diff options
author | neilbrown <neilbrown> | 2004-09-15 01:58:37 +0000 |
---|---|---|
committer | neilbrown <neilbrown> | 2004-09-15 01:58:37 +0000 |
commit | 553caba3865667724291106d919e7c3fdf9534aa (patch) | |
tree | 3540d319d70f7fa3d5c6e05c1c2ce24e4bdc85ac /utils/exportfs | |
parent | fcb905a5392c31a4c31e7d9e616e691d61358731 (diff) | |
download | nfs-utils-553caba3865667724291106d919e7c3fdf9534aa.tar.gz nfs-utils-553caba3865667724291106d919e7c3fdf9534aa.tar.xz nfs-utils-553caba3865667724291106d919e7c3fdf9534aa.zip |
Prepare to support gss authentication and idmap looks for nfsv4
Diffstat (limited to 'utils/exportfs')
-rw-r--r-- | utils/exportfs/exportfs.c | 66 | ||||
-rw-r--r-- | utils/exportfs/exports.man | 5 |
2 files changed, 43 insertions, 28 deletions
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index b4f0226..fdf5369 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -146,10 +146,43 @@ main(int argc, char **argv) return export_errno; } +static void +exports_update_one(nfs_export *exp, int verbose) +{ + /* check mountpoint option */ + if (exp->m_mayexport && + exp->m_export.e_mountpoint && + !is_mountpoint(exp->m_export.e_mountpoint[0]? + exp->m_export.e_mountpoint: + exp->m_export.e_path)) { + printf("%s not exported as %s not a mountpoint.\n", + exp->m_export.e_path, exp->m_export.e_mountpoint); + exp->m_mayexport = 0; + } + if (exp->m_mayexport && ((exp->m_exported<1) || exp->m_changed)) { + if (verbose) + printf("%sexporting %s:%s to kernel\n", + exp->m_exported ?"re":"", + exp->m_client->m_hostname, + exp->m_export.e_path); + if (!export_export(exp)) + error(exp, errno); + } + if (exp->m_exported && ! exp->m_mayexport) { + if (verbose) + printf("unexporting %s:%s from kernel\n", + exp->m_client->m_hostname, + exp->m_export.e_path); + if (!export_unexport(exp)) + error(exp, errno); + } +} + + /* we synchronise intention with reality. * entries with m_mayexport get exported * entries with m_exported but not m_mayexport get unexported - * looking at m_client->m_type == MCL_FQDN only + * looking at m_client->m_type == MCL_FQDN and m_client->m_type == MCL_GSS only */ static void exports_update(int verbose) @@ -157,33 +190,10 @@ exports_update(int verbose) nfs_export *exp; for (exp = exportlist[MCL_FQDN]; exp; exp=exp->m_next) { - /* check mountpoint option */ - if (exp->m_mayexport && - exp->m_export.e_mountpoint && - !is_mountpoint(exp->m_export.e_mountpoint[0]? - exp->m_export.e_mountpoint: - exp->m_export.e_path)) { - printf("%s not exported as %s not a mountpoint.\n", - exp->m_export.e_path, exp->m_export.e_mountpoint); - exp->m_mayexport = 0; - } - if (exp->m_mayexport && ((exp->m_exported<1) || exp->m_changed)) { - if (verbose) - printf("%sexporting %s:%s to kernel\n", - exp->m_exported ?"re":"", - exp->m_client->m_hostname, - exp->m_export.e_path); - if (!export_export(exp)) - error(exp, errno); - } - if (exp->m_exported && ! exp->m_mayexport) { - if (verbose) - printf("unexporting %s:%s from kernel\n", - exp->m_client->m_hostname, - exp->m_export.e_path); - if (!export_unexport(exp)) - error(exp, errno); - } + exports_update_one(exp, verbose); + } + for (exp = exportlist[MCL_GSS]; exp; exp=exp->m_next) { + exports_update_one(exp, verbose); } } diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index 034a896..7a032bc 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -79,6 +79,11 @@ may work by accident when reverse DNS lookups fail. '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +.SS RPCSEC_GSS security +To restrict access to an export using rpcsec_gss security, use the special +string "gss/krb5" as the client. It is not possible to simultaneously require +rpcsec_gss and to make requirements on the IP address of the client. +.PP .SS General Options .IR exportfs understands the following export options: |