Apply changes to the experimental nfs server so that it uses the security

flavors as exported in FreeBSD-CURRENT. This allows it to use a
slightly modified mountd.c instead of a different utility.

Approved by:	kib (mentor)

4 files changed, 11 insertions, 17 deletions

diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h
index b9d030f..14656a5 100644
--- a/sys/fs/nfs/nfs.h
+++ b/sys/fs/nfs/nfs.h
@@ -580,7 +580,6 @@ struct nfsrv_descript {
 	u_int64_t		nd_compref;	/* Compound RPC ref# */
 	time_t			nd_tcpconntime;	/* Time TCP connection est. */
 	nfsquad_t		nd_clientid;	/* Implied clientid */
-	int			nd_credflavor;	/* credential flavor */
 	int			nd_gssnamelen;	/* principal name length */
 	char			*nd_gssname;	/* principal name */
 };
@@ -608,8 +607,11 @@ struct nfsrv_descript {
 #define	ND_V4WCCATTR		0x00010000
 #define	ND_NFSCB		0x00020000
 #define	ND_AUTHNONE		0x00040000
-#define	ND_EXGSSONLY		0x00080000
-#define	ND_INCRSEQID		0x00100000
+#define	ND_EXAUTHSYS		0x00080000
+#define	ND_EXGSS		0x00100000
+#define	ND_EXGSSINTEGRITY	0x00200000
+#define	ND_EXGSSPRIVACY		0x00400000
+#define	ND_INCRSEQID		0x00800000
 
 /*
  * ND_GSS should be the "or" of all GSS type authentications.
@@ -631,11 +633,6 @@ struct nfsv4_opflag {
 #define	NFSRVSEQID_OPEN		0x04
 
 /*
- * MNT_EXGSSONLY is the Or of all the EXGSS bits.
- */
-#define	MNT_EXGSSONLY		MNT_EXGSSKRB5
-
-/*
  * assign a doubly linked list to a new head
  * and prepend one list into another.
  */
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index 0f545a3..27465e8 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -306,6 +306,7 @@ int nfsrv_putreferralattr(struct nfsrv_descript *, nfsattrbit_t *,
 int nfsrv_parsename(struct nfsrv_descript *, char *, u_long *,
     NFSPATHLEN_T *);
 void nfsd_init(void);
+int nfsd_checkrootexp(struct nfsrv_descript *);
 
 /* nfs_clvfsops.c */
 
@@ -575,6 +576,7 @@ int nfsvno_advlock(vnode_t, int, u_int64_t, u_int64_t, NFSPROC_T *);
 void nfsvno_unlockvfs(mount_t);
 int nfsvno_lockvfs(mount_t);
 int nfsrv_v4rootexport(void *, struct ucred *, NFSPROC_T *);
+int nfsvno_testexp(struct nfsrv_descript *, struct nfsexstuff *);
 
 /* nfs_commonkrpc.c */
 int newnfs_nmcancelreqs(struct nfsmount *);
diff --git a/sys/fs/nfs/nfsdport.h b/sys/fs/nfs/nfsdport.h
index f8ee445..42dbe08 100644
--- a/sys/fs/nfs/nfsdport.h
+++ b/sys/fs/nfs/nfsdport.h
@@ -52,8 +52,10 @@
  * needs to be returned by nfsd_fhtovp().
  */
 struct nfsexstuff {
-	int	nes_vfslocked;	/* required for all ports */
-	int	nes_exflag;
+	int	nes_vfslocked;			/* required for all ports */
+	int	nes_exflag;			/* export flags */
+	int	nes_numsecflavor;		/* # of security flavors */
+	int	nes_secflavors[MAXSECFLAVORS];	/* and the flavors */
 };
 
 #define	NFSVNO_EXINIT(e)		((e)->nes_exflag = 0)
@@ -61,11 +63,9 @@ struct nfsexstuff {
 #define	NFSVNO_EXRDONLY(e)		((e)->nes_exflag & MNT_EXRDONLY)
 #define	NFSVNO_EXPORTANON(e)		((e)->nes_exflag & MNT_EXPORTANON)
 #define	NFSVNO_EXSTRICTACCESS(e)	((e)->nes_exflag & MNT_EXSTRICTACCESS)
-#define	NFSVNO_EXGSSONLY(e)		((e)->nes_exflag & MNT_EXGSSONLY)
 #define	NFSVNO_EXV4ONLY(e)		((e)->nes_exflag & MNT_EXV4ONLY)
 
 #define	NFSVNO_SETEXRDONLY(e)	((e)->nes_exflag = (MNT_EXPORTED|MNT_EXRDONLY))
-#define	NFSVNO_SETEXGSSONLY(e)		((e)->nes_exflag |= MNT_EXGSSONLY)
 
 #define	NFSVNO_CMPFH(f1, f2)						\
     ((f1)->fh_fsid.val[0] == (f2)->fh_fsid.val[0] &&			\
diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h
index c1c93a5..5faade9 100644
--- a/sys/fs/nfs/nfsport.h
+++ b/sys/fs/nfs/nfsport.h
@@ -645,11 +645,6 @@ struct nfsex_args {
 };
 
 /*
- * Define these here, so they don't have to be in mount.h, for now.
- */
-#define	MNT_EXGSSKRB5	MNT_EXKERB
-
-/*
  * These export flags should be defined, but there are no bits left.
  * Maybe a separate mnt_exflag field could be added or the mnt_flag
  * field increased to 64 bits?