>
@@ -88,11 +89,11 @@
u_char *dnsname = "default.domain";
u_char *defaultuser = "nobody";
-uid_t defaultuid = (uid_t)32767;
+uid_t defaultuid = 65534;
u_char *defaultgroup = "nogroup";
-gid_t defaultgid = (gid_t)32767;
+gid_t defaultgid = 65533;
int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0;
-int defusertimeout = DEFUSERTIMEOUT;
+int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0;
pid_t slaves[MAXNFSUSERD];
int
@@ -110,6 +111,8 @@
char hostname[MAXHOSTNAMELEN + 1], *cp;
struct addrinfo *aip, hints;
static uid_t check_dups[MAXUSERMAX];
+ gid_t grps[NGROUPS];
+ int ngroup;
if (modfind("nfscommon") < 0) {
/* Not present in kernel, try loading it */
@@ -160,6 +163,8 @@
verbose = 1;
} else if (!strcmp(*argv, "-force")) {
forcestart = 1;
+ } else if (!strcmp(*argv, "-manage-gids")) {
+ manage_gids = 1;
} else if (!strcmp(*argv, "-usermax")) {
if (argc == 1)
usage();
@@ -297,12 +302,14 @@
nid.nid_gid = defaultgid;
nid.nid_name = dnsname;
nid.nid_namelen = strlen(nid.nid_name);
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
nid.nid_flag = NFSID_INITIALIZE;
#ifdef DEBUG
printf("Initialize uid=%d gid=%d dns=%s\n", nid.nid_uid, nid.nid_gid,
nid.nid_name);
#else
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error)
errx(1, "Can't initialize nfs user/groups");
#endif
@@ -316,11 +323,13 @@
nid.nid_gid = grp->gr_gid;
nid.nid_name = grp->gr_name;
nid.nid_namelen = strlen(grp->gr_name);
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
nid.nid_flag = NFSID_ADDGID;
#ifdef DEBUG
printf("add gid=%d name=%s\n", nid.nid_gid, nid.nid_name);
#else
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error)
errx(1, "Can't add group %s", grp->gr_name);
#endif
@@ -352,11 +361,23 @@
nid.nid_uid = pwd->pw_uid;
nid.nid_name = pwd->pw_name;
nid.nid_namelen = strlen(pwd->pw_name);
+ if (manage_gids != 0) {
+ /* Get the group list for this user. */
+ ngroup = NGROUPS;
+ if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
+ &ngroup) < 0)
+ syslog(LOG_ERR, "Group list too small");
+ nid.nid_ngroup = ngroup;
+ nid.nid_grps = grps;
+ } else {
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
+ }
nid.nid_flag = NFSID_ADDUID;
#ifdef DEBUG
printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name);
#else
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error)
errx(1, "Can't add user %s", pwd->pw_name);
#endif
@@ -439,6 +460,8 @@
struct info info;
struct nfsd_idargs nid;
u_int32_t saddr;
+ gid_t grps[NGROUPS];
+ int ngroup;
/*
* Only handle requests from 127.0.0.1 on a reserved port number.
@@ -472,14 +495,28 @@
nid.nid_usertimeout = defusertimeout;
nid.nid_uid = pwd->pw_uid;
nid.nid_name = pwd->pw_name;
+ if (manage_gids != 0) {
+ /* Get the group list for this user. */
+ ngroup = NGROUPS;
+ if (getgrouplist(pwd->pw_name, pwd->pw_gid,
+ grps, &ngroup) < 0)
+ syslog(LOG_ERR, "Group list too small");
+ nid.nid_ngroup = ngroup;
+ nid.nid_grps = grps;
+ } else {
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
+ }
} else {
nid.nid_usertimeout = 5;
nid.nid_uid = (uid_t)info.id;
nid.nid_name = defaultuser;
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
}
nid.nid_namelen = strlen(nid.nid_name);
nid.nid_flag = NFSID_ADDUID;
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error) {
info.retval = error;
syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name);
@@ -509,8 +546,10 @@
nid.nid_name = defaultgroup;
}
nid.nid_namelen = strlen(nid.nid_name);
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
nid.nid_flag = NFSID_ADDGID;
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error) {
info.retval = error;
syslog(LOG_ERR, "Can't add group %s\n",
@@ -541,8 +580,10 @@
nid.nid_name = info.name;
}
nid.nid_namelen = strlen(nid.nid_name);
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
nid.nid_flag = NFSID_ADDUSERNAME;
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error) {
info.retval = error;
syslog(LOG_ERR, "Can't add user %s\n", pwd->pw_name);
@@ -572,8 +613,10 @@
nid.nid_name = info.name;
}
nid.nid_namelen = strlen(nid.nid_name);
+ nid.nid_ngroup = 0;
+ nid.nid_grps = NULL;
nid.nid_flag = NFSID_ADDGROUPNAME;
- error = nfssvc(NFSSVC_IDNAME, &nid);
+ error = nfssvc(NFSSVC_IDNAME | NFSSVC_NEWSTRUCT, &nid);
if (error) {
info.retval = error;
syslog(LOG_ERR, "Can't add group %s\n",
@@ -679,5 +722,5 @@
{
errx(1,
- "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-domain domain_name] [n]");
+ "usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]");
}
More information about the Midnightbsd-cvs
mailing list