NFSv4-patched ACL lib dependencies
Kevin Coffman
kwc at umich.edu
Mon Jul 7 23:36:03 EDT 2008
On Mon, Jul 7, 2008 at 6:53 PM, J. Bruce Fields <bfields at fieldses.org> wrote:
> On Mon, Jul 07, 2008 at 03:24:06PM -0700, Paarvai Naai wrote:
>> Hi all,
>>
>> I'm returning to the issue of NFSv4 in the process of upgrading my
>> company's servers. I noticed on the following page
>>
>> http://www.citi.umich.edu/projects/nfsv4/linux/
>>
>> it states that "... the patches make fundamental utilities such as cp
>> and ls depend on ldap and krb5 libraries (among others) ...." This is
>> basically the same issue that I had a while ago (cf. "Problem with ACL
>> lib dependencies" from Nov 21, 2006).
>>
>> I have one possible suggestion. Specifically, it looks like the
>> dependencies primarily originate from the use of
>> /usr/lib/libnfsidmap.so. Rather than dynamically linking to
>> /usr/lib/libnfsidmap.so, one could use dlopen to dynamically open
>> /usr/lib/libnfsidmap.so during run-time and populate function pointers
>> to the functions needed by the patched libacl.so. If
>> /usr/lib/libnfsidmap.so is not available, then nfsv4 support can
>> simply be bypassed at runtime. In this way, it is possible to have a
>> patched version of libacl (normally found in /lib) that is not by
>> default dependent on libraries in /usr/lib. This type of fix can also
>> help facilitate propagating the patches for libacl upstream so they
>> are available in common Linux distributions by default.
>
> Yup, that sounds like a good idea (patches welcome...).
>
> Also, I think Olga had some patches to use dlopen() as needed in libacl
> or librpcsec_gss and remove the need for some of their dependencies--but
> I've forgotten what happened to that effort.
I have not heard any feedback on this yet... Perhaps I should just
put it out and wait for complaints?
Date: Thu, 10 Apr 2008 11:32:29 -0400
From: "Kevin Coffman" <kwc at citi.umich.edu>
To: nfsv4 <nfsv4 at linux-nfs.org>
Subject: libnfsidmap-0.21b1 (beta) is available
A new *BETA* version of libnfsidmap is now available from
http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/libnfsidmap-0.21=
b1.tar.gz
Changes since libnfsidmap-0.20:
The main library has been changed to load "plugin" libraries to
perform the mappings. This decouples the main library from any ldap
(and sasl, etc.) dependencies.
Several translation methods (plugins) may now be specified in the
idmapd.conf file. While a plugin returns -ENOENT, the next is called
until a mapping is found, or there are no more plugins to try.
A "static" mapping plugin from David H=E4rdeman <david at hardeman.nu> has
been added.
A "gums" mapping plugin from Olga Kornievskaia <aglo at citi.umich.edu>
has been added. Olga also did most of the work to convert the code to
use this new plugin architecture.
The interface is changed to add two new functions,
nfs4_gss_princ_to_ids_ex(), and nfs4_gss_princ_to_grouplist_ex() which
allow extra information to be passed to these mapping functions.
Please try it out and give us feedback.
More information about the NFSv4
mailing list