merge 651558 684416
tags 651558 patch
thanks
Hi all!
I have prepared a patch that should fix this bug. It actually moves the
init part of rpc.svcgssd from nfs-kernel-server into nfs-common.
I have not added any break/replace field to debian/control but it
should be necessary (as well a notice of the change).
Now a small comment about the patch. Since the default configuration of
rpc.svcgssd is moved from /etc/default/nfs-kernel-server into
/etc/default/nfs-common, to avoid breaking server at upgrade, I have
implemented a small hack that sources /etc/default/nfs-kernel-server
when starting nfs-common if the case of:
1- statement about rpc.svcgssd are untouched in /etc/default/nfs-common
AND
2- there is a file /etc/default/nfs-kernel-server that contains
statement about rpc.svcgssd
Maybe this is really too hackish but I could not think of a better solution.
Please review/comment
Cheers,
Nicolas Bourdaud
From 2e4c1cdecb575857bb32ae57d2d918de6de9d127 Mon Sep 17 00:00:00 2001
From: Nicolas Bourdaud nicolas.bourd...@gmail.com
Date: Sat, 29 Sep 2012 00:08:24 +0200
Subject: [PATCH] Move init script for rpc.svcgssd into nfs-common
---
debian/nfs-common.default |8 +
debian/nfs-common.init| 64 +
debian/nfs-common.manpages|1 +
debian/nfs-kernel-server.default |7
debian/nfs-kernel-server.init | 25 ---
debian/nfs-kernel-server.manpages |1 -
6 files changed, 73 insertions(+), 33 deletions(-)
diff --git a/debian/nfs-common.default b/debian/nfs-common.default
index 0e373e6..0abaf03 100644
--- a/debian/nfs-common.default
+++ b/debian/nfs-common.default
@@ -16,4 +16,12 @@ STATDOPTS=
NEED_IDMAPD=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+# It is also necessary for a server exporting Kerberos mounts of NFSv4.
NEED_GSSD=
+
+# Do you want to start the svcgssd daemon? It is required for NFSv4 delegations
+# with Kerberos mounts or by a server exporting Kerberos mounts.
+NEED_SVCGSSD=
+
+# Options for rpc.svcgssd
+#RPCSVCGSSDOPTS=
diff --git a/debian/nfs-common.init b/debian/nfs-common.init
index 4076e31..fe5e238 100644
--- a/debian/nfs-common.init
+++ b/debian/nfs-common.init
@@ -17,16 +17,27 @@ DESC=NFS common utilities
# Read config
DEFAULTFILE=/etc/default/nfs-common
+DEFAULTSERVERFILE=/etc/default/nfs-kernel-server
PREFIX=
NEED_STATD=
NEED_IDMAPD=
NEED_GSSD=
+NEED_SVCGSSD=
PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs
RPCGSSDOPTS=
+RPCSVCGSSDOPTS=
if [ -f $DEFAULTFILE ]; then
. $DEFAULTFILE
fi
+# Search default configuration of svcgssd in server configuration if none is
+# specified. Since svcgssd configuration has moved from nfs-kernel-server into
+# nfs-common, we can this way propagate the configuration and avoid breaking
+# at upgrade systems that use it.
+if [ -z $NEED_SVCGSSD ] [ -f $DEFAULTSERVERFILE ] ; then
+. $DEFAULTSERVERFILE
+fi
+
. /lib/lsb/init-functions
# Exit if required binaries are missing.
@@ -39,6 +50,7 @@ fi
#
AUTO_NEED_IDMAPD=no
AUTO_NEED_GSSD=no
+AUTO_NEED_SVCGSSD=no
if [ -f /etc/fstab ]; then
exec 90 /etc/fstab
@@ -58,6 +70,8 @@ if [ -f /etc/fstab ]; then
sec=krb5|*,sec=krb5|sec=krb5,*|*,sec=krb5i,*|sec=krb5i|*,sec=krb5i|sec=krb5i,*|*,sec=krb5i,*|sec=krb5p|*,sec=krb5p|sec=krb5p,*|*,sec=krb5p,*)
AUTO_NEED_GSSD=yes
+ # rpc.svcgssd necessary for NFSv4 delegation with kerberos
+AUTO_NEED_SVCGSSD=yes
;;
esac
done
@@ -78,6 +92,16 @@ if [ -f /etc/exports ] grep -q '^[[:space:]]*[^#]*/' /etc/exports; then
AUTO_NEED_IDMAPD=yes
fi
+# Both svcgssd and gssd are necessary if we run an NFSv4 server using
+# kerberos. We detect the NFSv4 using the same trick as before. The guess on
+# whether it is using Kerberos or not is based on whether find a krb5 string
+# in a uncommented line.
+if [ -f /etc/exports ] grep -q -E '^[[:space:]]*[^#].*krb5/' /etc/exports; then
+AUTO_NEED_GSSD=yes
+AUTO_NEED_SVCGSSD=yes
+fi
+
+
case $NEED_STATD in
yes|no)
;;
@@ -102,6 +126,14 @@ case $NEED_GSSD in
;;
esac
+case $NEED_SVCGSSD in
+yes|no)
+;;
+*)
+NEED_SVCGSSD=$AUTO_NEED_SVCGSSD
+ ;;
+esac
+
do_modprobe() {
if [ -x /sbin/modprobe -a -f /proc/modules ]
then
@@ -206,6 +238,18 @@ case $1 in
exit $RET
fi
fi
+if [ $NEED_SVCGSSD = yes ]
+then
+do_modprobe rpcsec_gss_krb5
+log_progress_msg svcgssd
+start-stop-daemon --start --oknodo --quiet \
+--exec /usr/sbin/rpc.svcgssd -- $RPCSVCGSSDOPTS
+RET=$?
+if [ $RET != 0 ]; then
+log_end_msg $RET
+exit $RET
+fi
+fi
fi
fi
log_end_msg 0
@@ -214,6