MFC r344402 (by sef):

* Handle SIGPIPE in gssd
We've got some cases where the other end of gssd's AF_LOCAL socket gets
closed, resulting in an error (and SIGPIPE) when it tries to do I/O to it.
Closing without cleaning up means the next time nfsd starts up, it hangs,
unkillably; this allows gssd to handle that particular error.

* Limit the retry cound in gssd_syscall to 5.
The default is INT_MAX, which effectively means forever. And it's an
uninterruptable RPC call, so it will never stop.

The two changes mitigate the problem.

MFC r326276:

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

MFC r314659,r314676:

r314659:

usr.sbin: normalize paths using SRCTOP-relative paths or :H when possible

This simplifies make logic/output

r314676:

Fix build after r314656

Some of the changes I introduced to use .ALLSRC were correct in spirit,
but incorrect in reality -- in particular, ../Makefile.inc hadn't been
pulled in via bsd.init.mk (via bsd.lib.mk, bsd.prog.mk), so the value
of .ALLSRC (evaluated immediately) was empty. .include bsd.init.mk
explicitly so we can be certain that the values used as dependencies in
the targets are defined when the target recipe has been evaluated.

Reminder: thou shalt separate out separate functional changes before
committing them.

(YUGE) Pointyhat to: ngie
In collaboration with: bdrewery

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

usr.sbin: minor spelling fixes on comments.

No functional change.

DIRDEPS_BUILD: Regenerate without local dependencies.

These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.

Sponsored by: EMC / Isilon Storage Division

Unset the gss kernel state when gssd exits

When gssd exits it leaves the kernel state set by
gssd_syscall(). nfsd sees this and waits endlessly
in an unkillable state for gssd to come back. If you
had acidentally started gssd then stopped it, then
started nfsd you'd be in a bad way until you either
restarted gssd or rebooted the system. This change
fixes that by setting the kernel state to "" when
gssd exits.
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: iXsystems

Increase group limit for kerberized NFSv4

PR: 202659
Submitted by: matthew.l.dailey@dartmouth.edu
Reviewed by: rmacklem dfr
MFC after: 1 week
Sponsored by: iXsystems

Add META_MODE support.

Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision: D2796
Reviewed by: brooks imp

Add an auto-generated file to CLEANFILES.

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division

Check for an error from daemon(3), and correct the check for an error from
socket(2).

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division

mdoc: sort SEE ALSO.

Convert usr.sbin to LIBADD
Reduce overlinking

use .Mt to mark up email addresses consistently (part2)

PR: 191174
Submitted by: Franco Fichtner <franco@lastsummer.de>

Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.

Fix some Kerberos related terminology.
This is a content change.

Requested by: bjk

Oops, initialize the krb5 ret values correctly (to anything non-zero).

Make sure the krb5 status variables are correctly initialized.

Document the new "-h" option for the gssd daemon.
This is a content change.

Reviewed by: jhb

Add a new "-h" option to the gssd daemon that enables support for
host based (kerberos service principal) initiator credentials in
the default keytab file. This option won't actually be useful until
the corresponding kernel changes are committed.

Reviewed by: jhb

Document the "-o" option added by r252138.

MFC after: 10 days

Add a new "-o" option to the gssd which forces gss_init_sec_context()
to use DES and the associated old style GSS initialization token.
This appears to be required for some non-FreeBSD servers to
get a kerberized NFS mount to work. Also, ignore some signals when daemonized,
which might fix the gssd from "disappearing" without leaving a core dump.
Given the tight timeframe for the FreeBSD9.2 release, I have
committed this while waiting for code review. I will commit
changes recommended by the review in a separate commit.

Reviewed by: dfr (pending)
MFC after: 10 days

Fix r251444 so that gssd.c still builds for WITHOUT_KERBEROS.

Reported by: bf1783@gmail.com
MFC after: 2 weeks

Document the new "-v" option for the gssd daemon.
This is a content change.

MFC after: 2 weeks

Add a "-v" (verbose) option to the gssd daemon, to help
with diagnosis of kerberized NFS mount problems. When set,
messages are sent to syslog() (or fprintf(stderr,...) if
"-d" is also specified) to indicate activity/results of
kgssapi upcalls.

Reviewed by: jhb
MFC after: 2 weeks

Fix the getpwuid_r() call in the gssd daemon so that it handles
the ERANGE error return case. Without this fix, authentication
of users for certain system setups could fail unexpectedly.

Reported by: Elias Martenson (lokedhs@gmail.com)
Tested by: Elias Martenson (earlier version)
MFC after: 2 weeks

Grammar fixes and some wordsmithing

Discussed with: rmacklem
Approved by: hrs (mentor)
MFC after: 2 weeks

Fix r244604 so that it builds when MK_KERBEROS_SUPPORT == "no".

Reported by: bf
Tested by: bf
Reviewed by: gcooper
MFC after: 3 days

Fix the Makefile so it can build gssd.c after r244604.

MFC after: 2 weeks

Document the new gssd daemon options added by r244604.
This is a content change.

MFC after: 2 weeks

It was reported via email that some sshds create kerberos
credential cache files with names other than /tmp/krb5cc_<uid>.
The gssd daemon does not know how to find these credential caches.
This patch implements a new option "-s" that does a search for
credential cache files, using roughly the same algorithm as the
gssd daemon for Linux uses. The gssd behaviour is only changed
if the new "-s" option is specified. It also implements two other
new options related to the "-s" option.

Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl
Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias A. Marinos
MFC after: 2 weeks

Fix the gssd daemon so that it uses syslog() to report
an error instead of calling err() when it is daemonized,
so that the error gets logged.

Discussed with: rwatson, jhb
Tested by: Illias A. Marinos, Herbert Poeckl
MFC after: 2 weeks

mdoc: add missing width argument to Bl -tag.

Consistently set RPCGEN_CPP when running rpcgen, so the C preprocessor
set via ${CPP} is used, instead of always using hardcoded /usr/bin/cpp.

MFC after: 1 week

mdoc: consistently spell our email addresses <foo@FreeBSD.org>

Reviewed by: ru

- Remove superfluous comment

PR: docs/129400
Submitted by: Gavin Atkinson <gavin@freebsd.org>

Add gssd.h to the list of SRCS so one can build without 'make depend' first.

Tiny typo fix and remove 'example' from a "real" manpage.

Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by: Isilon Systems
MFC after: 1 month