Added option for enabling NFS4 GSS (FATE#312242, bnc#681190)

backported from 29f5fb6

VERSION

@@ -1 +1 @@
-2.17.16
+2.17.17

package/yast2-nfs-client.changes

@@ -2,6 +2,8 @@
 Fri Jan 18 14:05:54 CET 2013 - mvidner@suse.cz
 
 - AutoYaST: fix to allow NFS4 options (FATE#312242, bnc#457981)
+- added option for enabling NFS4 GSS (FATE#312242, bnc#681190)
+- 2.17.17
 
 -------------------------------------------------------------------
 Tue Jan 15 16:44:36 CET 2013 - mvidner@suse.cz

src/include/nfs/ui.ycp

@@ -242,28 +242,28 @@
 		`VBox(
 		    `VSpacing(0.2),
 		    `HBox(
-		        TextAndButton (
-			`ComboBox(
-			    `id(`serverent),`opt(`editable),
-			    // text entry label
-			    _("&NFS Server Hostname"), servers ),
-			// pushbutton label
-			// choose a host from a list
-			// appears in help text too
-			`PushButton (`id (`choose), _("Choo&se"))
-			),
+                        TextAndButton (
+			    `ComboBox(
+			        `id(`serverent),`opt(`editable),
+    			        // text entry label
+			        _("&NFS Server Hostname"), servers ),
+			    // pushbutton label
+			    // choose a host from a list
+			    // appears in help text too
+			    `PushButton (`id (`choose), _("Choo&se"))
+                        ),
 			`HSpacing(0.5),
-			TextAndButton (
+			 TextAndButton (
 			    `InputField( `id(`pathent),
-					`opt(`hstretch),
-				       // textentry label
-				       _("&Remote Directory"), pth),
-			    // pushbutton label,
+			                `opt(`hstretch),
+				        // textentry label
+				        _("&Remote Directory"), pth),
+                            // pushbutton label,
 			    // select from a list of remote filesystems
 			    // make it short
 			    // appears in help text too
 			    `PushButton (`id (`pathent_list), _("&Select"))
-			    )
+			)
 		    ),
 		    `Left(
                           `HBox(
@@ -532,6 +532,8 @@ rights.</p>") + fw_cwm_widget["help"]:"";
 	            `HStretch()
 	        ),
 	        `VSpacing (1),
+                `Left(`CheckBox(`id(`enable_nfs_gss), `opt( `notify), _("Enable &GSS Security"))),
+	        `VSpacing (1),
 	        fw_cwm_widget["custom_widget"]:`Empty (),
 		`VStretch()
 	    );
@@ -566,6 +568,7 @@ rights.</p>") + fw_cwm_widget["help"]:"";
         UI::ChangeWidget(`id(`enable_nfs4), `Value, Nfs::nfs4_enabled != false);
 	UI::ChangeWidget( `id(`nfs4_domain), `Enabled, Nfs::nfs4_enabled != false);
 	UI::ChangeWidget(`id(`nfs4_domain), `Value, Nfs::idmapd_domain);
+        UI::ChangeWidget(`id(`enable_nfs_gss), `Value, Nfs::nfs_gss_enabled != false);
     }
 
     void SaveFstabEntries( )
@@ -577,6 +580,7 @@ rights.</p>") + fw_cwm_widget["help"]:"";
     {
         CWMFirewallInterfaces::OpenFirewallStore (fw_cwm_widget, "", event);
         Nfs::nfs4_enabled = (boolean) UI::QueryWidget(`id(`enable_nfs4),`Value);
+        Nfs::nfs_gss_enabled = (boolean) UI::QueryWidget(`id(`enable_nfs_gss),`Value);
 	Nfs::idmapd_domain = (string) UI::QueryWidget(`id(`nfs4_domain),`Value);
     }
 

src/modules/Nfs.ycp

@@ -76,6 +76,8 @@
 
     global boolean nfs4_enabled = nil;
 
+    global boolean nfs_gss_enabled = nil;
+
     global string idmapd_domain = "";
 
     string portmapper = "";
@@ -87,7 +89,11 @@
         return SCR::Read(.sysconfig.nfs.NFS4_SUPPORT) == "yes";
     }
 
-    string ReadIdmapd() {
+    boolean ReadNfsGss () {
+        return SCR::Read(.sysconfig.nfs.NFS_SECURITY_GSS) == "yes";
+    }
+
+   string ReadIdmapd() {
         return (string) SCR::Read(.etc.idmapd_conf, "Domain");
     }
 
@@ -140,6 +146,7 @@
 	});
 
         nfs4_enabled = global_options["enable_nfs4"]:ReadNfs4();
+        nfs_gss_enabled = global_options["enable_nfs_gss"]:ReadNfsGss();
         idmapd_domain = global_options["idmapd_domain"]:ReadIdmapd();
 
 	nfs_entries = maplist(map entry, entries, {
@@ -173,6 +180,7 @@
 	});
         map<string, any> options = $[
             "enable_nfs4": nfs4_enabled,
+            "enable_nfs_gss": nfs_gss_enabled,
             "idmapd_domain": idmapd_domain
         ];
         // FIXME: now the list is always nonempty; is that OK?
@@ -292,8 +300,9 @@
 	    });
 	}
 
-	nfs4_enabled = (SCR::Read(.sysconfig.nfs.NFS4_SUPPORT)=="yes");
-	idmapd_domain = (string) SCR::Read(.etc.idmapd_conf, "Domain");
+	nfs4_enabled = ReadNfs4();
+        nfs_gss_enabled = ReadNfsGss();
+	idmapd_domain = ReadIdmapd();
 
 	boolean progress_orig = Progress::set(false);
 	SuSEFirewall::Read ();
@@ -388,6 +397,7 @@ the NFS client configuration.\n"));
         {
                 SCR::Write(.sysconfig.nfs.NFS4_SUPPORT,"no");
         }
+        SCR::Write( .sysconfig.nfs.NFS_SECURITY_GSS, nfs_gss_enabled ? "yes" : "no");
 	boolean progress_orig = Progress::set (false);
 	SuSEFirewall::WriteOnly ();
 	Progress::set (progress_orig);

src/nfs.rnc

@@ -4,6 +4,7 @@
 
 nfs_global_options_content = (
     element enable_nfs4 { BOOLEAN }? &
+    element enable_nfs_gss { BOOLEAN }? &
     element idmapd_domain { text }?
 )
 

testsuite/tests/autoyast.out

@@ -2,15 +2,22 @@ Read	.target.tmpdir "/tmp"
 Dump	Nfs::Import
 Dump	- basic, SLE11-SP2
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localdomain"
 Return	true
 Dump	-- and Export
 Dump	- empty
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localdomain"
 Return	true
 Dump	- invalid, missing basic data
 Log	Missing at Import: 'mount_point'.
 Log	Missing at Import: 'nfs_options'.
 Dump	- basic, SLE11-SP3
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
+Return	true
+Dump	-- and Export
+Dump	- with GSS
+Return	true
 Dump	-- and Export

testsuite/tests/autoyast.ycp

@@ -16,6 +16,7 @@
         "sysconfig": $[
              "nfs" : $[
                  "NFS4_SUPPORT": "no",
+                 "NFS_SECURITY_GSS": "no",
              ],
          ],
     ];
@@ -69,10 +70,12 @@
                            "enable_nfs4": true,
                            "idmapd_domain": "example.com"
                            ];
-    Nfs::Import([
+    TEST (``(
+             Nfs::Import([
                  global_options,
                  entry1
-                 ]);
+                 ])
+             ), [READ, $[], $[]], nil);
     Assert::Equal(true, Nfs::nfs4_enabled);
     Assert::Equal("example.com", Nfs::idmapd_domain);
     Assert::Equal(1, size(Nfs::nfs_entries));
@@ -86,4 +89,28 @@
     Assert::Equal("data.example.com:/mirror", e[1, "server_path"]:"");
     Assert::Equal("/mirror",                  e[1, "mount_point"]:"");
     Assert::Equal("defaults",                 e[1, "nfs_options"]:"");
+
+    // ---------
+    DUMP("- with GSS");
+    global_options = $[
+                           "enable_nfs4": true,
+                           "enable_nfs_gss": true,
+                           "idmapd_domain": "example.com"
+                           ];
+    TEST (``(
+             Nfs::Import([
+                 global_options,
+                 entry1
+                 ])
+             ), [READ, $[], $[]], nil);
+    // assertions shortened
+    Assert::Equal(true, Nfs::nfs_gss_enabled);
+    Assert::Equal(1, size(Nfs::nfs_entries));
+    Assert::Equal("data.example.com:/mirror", Nfs::nfs_entries[0, "spec"]:"");
+
+    DUMP("-- and Export");
+    e = Nfs::Export();
+    Assert::Equal(2, size(e));
+    Assert::Equal(true,          e[0, "enable_nfs_gss"]:false);
+    Assert::Equal("data.example.com:/mirror", e[1, "server_path"]:"");
 }

testsuite/tests/readwrite.out

@@ -1,6 +1,7 @@
 Dump	Read
 Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"reiserfs"], $["file":"/home", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/home", "vfstype":"nfs"], $["file":"/var/spool/mail", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/var/spool/mail", "vfstype":"nfs"], $["file":"/a\\040space", "freq":1, "mntops":"defaults", "passno":3, "spec":"/dev/hda7", "vfstype":"reiserfs"], $["file":"/b\\040space", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/space\\040dir", "vfstype":"nfs"]]
 Read	.sysconfig.nfs.NFS4_SUPPORT "yes"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "yes"
 Read	.etc.idmapd_conf "Domain" "localhost"
 Read	.init.scripts.exists "SuSEfirewall2_init" true
 Read	.init.scripts.runlevel "SuSEfirewall2_init" $["network":$["start":[], "stop":[]], "networkmanager":$["start":["3", "5"], "stop":["3", "5"]], "nfs":$["start":["3", "5"], "stop":["3", "5"]], "nfsboot":$["start":[], "stop":[]], "portmap":$["start":["3", "5"], "stop":["3", "5"]]]
@@ -32,6 +33,7 @@ Read	.init.scripts.comment "nfsboot" $["nfs":$[], "portmap":$[]]
 Execute	.target.bash_output "/sbin/insserv -d /etc/init.d/nfsboot" $["exit":0, "stderr":"", "stdout":""]
 Write	.sysconfig.nfs.NFS4_SUPPORT "yes" true
 Write	.etc.idmapd_conf ["Domain", "localhost"] true
+Write	.sysconfig.nfs.NFS_SECURITY_GSS "yes" true
 Read	.init.scripts.exists "nfs" true
 Execute	.target.bash_output "/etc/init.d/nfs stop" $["TERM":"raw"] $["exit":0, "stderr":"", "stdout":""]
 Read	.init.scripts.exists "portmap" true

testsuite/tests/readwrite.ycp

@@ -118,6 +118,7 @@
 	"sysconfig": $[
 	     "nfs" : $[
 	         "NFS4_SUPPORT": "yes",
+                 "NFS_SECURITY_GSS": "yes",
 	     ],
 	 ],
 	];

testsuite/tests/readwrite2.out

@@ -3,6 +3,7 @@ Dump	Read  - nfs is in use & running
 Dump	
 Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"reiserfs"], $["file":"/home", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/home", "vfstype":"nfs"], $["file":"/var/spool/mail", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/var/spool/mail", "vfstype":"nfs"], $["file":"/a\\040space", "freq":1, "mntops":"defaults", "passno":3, "spec":"/dev/hda7", "vfstype":"reiserfs"], $["file":"/b\\040space", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/space\\040dir", "vfstype":"nfs"]]
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localhost"
 Read	.init.scripts.exists "SuSEfirewall2_init" true
 Read	.init.scripts.runlevel "SuSEfirewall2_init" $["nfs":$["start":["3", "5"], "stop":["3", "5"]], "portmap":$["start":["3", "5"], "stop":["3", "5"]]]
@@ -35,6 +36,7 @@ Read	.init.scripts.runlevel "nfsboot" $["nfs":$["start":["3", "5"], "stop":["3",
 Read	.init.scripts.comment "nfsboot" $["nfs":$[], "portmap":$[]]
 Execute	.target.bash_output "/sbin/insserv -d /etc/init.d/nfsboot" $["exit":0, "stderr":"", "stdout":""]
 Write	.sysconfig.nfs.NFS4_SUPPORT "no" true
+Write	.sysconfig.nfs.NFS_SECURITY_GSS "no" true
 Read	.init.scripts.exists "nfs" true
 Execute	.target.bash_output "/etc/init.d/nfs stop" $["TERM":"raw"] $["exit":0, "stderr":"", "stdout":""]
 Read	.init.scripts.exists "portmap" true
@@ -51,6 +53,7 @@ Dump	Read  - nfs is in use & stopped
 Dump	
 Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"reiserfs"], $["file":"/home", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/home", "vfstype":"nfs"], $["file":"/var/spool/mail", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/var/spool/mail", "vfstype":"nfs"], $["file":"/a\\040space", "freq":1, "mntops":"defaults", "passno":3, "spec":"/dev/hda7", "vfstype":"reiserfs"], $["file":"/b\\040space", "freq":0, "mntops":"defaults", "passno":0, "spec":"foo.bar.com:/space\\040dir", "vfstype":"nfs"]]
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localhost"
 Return	true
 Dump	
@@ -81,6 +84,7 @@ Read	.init.scripts.runlevel "nfsboot" $["nfs":$["start":[], "stop":[]], "portmap
 Read	.init.scripts.comment "nfsboot" $["nfs":$[], "portmap":$[]]
 Execute	.target.bash_output "/sbin/insserv -d /etc/init.d/nfsboot" $["exit":0, "stderr":"", "stdout":""]
 Write	.sysconfig.nfs.NFS4_SUPPORT "no" true
+Write	.sysconfig.nfs.NFS_SECURITY_GSS "no" true
 Read	.init.scripts.exists "nfs" true
 Execute	.target.bash_output "/etc/init.d/nfs stop" $["TERM":"raw"] $["exit":0, "stderr":"", "stdout":""]
 Read	.init.scripts.exists "portmap" true
@@ -97,6 +101,7 @@ Dump	Read  - nfs not used & running
 Dump	
 Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"ext3"]]
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localhost"
 Return	true
 Dump	
@@ -106,6 +111,7 @@ Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec"
 Execute	.target.bash "/bin/cp $ORIG $BACKUP" $["BACKUP":"/etc/fstab.YaST2.save", "ORIG":"/etc/fstab"] 0
 Write	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"ext3"]] true
 Write	.sysconfig.nfs.NFS4_SUPPORT "no" true
+Write	.sysconfig.nfs.NFS_SECURITY_GSS "no" true
 Read	.init.scripts.exists "nfs" true
 Execute	.target.bash_output "/etc/init.d/nfs stop" $["TERM":"raw"] $["exit":0, "stderr":"", "stdout":""]
 Read	.init.scripts.exists "SuSEfirewall2_init" true
@@ -116,6 +122,7 @@ Dump	Read  - nfs not used & services are stopped
 Dump	
 Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"ext3"]]
 Read	.sysconfig.nfs.NFS4_SUPPORT "no"
+Read	.sysconfig.nfs.NFS_SECURITY_GSS "no"
 Read	.etc.idmapd_conf "Domain" "localhost"
 Return	true
 Dump	
@@ -125,6 +132,7 @@ Read	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec"
 Execute	.target.bash "/bin/cp $ORIG $BACKUP" $["BACKUP":"/etc/fstab.YaST2.save", "ORIG":"/etc/fstab"] 0
 Write	.etc.fstab [$["file":"/", "freq":1, "mntops":"defaults", "passno":2, "spec":"/dev/hda6", "vfstype":"ext3"]] true
 Write	.sysconfig.nfs.NFS4_SUPPORT "no" true
+Write	.sysconfig.nfs.NFS_SECURITY_GSS "no" true
 Read	.init.scripts.exists "nfs" true
 Execute	.target.bash_output "/etc/init.d/nfs stop" $["TERM":"raw"] $["exit":0, "stderr":"", "stdout":""]
 Read	.init.scripts.exists "SuSEfirewall2_init" true

testsuite/tests/readwrite2.ycp

@@ -115,6 +115,7 @@
 	"sysconfig": $[
 	     "nfs" : $[
 	         "NFS4_SUPPORT": "no",
+                 "NFS_SECURITY_GSS": "no",
 	     ],
 	 ],
 	];