walters / rpms / nfs-utils

Forked from rpms/nfs-utils 6 years ago
Clone
88a0551
diff --git a/configure.ac b/configure.ac
88a0551
index 518b6d8..d90a88f 100644
88a0551
--- a/configure.ac
88a0551
+++ b/configure.ac
88a0551
@@ -425,6 +425,8 @@ AC_CONFIG_FILES([
88a0551
 	tools/nlmtest/Makefile
88a0551
 	tools/rpcdebug/Makefile
88a0551
 	tools/rpcgen/Makefile
88a0551
+	tools/mountstats/Makefile
88a0551
+	tools/nfs-iostat/Makefile
88a0551
 	utils/Makefile
88a0551
 	utils/exportfs/Makefile
88a0551
 	utils/gssd/Makefile
88a0551
diff --git a/support/export/client.c b/support/export/client.c
88a0551
index 5e937b0..6a25928 100644
88a0551
--- a/support/export/client.c
88a0551
+++ b/support/export/client.c
88a0551
@@ -32,11 +32,26 @@ extern int	innetgr(char *netgr, char *host, char *, char *);
88a0551
 static char	*add_name(char *old, const char *add);
88a0551
 static void	client_init(nfs_client *clp, const char *hname,
88a0551
 					struct hostent *hp);
88a0551
-static int	client_checkaddr(nfs_client *clp, struct in_addr addr);
88a0551
 
88a0551
 nfs_client	*clientlist[MCL_MAXTYPES] = { NULL, };
88a0551
 
88a0551
 
88a0551
+static void
88a0551
+init_addrlist(nfs_client *clp, const struct hostent *hp)
88a0551
+{
88a0551
+	char **ap;
88a0551
+	int i;
88a0551
+
88a0551
+	if (hp == NULL)
88a0551
+		return;
88a0551
+
88a0551
+	ap = hp->h_addr_list;
88a0551
+	for (i = 0; *ap != NULL && i < NFSCLNT_ADDRMAX; i++, ap++)
88a0551
+		clp->m_addrlist[i] = *(struct in_addr *)*ap;
88a0551
+
88a0551
+	clp->m_naddr = i;
88a0551
+}
88a0551
+
88a0551
 /* if canonical is set, then we *know* this is already a canonical name
88a0551
  * so hostname lookup is avoided.
88a0551
  * This is used when reading /proc/fs/nfs/exports
88a0551
@@ -97,14 +112,8 @@ client_lookup(char *hname, int canonical)
88a0551
 		client_add(clp);
88a0551
 	}
88a0551
 
88a0551
-	if (htype == MCL_FQDN && clp->m_naddr == 0 && hp != NULL) {
88a0551
-		char	**ap = hp->h_addr_list;
88a0551
-		int	i;
88a0551
-
88a0551
-		for (i = 0; *ap && i < NFSCLNT_ADDRMAX; i++, ap++)
88a0551
-			clp->m_addrlist[i] = *(struct in_addr *)*ap;
88a0551
-		clp->m_naddr = i;
88a0551
-	}
88a0551
+	if (htype == MCL_FQDN && clp->m_naddr == 0)
88a0551
+		init_addrlist(clp, hp);
88a0551
 
88a0551
 	if (hp)
88a0551
 		free (hp);
88a0551
@@ -138,6 +147,7 @@ client_init(nfs_client *clp, const char *hname, struct hostent *hp)
88a0551
 
88a0551
 	clp->m_exported = 0;
88a0551
 	clp->m_count = 0;
88a0551
+	clp->m_naddr = 0;
88a0551
 
88a0551
 	if (clp->m_type == MCL_SUBNETWORK) {
88a0551
 		char	*cp = strchr(clp->m_hostname, '/');
88a0551
@@ -161,18 +171,10 @@ client_init(nfs_client *clp, const char *hname, struct hostent *hp)
88a0551
 			}
88a0551
 		}
88a0551
 		*cp = '/';
88a0551
-		clp->m_naddr = 0;
88a0551
-	} else if (!hp) {
88a0551
-		clp->m_naddr = 0;
88a0551
-	} else {
88a0551
-		char	**ap = hp->h_addr_list;
88a0551
-		int	i;
88a0551
-
88a0551
-		for (i = 0; *ap && i < NFSCLNT_ADDRMAX; i++, ap++) {
88a0551
-			clp->m_addrlist[i] = *(struct in_addr *)*ap;
88a0551
-		}
88a0551
-		clp->m_naddr = i;
88a0551
+		return;
88a0551
 	}
88a0551
+	
88a0551
+	init_addrlist(clp, hp);
88a0551
 }
88a0551
 
88a0551
 void
88a0551
@@ -329,101 +331,158 @@ add_name(char *old, const char *add)
88a0551
 }
88a0551
 
88a0551
 /*
88a0551
- * Match a host (given its hostent record) to a client record. This
88a0551
- * is usually called from mountd.
88a0551
+ * Check each address listed in @hp against each address
88a0551
+ * stored in @clp.  Return 1 if a match is found, otherwise
88a0551
+ * zero.
88a0551
  */
88a0551
-int
88a0551
-client_check(nfs_client *clp, struct hostent *hp)
88a0551
+static int
88a0551
+check_fqdn(const nfs_client *clp, const struct hostent *hp)
88a0551
 {
88a0551
-	char	*hname = (char *) hp->h_name;
88a0551
-	char	*cname = clp->m_hostname;
88a0551
-	char	**ap;
88a0551
+	struct in_addr addr;
88a0551
+	char **ap;
88a0551
+	int i;
88a0551
 
88a0551
-	switch (clp->m_type) {
88a0551
-	case MCL_FQDN:
88a0551
-	case MCL_SUBNETWORK:
88a0551
-		for (ap = hp->h_addr_list; *ap; ap++) {
88a0551
-			if (client_checkaddr(clp, *(struct in_addr *) *ap))
88a0551
-				return 1;
88a0551
-		}
88a0551
-		return 0;
88a0551
-	case MCL_WILDCARD:
88a0551
-		if (wildmat(hname, cname))
88a0551
-			return 1;
88a0551
-		else {
88a0551
-			for (ap = hp->h_aliases; *ap; ap++)
88a0551
-				if (wildmat(*ap, cname))
88a0551
-					return 1;
88a0551
-		}
88a0551
-		return 0;
88a0551
-	case MCL_NETGROUP:
88a0551
-#ifdef HAVE_INNETGR
88a0551
-		{
88a0551
-			char	*dot;
88a0551
-			int	match, i;
88a0551
-			struct hostent *nhp = NULL;
88a0551
-			struct sockaddr_in addr;
88a0551
-
88a0551
-			/* First, try to match the hostname without
88a0551
-			 * splitting off the domain */
88a0551
-			if (innetgr(cname+1, hname, NULL, NULL))
88a0551
+	for (ap = hp->h_addr_list; *ap; ap++) {
88a0551
+		addr = *(struct in_addr *)*ap;
88a0551
+
88a0551
+		for (i = 0; i < clp->m_naddr; i++)
88a0551
+			if (clp->m_addrlist[i].s_addr == addr.s_addr)
88a0551
 				return 1;
88a0551
+	}
88a0551
+	return 0;
88a0551
+}
88a0551
 
88a0551
-			/* try the aliases as well */
88a0551
-			for (i = 0; hp->h_aliases[i]; i++) {
88a0551
-				if (innetgr(cname+1, hp->h_aliases[i], NULL, NULL))
88a0551
-					return 1;
88a0551
-			}
88a0551
+/*
88a0551
+ * Check each address listed in @hp against the subnetwork or
88a0551
+ * host address stored in @clp.  Return 1 if an address in @hp
88a0551
+ * matches the host address stored in @clp, otherwise zero.
88a0551
+ */
88a0551
+static int
88a0551
+check_subnetwork(const nfs_client *clp, const struct hostent *hp)
88a0551
+{
88a0551
+	struct in_addr addr;
88a0551
+	char **ap;
88a0551
 
88a0551
-			/* If hname is ip address convert to FQDN */
88a0551
-			if (inet_aton(hname, &addr.sin_addr) &&
88a0551
-			   (nhp = gethostbyaddr((const char *)&(addr.sin_addr),
88a0551
-			    sizeof(addr.sin_addr), AF_INET))) {
88a0551
-				hname = (char *)nhp->h_name;
88a0551
-				if (innetgr(cname+1, hname, NULL, NULL))
88a0551
-					return 1;
88a0551
-			}
88a0551
+	for (ap = hp->h_addr_list; *ap; ap++) {
88a0551
+		addr = *(struct in_addr *)*ap;
88a0551
 
88a0551
-			/* Okay, strip off the domain (if we have one) */
88a0551
-			if ((dot = strchr(hname, '.')) == NULL)
88a0551
-				return 0;
88a0551
+		if (!((clp->m_addrlist[0].s_addr ^ addr.s_addr) &
88a0551
+		      clp->m_addrlist[1].s_addr))
88a0551
+			return 1;
88a0551
+	}
88a0551
+	return 0;
88a0551
+}
88a0551
 
88a0551
-			*dot = '\0';
88a0551
-			match = innetgr(cname+1, hname, NULL, NULL);
88a0551
-			*dot = '.';
88a0551
+/*
88a0551
+ * Check if a wildcard nfs_client record matches the canonical name
88a0551
+ * or the aliases of a host.  Return 1 if a match is found, otherwise
88a0551
+ * zero.
88a0551
+ */
88a0551
+static int
88a0551
+check_wildcard(const nfs_client *clp, const struct hostent *hp)
88a0551
+{
88a0551
+	char *cname = clp->m_hostname;
88a0551
+	char *hname = hp->h_name;
88a0551
+	char **ap;
88a0551
 
88a0551
-			return match;
88a0551
-		}
88a0551
-#else
88a0551
-		return 0;
88a0551
-#endif
88a0551
-	case MCL_ANONYMOUS:
88a0551
+	if (wildmat(hname, cname))
88a0551
 		return 1;
88a0551
-	case MCL_GSS:
88a0551
-		return 0;
88a0551
-	default:
88a0551
-		xlog(L_FATAL, "internal: bad client type %d", clp->m_type);
88a0551
+
88a0551
+	/* See if hname aliases listed in /etc/hosts or nis[+]
88a0551
+	 * match the requested wildcard */
88a0551
+	for (ap = hp->h_aliases; *ap; ap++) {
88a0551
+		if (wildmat(*ap, cname))
88a0551
+			return 1;
88a0551
 	}
88a0551
 
88a0551
 	return 0;
88a0551
 }
88a0551
 
88a0551
+/*
88a0551
+ * Check if @hp's hostname or aliases fall in a given netgroup.
88a0551
+ * Return 1 if @hp represents a host in the netgroup, otherwise zero.
88a0551
+ */
88a0551
+#ifdef HAVE_INNETGR
88a0551
+static int
88a0551
+check_netgroup(const nfs_client *clp, const struct hostent *hp)
88a0551
+{
88a0551
+	const char *netgroup = clp->m_hostname + 1;
88a0551
+	const char *hname = hp->h_name;
88a0551
+	struct hostent *nhp = NULL;
88a0551
+	struct sockaddr_in addr;
88a0551
+	int match, i;
88a0551
+	char *dot;
88a0551
+
88a0551
+	/* First, try to match the hostname without
88a0551
+	 * splitting off the domain */
88a0551
+	if (innetgr(netgroup, hname, NULL, NULL))
88a0551
+		return 1;
88a0551
+
88a0551
+	/* See if hname aliases listed in /etc/hosts or nis[+]
88a0551
+	 * match the requested netgroup */
88a0551
+	for (i = 0; hp->h_aliases[i]; i++) {
88a0551
+		if (innetgr(netgroup, hp->h_aliases[i], NULL, NULL))
88a0551
+			return 1;
88a0551
+	}
88a0551
+
88a0551
+	/* If hname is ip address convert to FQDN */
88a0551
+	if (inet_aton(hname, &addr.sin_addr) &&
88a0551
+	   (nhp = gethostbyaddr((const char *)&(addr.sin_addr),
88a0551
+	    sizeof(addr.sin_addr), AF_INET))) {
88a0551
+		hname = nhp->h_name;
88a0551
+		if (innetgr(netgroup, hname, NULL, NULL))
88a0551
+			return 1;
88a0551
+	}
88a0551
+
88a0551
+	/* Okay, strip off the domain (if we have one) */
88a0551
+	dot = strchr(hname, '.');
88a0551
+	if (dot == NULL)
88a0551
+		return 0;
88a0551
+
88a0551
+	*dot = '\0';
88a0551
+	match = innetgr(netgroup, hname, NULL, NULL);
88a0551
+	*dot = '.';
88a0551
+
88a0551
+	return match;
88a0551
+}
88a0551
+#else	/* !HAVE_INNETGR */
88a0551
 static int
88a0551
-client_checkaddr(nfs_client *clp, struct in_addr addr)
88a0551
+check_netgroup(__attribute__((unused)) const nfs_client *clp,
88a0551
+		__attribute__((unused)) const struct hostent *hp)
88a0551
 {
88a0551
-	int	i;
88a0551
+	return 0;
88a0551
+}
88a0551
+#endif	/* !HAVE_INNETGR */
88a0551
 
88a0551
+/**
88a0551
+ * client_check - check if IP address information matches a cached nfs_client
88a0551
+ * @clp: pointer to a cached nfs_client record
88a0551
+ * @hp: pointer to hostent containing host IP information
88a0551
+ *
88a0551
+ * Returns 1 if the address information matches the cached nfs_client,
88a0551
+ * otherwise zero.
88a0551
+ */
88a0551
+int
88a0551
+client_check(nfs_client *clp, struct hostent *hp)
88a0551
+{
88a0551
 	switch (clp->m_type) {
88a0551
 	case MCL_FQDN:
88a0551
-		for (i = 0; i < clp->m_naddr; i++) {
88a0551
-			if (clp->m_addrlist[i].s_addr == addr.s_addr)
88a0551
-				return 1;
88a0551
-		}
88a0551
-		return 0;
88a0551
+		return check_fqdn(clp, hp);
88a0551
 	case MCL_SUBNETWORK:
88a0551
-		return !((clp->m_addrlist[0].s_addr ^ addr.s_addr)
88a0551
-			& clp->m_addrlist[1].s_addr);
88a0551
+		return check_subnetwork(clp, hp);
88a0551
+	case MCL_WILDCARD:
88a0551
+		return check_wildcard(clp, hp);
88a0551
+	case MCL_NETGROUP:
88a0551
+		return check_netgroup(clp, hp);
88a0551
+	case MCL_ANONYMOUS:
88a0551
+		return 1;
88a0551
+	case MCL_GSS:
88a0551
+		return 0;
88a0551
+	default:
88a0551
+		xlog(D_GENERAL, "%s: unrecognized client type: %d",
88a0551
+				__func__, clp->m_type);
88a0551
 	}
88a0551
+
88a0551
 	return 0;
88a0551
 }
88a0551
 
88a0551
diff --git a/support/export/export.c b/support/export/export.c
88a0551
index 42e78f6..3e4da69 100644
88a0551
--- a/support/export/export.c
88a0551
+++ b/support/export/export.c
88a0551
@@ -28,6 +28,18 @@ static int	export_check(nfs_export *, struct hostent *, char *);
88a0551
 static nfs_export *
88a0551
 		export_allowed_internal(struct hostent *hp, char *path);
88a0551
 
88a0551
+static void
88a0551
+export_free(nfs_export *exp)
88a0551
+{
88a0551
+	xfree(exp->m_export.e_squids);
88a0551
+	xfree(exp->m_export.e_sqgids);
88a0551
+	free(exp->m_export.e_mountpoint);
88a0551
+	free(exp->m_export.e_fslocdata);
88a0551
+
88a0551
+	xfree(exp->m_export.e_hostname);
88a0551
+	xfree(exp);
88a0551
+}
88a0551
+
88a0551
 static void warn_duplicated_exports(nfs_export *exp, struct exportent *eep)
88a0551
 {
88a0551
 	if (exp->m_export.e_flags != eep->e_flags) {
88a0551
@@ -117,6 +129,10 @@ export_dup(nfs_export *exp, struct hostent *hp)
88a0551
 	if (exp->m_export.e_hostname)
88a0551
 		new->m_export.e_hostname = xstrdup(exp->m_export.e_hostname);
88a0551
 	clp = client_dup(exp->m_client, hp);
88a0551
+	if (clp == NULL) {
88a0551
+		export_free(new);
88a0551
+		return NULL;
88a0551
+	}
88a0551
 	clp->m_count++;
88a0551
 	new->m_client = clp;
88a0551
 	new->m_mayexport = exp->m_mayexport;
88a0551
@@ -260,6 +276,10 @@ export_check(nfs_export *exp, struct hostent *hp, char *path)
88a0551
 	return client_check(exp->m_client, hp);
88a0551
 }
88a0551
 
88a0551
+/**
88a0551
+ * export_freeall - deallocate all nfs_export records
88a0551
+ *
88a0551
+ */
88a0551
 void
88a0551
 export_freeall(void)
88a0551
 {
88a0551
@@ -270,16 +290,7 @@ export_freeall(void)
88a0551
 		for (exp = exportlist[i].p_head; exp; exp = nxt) {
88a0551
 			nxt = exp->m_next;
88a0551
 			client_release(exp->m_client);
88a0551
-			if (exp->m_export.e_squids)
88a0551
-				xfree(exp->m_export.e_squids);
88a0551
-			if (exp->m_export.e_sqgids)
88a0551
-				xfree(exp->m_export.e_sqgids);
88a0551
-			if (exp->m_export.e_mountpoint)
88a0551
-				free(exp->m_export.e_mountpoint);
88a0551
-			if (exp->m_export.e_fslocdata)
88a0551
-				free(exp->m_export.e_fslocdata);
88a0551
-			xfree(exp->m_export.e_hostname);
88a0551
-			xfree(exp);
88a0551
+			export_free(exp);
88a0551
 		}
88a0551
 		for (j = 0; j < HASH_TABLE_SIZE; j++) {
88a0551
 			exportlist[i].entries[j].p_first = NULL;
88a0551
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
88a0551
index 537a31e..e44cf8f 100644
88a0551
--- a/support/include/nfslib.h
88a0551
+++ b/support/include/nfslib.h
88a0551
@@ -152,6 +152,8 @@ void qword_addhex(char **bpp, int *lp, char *buf, int blen);
88a0551
 void qword_addint(char **bpp, int *lp, int n);
88a0551
 void qword_adduint(char **bpp, int *lp, unsigned int n);
88a0551
 void qword_addeol(char **bpp, int *lp);
88a0551
+int qword_get_uint(char **bpp, unsigned int *anint);
88a0551
+void qword_printuint(FILE *f, unsigned int num);
88a0551
 
88a0551
 void closeall(int min);
88a0551
 
88a0551
diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
88a0551
index 0587ecb..55fa45d 100644
88a0551
--- a/support/nfs/cacheio.c
88a0551
+++ b/support/nfs/cacheio.c
88a0551
@@ -241,7 +241,7 @@ int qword_get_int(char **bpp, int *anint)
88a0551
 	return 0;
88a0551
 }
88a0551
 
88a0551
-int qword_get_uint(char *bpp, unsigned int *anint)
88a0551
+int qword_get_uint(char **bpp, unsigned int *anint)
88a0551
 {
88a0551
 	char buf[50];
88a0551
 	char *ep;
88a0551
diff --git a/tests/t0001-statd-basic-mon-unmon.sh b/tests/t0001-statd-basic-mon-unmon.sh
88a0551
old mode 100644
88a0551
new mode 100755
88a0551
diff --git a/tools/Makefile.am b/tools/Makefile.am
88a0551
index db15346..f2ce282 100644
88a0551
--- a/tools/Makefile.am
88a0551
+++ b/tools/Makefile.am
88a0551
@@ -6,6 +6,6 @@ if CONFIG_RPCGEN
88a0551
 OPTDIRS += rpcgen
88a0551
 endif
88a0551
 
88a0551
-SUBDIRS = locktest rpcdebug nlmtest $(OPTDIRS)
88a0551
+SUBDIRS = locktest rpcdebug nlmtest mountstats nfs-iostat $(OPTDIRS)
88a0551
 
88a0551
 MAINTAINERCLEANFILES = Makefile.in
88a0551
diff --git a/tools/mountstats/Makefile.am b/tools/mountstats/Makefile.am
88a0551
new file mode 100644
88a0551
index 0000000..ca617a2
88a0551
--- /dev/null
88a0551
+++ b/tools/mountstats/Makefile.am
88a0551
@@ -0,0 +1,13 @@
88a0551
+## Process this file with automake to produce Makefile.in
88a0551
+PYTHON_FILES =  mountstats.py
88a0551
+
88a0551
+man8_MANS	= mountstats.man
88a0551
+
88a0551
+EXTRA_DIST	= $(man8_MANS) $(PYTHON_FILES)
88a0551
+
88a0551
+all-local: $(PYTHON_FILES)
88a0551
+
88a0551
+install-data-hook:
88a0551
+	$(INSTALL) --mode 755 mountstats.py $(DESTDIR)$(sbindir)/mountstats
88a0551
+
88a0551
+MAINTAINERCLEANFILES=Makefile.in
88a0551
diff --git a/tools/mountstats/mountstats.man b/tools/mountstats/mountstats.man
88a0551
new file mode 100644
88a0551
index 0000000..0de31b7
88a0551
--- /dev/null
88a0551
+++ b/tools/mountstats/mountstats.man
88a0551
@@ -0,0 +1,32 @@
88a0551
+.\"
88a0551
+.\" mountstats(8)
88a0551
+.\"
88a0551
+.TH mountstats 8 "15 Apr 2010"
88a0551
+.SH NAME
88a0551
+mountstats \- Displays NFS client per-mount statistics
88a0551
+.SH SYNOPSIS
88a0551
+.BI "mountstats ["<options> "] " <mount_point> " [ " <mount_point> "]" 
88a0551
+.SH DESCRIPTION
88a0551
+The
88a0551
+.B mountstats
88a0551
+command displays NFS client statisitics on each given
88a0551
+.I <mount_point>
88a0551
+.SH OPTIONS
88a0551
+.TP
88a0551
+.B " \-\-nfs
88a0551
+display only the NFS statistics
88a0551
+.TP
88a0551
+.B " \-\-rpc 
88a0551
+display only the RPC statistics
88a0551
+.TP
88a0551
+.B " \-\-version 
88a0551
+display the version of this command
88a0551
+.SH FILES
88a0551
+.TP
88a0551
+.B /proc/self/mountstats
88a0551
+.SH SEE ALSO
88a0551
+.BR iostat (8),
88a0551
+.BR nfsiostat (8),
88a0551
+.BR nfsstat(8)
88a0551
+.SH AUTHOR
88a0551
+Chuck Lever <chuck.lever@oracle.com>
88a0551
diff --git a/tools/nfs-iostat/Makefile.am b/tools/nfs-iostat/Makefile.am
88a0551
new file mode 100644
88a0551
index 0000000..30f4054
88a0551
--- /dev/null
88a0551
+++ b/tools/nfs-iostat/Makefile.am
88a0551
@@ -0,0 +1,13 @@
88a0551
+## Process this file with automake to produce Makefile.in
88a0551
+PYTHON_FILES =  nfs-iostat.py
88a0551
+
88a0551
+man8_MANS	= nfsiostat.man
88a0551
+
88a0551
+EXTRA_DIST	= $(man8_MANS) $(PYTHON_FILES)
88a0551
+
88a0551
+all-local: $(PYTHON_FILES)
88a0551
+
88a0551
+install-data-hook:
88a0551
+	$(INSTALL) --mode 755 nfs-iostat.py $(DESTDIR)$(sbindir)/nfsiostat
88a0551
+
88a0551
+MAINTAINERCLEANFILES=Makefile.in
88a0551
diff --git a/tools/nfs-iostat/nfsiostat.man b/tools/nfs-iostat/nfsiostat.man
88a0551
new file mode 100644
88a0551
index 0000000..7b1e0a8
88a0551
--- /dev/null
88a0551
+++ b/tools/nfs-iostat/nfsiostat.man
88a0551
@@ -0,0 +1,70 @@
88a0551
+.\"
88a0551
+.\" nfsiostat(8)
88a0551
+.\"
88a0551
+.TH nfsiostat 8 "15 Apr 2010"
88a0551
+.SH NAME
88a0551
+nfsiostat \- Emulate iostat for NFS mount points using /proc/self/mountstats
88a0551
+.SH SYNOPSIS
88a0551
+.BI "nfsiostat [[" <interval> "] [" <count> "]] [" <options> "]["<mount_point> "]
88a0551
+.SH DESCRIPTION
88a0551
+The
88a0551
+.B nfsiostat
88a0551
+command displays NFS client per-mount statisitics. 
88a0551
+.TP 
88a0551
+<interval>
88a0551
+specifies the amount of time in seconds between each report.
88a0551
+The first report contains statistics for the time since each file
88a0551
+system was mounted.  Each subsequent report contains statistics collected
88a0551
+during the interval since the previous report.
88a0551
+.TP
88a0551
+<count>
88a0551
+If the
88a0551
+.I <count>
88a0551
+parameter is
88a0551
+specified, the value of 
88a0551
+.I <count> 
88a0551
+determines the number of reports generated at
88a0551
+. <interval> 
88a0551
+seconds apart. if the interval parameter is 
88a0551
+specified without the
88a0551
+.I <count> 
88a0551
+parameter, the command generates reports continuously.
88a0551
+.TP
88a0551
+<options>
88a0551
+Define below
88a0551
+.TP
88a0551
+<mount_point>
88a0551
+If one or more
88a0551
+.I <mount point> 
88a0551
+names are specified, statistics for only these mount points will
88a0551
+be displayed.  Otherwise, all NFS mount points on the client are listed.
88a0551
+.SH OPTIONS
88a0551
+.TP
88a0551
+.B \-a " or " \-\-attr
88a0551
+displays statistics related to the attribute cache
88a0551
+.TP
88a0551
+.B \-d " or " \-\-dir 
88a0551
+displays statistics related to directory operations
88a0551
+.TP
88a0551
+.B \-h " or " \-\-help 
88a0551
+shows help message and exit
88a0551
+.TP
88a0551
+.B \-l LIST or " \-\-list=LIST 
88a0551
+only print stats for first LIST mount points
88a0551
+.TP
88a0551
+.B \-p " or " \-\-page
88a0551
+displays statistics related to the page cache
88a0551
+.TP
88a0551
+.B \-s " or " \-\-sort
88a0551
+Sort NFS mount points by ops/second
88a0551
+.B \-\-version
88a0551
+show program's version number and exit
88a0551
+.SH FILES
88a0551
+.TP
88a0551
+.B /proc/self/mountstats
88a0551
+.SH SEE ALSO
88a0551
+.BR iostat (8),
88a0551
+.BR mountstats (8),
88a0551
+.BR nfsstat(8)
88a0551
+.SH AUTHOR
88a0551
+Chuck Lever <chuck.lever@oracle.com>
88a0551
diff --git a/utils/gssd/context.h b/utils/gssd/context.h
88a0551
index be47f9c..c9cb0bd 100644
88a0551
--- a/utils/gssd/context.h
88a0551
+++ b/utils/gssd/context.h
88a0551
@@ -1,5 +1,5 @@
88a0551
 /*
88a0551
-  Copyright (c) 2004 The Regents of the University of Michigan.
88a0551
+  Copyright (c) 2004,2008 The Regents of the University of Michigan.
88a0551
   All rights reserved.
88a0551
 
88a0551
   Redistribution and use in source and binary forms, with or without
88a0551
@@ -36,6 +36,10 @@
88a0551
 /* Hopefully big enough to hold any serialized context */
88a0551
 #define MAX_CTX_LEN 4096
88a0551
 
88a0551
+/* New context format flag values */
88a0551
+#define KRB5_CTX_FLAG_INITIATOR         0x00000001
88a0551
+#define KRB5_CTX_FLAG_CFX               0x00000002
88a0551
+#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY   0x00000004
88a0551
 
88a0551
 int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf,
88a0551
 				 gss_OID mech, int32_t *endtime);
88a0551
diff --git a/utils/gssd/context_lucid.c b/utils/gssd/context_lucid.c
88a0551
index 4a682ae..b87bf76 100644
88a0551
--- a/utils/gssd/context_lucid.c
88a0551
+++ b/utils/gssd/context_lucid.c
88a0551
@@ -42,6 +42,7 @@
88a0551
 #include <stdio.h>
88a0551
 #include <syslog.h>
88a0551
 #include <string.h>
88a0551
+#include <errno.h>
88a0551
 
88a0551
 #include <gssapi/gssapi_krb5.h>
88a0551
 
88a0551
@@ -119,15 +120,13 @@ prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
88a0551
 	 * Note that the rfc1964 version only supports DES enctypes.
88a0551
 	 */
88a0551
 	if (lctx->rfc1964_kd.ctx_key.type != 4) {
88a0551
-		printerr(1, "prepare_krb5_rfc1964_buffer: "
88a0551
-			    "overriding heimdal keytype (%d => %d)\n",
88a0551
-			    lctx->rfc1964_kd.ctx_key.type, 4);
88a0551
+		printerr(2, "%s: overriding heimdal keytype (%d => %d)\n",
88a0551
+			 __FUNCTION__, lctx->rfc1964_kd.ctx_key.type, 4);
88a0551
 		lctx->rfc1964_kd.ctx_key.type = 4;
88a0551
 	}
88a0551
 #endif
88a0551
-	printerr(2, "prepare_krb5_rfc1964_buffer: serializing keys with "
88a0551
-		 "enctype %d and length %d\n",
88a0551
-		 lctx->rfc1964_kd.ctx_key.type,
88a0551
+	printerr(2, "%s: serializing keys with enctype %d and length %d\n",
88a0551
+		 __FUNCTION__, lctx->rfc1964_kd.ctx_key.type,
88a0551
 		 lctx->rfc1964_kd.ctx_key.length);
88a0551
 
88a0551
 	/* derive the encryption key and copy it into buffer */
88a0551
@@ -158,11 +157,100 @@ out_err:
88a0551
 	return -1;
88a0551
 }
88a0551
 
88a0551
+/* Flags for version 2 context flags */
88a0551
+#define KRB5_CTX_FLAG_INITIATOR		0x00000001
88a0551
+#define KRB5_CTX_FLAG_CFX		0x00000002
88a0551
+#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY	0x00000004
88a0551
+
88a0551
+/*
88a0551
+ * Prepare a new-style buffer, as defined in rfc4121 (a.k.a. cfx),
88a0551
+ * to send to the kernel for newer encryption types -- or for DES3.
88a0551
+ *
88a0551
+ * The new format is:
88a0551
+ *
88a0551
+ *	u32 flags;
88a0551
+ *	#define KRB5_CTX_FLAG_INITIATOR		0x00000001
88a0551
+ *	#define KRB5_CTX_FLAG_CFX		0x00000002
88a0551
+ *	#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY	0x00000004
88a0551
+ *	s32 endtime;
88a0551
+ *	u64 seq_send;
88a0551
+ *	u32  enctype;			( encrption type of key )
88a0551
+ *	raw key;			( raw key bytes (kernel will derive))
88a0551
+ *
88a0551
+ */
88a0551
 static int
88a0551
-prepare_krb5_rfc_cfx_buffer(gss_krb5_lucid_context_v1_t *lctx,
88a0551
+prepare_krb5_rfc4121_buffer(gss_krb5_lucid_context_v1_t *lctx,
88a0551
 	gss_buffer_desc *buf, int32_t *endtime)
88a0551
 {
88a0551
-	printerr(0, "ERROR: prepare_krb5_rfc_cfx_buffer: not implemented\n");
88a0551
+	char *p, *end;
88a0551
+	uint32_t v2_flags = 0;
88a0551
+	uint32_t enctype;
88a0551
+	uint32_t keysize;
88a0551
+
88a0551
+	if (!(buf->value = calloc(1, MAX_CTX_LEN)))
88a0551
+		goto out_err;
88a0551
+	p = buf->value;
88a0551
+	end = buf->value + MAX_CTX_LEN;
88a0551
+
88a0551
+	/* Version 2 */
88a0551
+	if (lctx->initiate)
88a0551
+		v2_flags |= KRB5_CTX_FLAG_INITIATOR;
88a0551
+	if (lctx->protocol != 0)
88a0551
+		v2_flags |= KRB5_CTX_FLAG_CFX;
88a0551
+	if (lctx->protocol != 0 && lctx->cfx_kd.have_acceptor_subkey == 1)
88a0551
+		v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
88a0551
+
88a0551
+	if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
88a0551
+	if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
88a0551
+	if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err;
88a0551
+
88a0551
+	/* Protocol 0 here implies DES3 or RC4 */
88a0551
+	printerr(2, "%s: protocol %d\n", __FUNCTION__, lctx->protocol);
88a0551
+	if (lctx->protocol == 0) {
88a0551
+		enctype = lctx->rfc1964_kd.ctx_key.type;
88a0551
+		keysize = lctx->rfc1964_kd.ctx_key.length;
88a0551
+	} else {
88a0551
+		if (lctx->cfx_kd.have_acceptor_subkey) {
88a0551
+			enctype = lctx->cfx_kd.acceptor_subkey.type;
88a0551
+			keysize = lctx->cfx_kd.acceptor_subkey.length;
88a0551
+		} else {
88a0551
+			enctype = lctx->cfx_kd.ctx_key.type;
88a0551
+			keysize = lctx->cfx_kd.ctx_key.length;
88a0551
+		}
88a0551
+	}
88a0551
+	printerr(2, "%s: serializing key with enctype %d and size %d\n",
88a0551
+		 __FUNCTION__, enctype, keysize);
88a0551
+
88a0551
+	if (WRITE_BYTES(&p, end, enctype)) goto out_err;
88a0551
+
88a0551
+	if (lctx->protocol == 0) {
88a0551
+		if (write_bytes(&p, end, lctx->rfc1964_kd.ctx_key.data,
88a0551
+				lctx->rfc1964_kd.ctx_key.length))
88a0551
+			goto out_err;
88a0551
+	} else {
88a0551
+		if (lctx->cfx_kd.have_acceptor_subkey) {
88a0551
+			if (write_bytes(&p, end,
88a0551
+					lctx->cfx_kd.acceptor_subkey.data,
88a0551
+					lctx->cfx_kd.acceptor_subkey.length))
88a0551
+				goto out_err;
88a0551
+		} else {
88a0551
+			if (write_bytes(&p, end, lctx->cfx_kd.ctx_key.data,
88a0551
+					lctx->cfx_kd.ctx_key.length))
88a0551
+				goto out_err;
88a0551
+		}
88a0551
+	}
88a0551
+
88a0551
+	buf->length = p - (char *)buf->value;
88a0551
+	return 0;
88a0551
+
88a0551
+out_err:
88a0551
+	printerr(0, "ERROR: %s: failed serializing krb5 context for kernel\n",
88a0551
+		 __FUNCTION__);
88a0551
+	if (buf->value) {
88a0551
+		free(buf->value);
88a0551
+		buf->value = NULL;
88a0551
+	}
88a0551
+	buf->length = 0;
88a0551
 	return -1;
88a0551
 }
88a0551
 
88a0551
@@ -176,7 +264,7 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf, int32_t *endtime)
88a0551
 	gss_krb5_lucid_context_v1_t *lctx = 0;
88a0551
 	int retcode = 0;
88a0551
 
88a0551
-	printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n");
88a0551
+	printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
88a0551
 	maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
88a0551
 						1, &return_ctx);
88a0551
 	if (maj_stat != GSS_S_COMPLETE) {
88a0551
@@ -198,11 +286,20 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf, int32_t *endtime)
88a0551
 		break;
88a0551
 	}
88a0551
 
88a0551
-	/* Now lctx points to a lucid context that we can send down to kernel */
88a0551
-	if (lctx->protocol == 0)
88a0551
+	/*
88a0551
+	 * Now lctx points to a lucid context that we can send down to kernel
88a0551
+	 *
88a0551
+	 * Note: we send down different information to the kernel depending
88a0551
+	 * on the protocol version and the enctyption type.
88a0551
+	 * For protocol version 0 with all enctypes besides DES3, we use
88a0551
+	 * the original format.  For protocol version != 0 or DES3, we
88a0551
+	 * send down the new style information.
88a0551
+	 */
88a0551
+
88a0551
+	if (lctx->protocol == 0 && lctx->rfc1964_kd.ctx_key.type <= 4)
88a0551
 		retcode = prepare_krb5_rfc1964_buffer(lctx, buf, endtime);
88a0551
 	else
88a0551
-		retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf, endtime);
88a0551
+		retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
88a0551
 
88a0551
 	maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
88a0551
 	if (maj_stat != GSS_S_COMPLETE) {
88a0551
@@ -212,8 +309,8 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf, int32_t *endtime)
88a0551
 	}
88a0551
 
88a0551
 	if (retcode) {
88a0551
-		printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer "
88a0551
-			 "failed (retcode = %d)\n", retcode);
88a0551
+		printerr(1, "%s: prepare_krb5_*_buffer failed (retcode = %d)\n",
88a0551
+			 __FUNCTION__, retcode);
88a0551
 		goto out_err;
88a0551
 	}
88a0551
 
88a0551
@@ -223,4 +320,7 @@ out_err:
88a0551
 	printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
88a0551
 	return -1;
88a0551
 }
88a0551
+
88a0551
+
88a0551
+
88a0551
 #endif /* HAVE_LUCID_CONTEXT_SUPPORT */
88a0551
diff --git a/utils/gssd/context_mit.c b/utils/gssd/context_mit.c
88a0551
index 709a903..f9cbb02 100644
88a0551
--- a/utils/gssd/context_mit.c
88a0551
+++ b/utils/gssd/context_mit.c
88a0551
@@ -1,5 +1,5 @@
88a0551
 /*
88a0551
-  Copyright (c) 2004 The Regents of the University of Michigan.
88a0551
+  Copyright (c) 2004-2006 The Regents of the University of Michigan.
88a0551
   All rights reserved.
88a0551
 
88a0551
   Redistribution and use in source and binary forms, with or without
88a0551
@@ -38,6 +38,7 @@
88a0551
 #include <stdio.h>
88a0551
 #include <syslog.h>
88a0551
 #include <string.h>
88a0551
+#include <errno.h>
88a0551
 #include <gssapi/gssapi.h>
88a0551
 #include <rpc/rpc.h>
88a0551
 #include <rpc/auth_gss.h>
88a0551
@@ -52,8 +53,7 @@
88a0551
 /* XXX argggg, there's gotta be a better way than just duplicating this
88a0551
  * whole struct.  Unfortunately, this is in a "private" header file,
88a0551
  * so this is our best choice at this point :-/
88a0551
- *
88a0551
- * XXX Does this match the Heimdal definition?  */
88a0551
+ */
88a0551
 
88a0551
 typedef struct _krb5_gss_ctx_id_rec {
88a0551
    unsigned int initiate : 1;   /* nonzero if initiating, zero if accepting */
88a0551
@@ -156,50 +156,120 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf, int32_t *endtime)
88a0551
 {
88a0551
 	krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)ctx)->internal_ctx_id;
88a0551
 	char *p, *end;
88a0551
-	static int constant_one = 1;
88a0551
 	static int constant_zero = 0;
88a0551
+	static int constant_one = 1;
88a0551
+	static int constant_two = 2;
88a0551
 	uint32_t word_seq_send;
88a0551
+	u_int64_t seq_send_64bit;
88a0551
+	uint32_t v2_flags = 0;
88a0551
 
88a0551
 	if (!(buf->value = calloc(1, MAX_CTX_LEN)))
88a0551
 		goto out_err;
88a0551
 	p = buf->value;
88a0551
 	end = buf->value + MAX_CTX_LEN;
88a0551
 
88a0551
-	if (kctx->initiate) {
88a0551
-		if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
88a0551
-	}
88a0551
-	else {
88a0551
-		if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
88a0551
-	}
88a0551
-	if (kctx->seed_init) {
88a0551
-		if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
88a0551
-	}
88a0551
-	else {
88a0551
-		if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
88a0551
-	}
88a0551
-	if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
88a0551
+	switch (kctx->enc->enctype) {
88a0551
+	case ENCTYPE_DES_CBC_CRC:
88a0551
+	case ENCTYPE_DES_CBC_MD4:
88a0551
+	case ENCTYPE_DES_CBC_MD5:
88a0551
+	case ENCTYPE_DES_CBC_RAW:
88a0551
+		/* Old format of context to the kernel */
88a0551
+		if (kctx->initiate) {
88a0551
+			if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
88a0551
+		}
88a0551
+		else {
88a0551
+			if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
88a0551
+		}
88a0551
+		if (kctx->seed_init) {
88a0551
+			if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
88a0551
+		}
88a0551
+		else {
88a0551
+			if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
88a0551
+		}
88a0551
+		if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
88a0551
+			goto out_err;
88a0551
+		if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
88a0551
+		if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
88a0551
+		if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
88a0551
+		word_seq_send = kctx->seq_send;
88a0551
+		if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
88a0551
+		if (write_oid(&p, end, kctx->mech_used)) goto out_err;
88a0551
+
88a0551
+		printerr(2, "serialize_krb5_ctx: serializing keys with "
88a0551
+			 "enctype %d and length %d\n",
88a0551
+			 kctx->enc->enctype, kctx->enc->length);
88a0551
+
88a0551
+		if (write_keyblock(&p, end, kctx->enc)) goto out_err;
88a0551
+		if (write_keyblock(&p, end, kctx->seq)) goto out_err;
88a0551
+		break;
88a0551
+	case ENCTYPE_DES3_CBC_RAW:
88a0551
+	case ENCTYPE_DES3_CBC_SHA1:
88a0551
+	case ENCTYPE_ARCFOUR_HMAC:
88a0551
+	case ENCTYPE_ARCFOUR_HMAC_EXP:
88a0551
+	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
88a0551
+	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
88a0551
+		/* New format of context to the kernel */
88a0551
+		/* u32 flags;
88a0551
+		 * #define KRB5_CTX_FLAG_INITIATOR        0x00000001
88a0551
+		 * #define KRB5_CTX_FLAG_CFX              0x00000002
88a0551
+		 * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY  0x00000004
88a0551
+		 * s32 endtime;
88a0551
+		 * u64 seq_send;
88a0551
+		 * u32  enctype;
88a0551
+		 * rawkey data
88a0551
+		 */
88a0551
+
88a0551
+		if (kctx->initiate)
88a0551
+			v2_flags |= KRB5_CTX_FLAG_INITIATOR;
88a0551
+		if (kctx->proto == 1)
88a0551
+			v2_flags |= KRB5_CTX_FLAG_CFX;
88a0551
+		if (kctx->have_acceptor_subkey)
88a0551
+			v2_flags |= KRB5_CTX_FLAG_ACCEPTOR_SUBKEY;
88a0551
+		if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
88a0551
+		if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
88a0551
+
88a0551
+		seq_send_64bit = kctx->seq_send;
88a0551
+		if (WRITE_BYTES(&p, end, seq_send_64bit)) goto out_err;
88a0551
+
88a0551
+		if (kctx->have_acceptor_subkey) {
88a0551
+			if (WRITE_BYTES(&p, end, kctx->acceptor_subkey->enctype))
88a0551
+				goto out_err;
88a0551
+			printerr(2, "serialize_krb5_ctx: serializing subkey "
88a0551
+				 "with enctype %d and size %d\n",
88a0551
+				 kctx->acceptor_subkey->enctype,
88a0551
+				 kctx->acceptor_subkey->length);
88a0551
+
88a0551
+			if (write_bytes(&p, end,
88a0551
+					kctx->acceptor_subkey->contents,
88a0551
+					kctx->acceptor_subkey->length))
88a0551
+				goto out_err;
88a0551
+		} else {
88a0551
+			if (WRITE_BYTES(&p, end, kctx->enc->enctype))
88a0551
+				goto out_err;
88a0551
+			printerr(2, "serialize_krb5_ctx: serializing key "
88a0551
+				 "with enctype %d and size %d\n",
88a0551
+				 kctx->enc->enctype, kctx->enc->length);
88a0551
+
88a0551
+			if (write_bytes(&p, end, kctx->enc->contents,
88a0551
+					kctx->enc->length))
88a0551
+				goto out_err;
88a0551
+		}
88a0551
+		break;
88a0551
+	default:
88a0551
+		printerr(0, "ERROR: serialize_krb5_ctx: unsupported encryption "
88a0551
+			 "algorithm %d\n", kctx->enc->enctype);
88a0551
 		goto out_err;
88a0551
-	if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
88a0551
-	if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
88a0551
-	if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
88a0551
-	if (endtime)
88a0551
-		*endtime = kctx->endtime;
88a0551
-	word_seq_send = kctx->seq_send;
88a0551
-	if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
88a0551
-	if (write_oid(&p, end, kctx->mech_used)) goto out_err;
88a0551
-
88a0551
-	printerr(2, "serialize_krb5_ctx: serializing keys with "
88a0551
-		 "enctype %d and length %d\n",
88a0551
-		 kctx->enc->enctype, kctx->enc->length);
88a0551
-
88a0551
-	if (write_keyblock(&p, end, kctx->enc)) goto out_err;
88a0551
-	if (write_keyblock(&p, end, kctx->seq)) goto out_err;
88a0551
+	}
88a0551
 
88a0551
 	buf->length = p - (char *)buf->value;
88a0551
 	return 0;
88a0551
+
88a0551
 out_err:
88a0551
 	printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
88a0551
-	if (buf->value) free(buf->value);
88a0551
+	if (buf->value) {
88a0551
+		free(buf->value);
88a0551
+	}
88a0551
+	buf->value = NULL;
88a0551
 	buf->length = 0;
88a0551
 	return -1;
88a0551
 }
88a0551
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
88a0551
index be4fb11..a55418b 100644
88a0551
--- a/utils/gssd/gssd_proc.c
88a0551
+++ b/utils/gssd/gssd_proc.c
88a0551
@@ -600,6 +600,67 @@ update_client_list(void)
88a0551
 	return retval;
88a0551
 }
88a0551
 
88a0551
+/* Encryption types supported by the kernel rpcsec_gss code */
88a0551
+int num_krb5_enctypes = 0;
88a0551
+krb5_enctype *krb5_enctypes = NULL;
88a0551
+
88a0551
+/*
88a0551
+ * Parse the supported encryption type information
88a0551
+ */
88a0551
+static int
88a0551
+parse_enctypes(char *enctypes)
88a0551
+{
88a0551
+	int n = 0;
88a0551
+	char *curr, *comma;
88a0551
+	int i;
88a0551
+	static char *cached_types;
88a0551
+
88a0551
+	if (cached_types && strcmp(cached_types, enctypes) == 0)
88a0551
+		return 0;
88a0551
+	free(cached_types);
88a0551
+
88a0551
+	if (krb5_enctypes != NULL) {
88a0551
+		free(krb5_enctypes);
88a0551
+		krb5_enctypes = NULL;
88a0551
+		num_krb5_enctypes = 0;
88a0551
+	}
88a0551
+
88a0551
+	/* count the number of commas */
88a0551
+	for (curr = enctypes; curr && *curr != '\0'; curr = ++comma) {
88a0551
+		comma = strchr(curr, ',');
88a0551
+		if (comma != NULL)
88a0551
+			n++;
88a0551
+		else
88a0551
+			break;
88a0551
+	}
88a0551
+	/* If no more commas and we're not at the end, there's one more value */
88a0551
+	if (*curr != '\0')
88a0551
+		n++;
88a0551
+
88a0551
+	/* Empty string, return an error */
88a0551
+	if (n == 0)
88a0551
+		return ENOENT;
88a0551
+
88a0551
+	/* Allocate space for enctypes array */
88a0551
+	if ((krb5_enctypes = (int *) calloc(n, sizeof(int))) == NULL) {
88a0551
+		return ENOMEM;
88a0551
+	}
88a0551
+
88a0551
+	/* Now parse each value into the array */
88a0551
+	for (curr = enctypes, i = 0; curr && *curr != '\0'; curr = ++comma) {
88a0551
+		krb5_enctypes[i++] = atoi(curr);
88a0551
+		comma = strchr(curr, ',');
88a0551
+		if (comma == NULL)
88a0551
+			break;
88a0551
+	}
88a0551
+
88a0551
+	num_krb5_enctypes = n;
88a0551
+	if ((cached_types = malloc(strlen(enctypes)+1)))
88a0551
+		strcpy(cached_types, enctypes);
88a0551
+
88a0551
+	return 0;
88a0551
+}
88a0551
+
88a0551
 static int
88a0551
 do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
88a0551
 	    gss_buffer_desc *context_token)
88a0551
@@ -1133,6 +1194,7 @@ handle_gssd_upcall(struct clnt_info *clp)
88a0551
 	char			*mech = NULL;
88a0551
 	char			*target = NULL;
88a0551
 	char			*service = NULL;
88a0551
+	char			*enctypes = NULL;
88a0551
 
88a0551
 	printerr(1, "handling gssd upcall (%s)\n", clp->dirname);
88a0551
 
88a0551
@@ -1176,6 +1238,23 @@ handle_gssd_upcall(struct clnt_info *clp)
88a0551
 		goto out;
88a0551
 	}
88a0551
 
88a0551
+	/* read supported encryption types if supplied */
88a0551
+	if ((p = strstr(lbuf, "enctypes=")) != NULL) {
88a0551
+		enctypes = malloc(lbuflen);
88a0551
+		if (!enctypes)
88a0551
+			goto out;
88a0551
+		if (sscanf(p, "enctypes=%s", enctypes) != 1) {
88a0551
+			printerr(0, "WARNING: handle_gssd_upcall: "
88a0551
+				    "failed to parse target name "
88a0551
+				    "in upcall string '%s'\n", lbuf);
88a0551
+			goto out;
88a0551
+		}
88a0551
+		if (parse_enctypes(enctypes) != 0) {
88a0551
+			printerr(0, "WARNING: handle_gssd_upcall: "
88a0551
+				"parsing encryption types failed: errno %d\n", errno);
88a0551
+		}
88a0551
+	}
88a0551
+
88a0551
 	/* read target name */
88a0551
 	if ((p = strstr(lbuf, "target=")) != NULL) {
88a0551
 		target = malloc(lbuflen);
88a0551
@@ -1222,6 +1301,7 @@ handle_gssd_upcall(struct clnt_info *clp)
88a0551
 out:
88a0551
 	free(lbuf);
88a0551
 	free(mech);
88a0551
+	free(enctypes);
88a0551
 	free(target);
88a0551
 	free(service);
88a0551
 	return;	
88a0551
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
88a0551
index 1295f57..dccbeb6 100644
88a0551
--- a/utils/gssd/krb5_util.c
88a0551
+++ b/utils/gssd/krb5_util.c
88a0551
@@ -292,61 +292,6 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
88a0551
 	return err;
88a0551
 }
88a0551
 
88a0551
-
88a0551
-#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
88a0551
-/*
88a0551
- * this routine obtains a credentials handle via gss_acquire_cred()
88a0551
- * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
88a0551
- * types negotiated.
88a0551
- *
88a0551
- * XXX Should call some function to determine the enctypes supported
88a0551
- * by the kernel. (Only need to do that once!)
88a0551
- *
88a0551
- * Returns:
88a0551
- *	0 => all went well
88a0551
- *     -1 => there was an error
88a0551
- */
88a0551
-
88a0551
-int
88a0551
-limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
88a0551
-{
88a0551
-	u_int maj_stat, min_stat;
88a0551
-	gss_cred_id_t credh;
88a0551
-	gss_OID_set_desc  desired_mechs;
88a0551
-	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC,
88a0551
-				    ENCTYPE_DES_CBC_MD5,
88a0551
-				    ENCTYPE_DES_CBC_MD4 };
88a0551
-	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
88a0551
-
88a0551
-	/* We only care about getting a krb5 cred */
88a0551
-	desired_mechs.count = 1;
88a0551
-	desired_mechs.elements = &krb5oid;
88a0551
-
88a0551
-	maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
88a0551
-				    &desired_mechs, GSS_C_INITIATE,
88a0551
-				    &credh, NULL, NULL);
88a0551
-
88a0551
-	if (maj_stat != GSS_S_COMPLETE) {
88a0551
-		if (get_verbosity() > 0)
88a0551
-			pgsserr("gss_acquire_cred",
88a0551
-				maj_stat, min_stat, &krb5oid);
88a0551
-		return -1;
88a0551
-	}
88a0551
-
88a0551
-	maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid,
88a0551
-					     num_enctypes, &enctypes);
88a0551
-	if (maj_stat != GSS_S_COMPLETE) {
88a0551
-		pgsserr("gss_set_allowable_enctypes",
88a0551
-			maj_stat, min_stat, &krb5oid);
88a0551
-		gss_release_cred(&min_stat, &credh);
88a0551
-		return -1;
88a0551
-	}
88a0551
-	sec->cred = credh;
88a0551
-
88a0551
-	return 0;
88a0551
-}
88a0551
-#endif	/* HAVE_SET_ALLOWABLE_ENCTYPES */
88a0551
-
88a0551
 /*
88a0551
  * Obtain credentials via a key in the keytab given
88a0551
  * a keytab handle and a gssd_k5_kt_princ structure.
88a0551
@@ -1304,3 +1249,68 @@ gssd_k5_get_default_realm(char **def_realm)
88a0551
 
88a0551
 	krb5_free_context(context);
88a0551
 }
88a0551
+
88a0551
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
88a0551
+/*
88a0551
+ * this routine obtains a credentials handle via gss_acquire_cred()
88a0551
+ * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
88a0551
+ * types negotiated.
88a0551
+ *
88a0551
+ * XXX Should call some function to determine the enctypes supported
88a0551
+ * by the kernel. (Only need to do that once!)
88a0551
+ *
88a0551
+ * Returns:
88a0551
+ *	0 => all went well
88a0551
+ *     -1 => there was an error
88a0551
+ */
88a0551
+
88a0551
+int
88a0551
+limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
88a0551
+{
88a0551
+	u_int maj_stat, min_stat;
88a0551
+	gss_cred_id_t credh;
88a0551
+	gss_OID_set_desc  desired_mechs;
88a0551
+	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC,
88a0551
+				    ENCTYPE_DES_CBC_MD5,
88a0551
+				    ENCTYPE_DES_CBC_MD4 };
88a0551
+	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
88a0551
+	extern int num_krb5_enctypes;
88a0551
+	extern krb5_enctype *krb5_enctypes;
88a0551
+
88a0551
+	/* We only care about getting a krb5 cred */
88a0551
+	desired_mechs.count = 1;
88a0551
+	desired_mechs.elements = &krb5oid;
88a0551
+
88a0551
+	maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
88a0551
+				    &desired_mechs, GSS_C_INITIATE,
88a0551
+				    &credh, NULL, NULL);
88a0551
+
88a0551
+	if (maj_stat != GSS_S_COMPLETE) {
88a0551
+		if (get_verbosity() > 0)
88a0551
+			pgsserr("gss_acquire_cred",
88a0551
+				maj_stat, min_stat, &krb5oid);
88a0551
+		return -1;
88a0551
+	}
88a0551
+
88a0551
+	/*
88a0551
+	 * If we failed for any reason to produce global
88a0551
+	 * list of supported enctypes, use local default here.
88a0551
+	 */
88a0551
+	if (krb5_enctypes == NULL)
88a0551
+		maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
88a0551
+					&krb5oid, num_enctypes, enctypes);
88a0551
+	else
88a0551
+		maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
88a0551
+					&krb5oid, num_krb5_enctypes, krb5_enctypes);
88a0551
+
88a0551
+	if (maj_stat != GSS_S_COMPLETE) {
88a0551
+		pgsserr("gss_set_allowable_enctypes",
88a0551
+			maj_stat, min_stat, &krb5oid);
88a0551
+		gss_release_cred(&min_stat, &credh);
88a0551
+		return -1;
88a0551
+	}
88a0551
+	sec->cred = credh;
88a0551
+
88a0551
+	return 0;
88a0551
+}
88a0551
+#endif	/* HAVE_SET_ALLOWABLE_ENCTYPES */