build: adjust multi-user configuration options

Problem: the --enable-impersonation=TYPE arguments and platform defaults are a little complex for this niche case. Replace with two binary options: --disable-multiuser to disable multi-user support --with-ganesha-kmod to use FreeBSD nfs-ganesha-kmod for multi-user support At this point FreeBSD users making a server-only multi-user build would use configure --disable-diodmount --with-ganesha-kmod
chaos · Jan 21, 2025 · a474d34 · a474d34
1 parent 4684e5c
commit a474d34
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 56 deletions.
diff --git a/configure.ac b/configure.ac
@@ -95,10 +95,19 @@ AC_SYS_LARGEFILE
 AC_ARG_ENABLE([diodmount],
   [AS_HELP_STRING([--disable-diodmount], [do not build diodmount])])
 
-AC_ARG_ENABLE([impersonation],
-  [AS_HELP_STRING([--enable-impersonation], [allow access=user])],
-  [],
-  [enable_impersonation=auto])
+AC_ARG_ENABLE([multiuser],
+  [AS_HELP_STRING([--disable-multiuser], [build without multi-user support])])
+
+AC_ARG_WITH([ganesha-kmod],
+  [AS_HELP_STRING([--with-ganesha-kmod], [use nfs-ganesha-kmod syscalls for multi-user])])
+
+AS_IF([test "x$with_ganesha_kmod" = "xyes"], [
+  AC_DEFINE([USE_GANESHA_KMOD], [1], [Use nfs-ganesha-kmod syscalls])
+])
+
+AS_IF([test "x$enable_multiuser" != "xno"], [
+  AC_DEFINE([MULTIUSER], [1], [service files to multiple users])
+])
 
 AC_ARG_ENABLE([config],
   [AS_HELP_STRING([--disable-config], [disable lua config file support])])
@@ -114,47 +123,9 @@ AS_IF([test "x$enable_config" != "xno"], [
   AC_DEFINE([HAVE_CONFIG_FILE], [1], [lua config file support])
 ])
 
-case "${host_os}" in
-  linux*)
-    case "${enable_impersonation}" in
-      no)
-        ;;
-      yes|linux|auto)
-        enable_impersonation=linux;;
-      *)
-        AC_MSG_FAILURE([unsupported impersonation model]);;
-    esac
-    ;;
-  freebsd*)
-    case "${enable_impersonation}" in
-      no|auto)
-        enable_impersonation=no;;
-      yes|ganesha)
-        enable_impersonation=ganesha;;
-      *)
-        AC_MSG_FAILURE([unsupported impersonation model]);;
-    esac
-    ;;
-  *)
-    case "${enable_impersonation}" in
-      no|auto)
-        enable_impersonation=no;;
-      *)
-        AC_MSG_FAILURE([unsupported impersonation model]);;
-    esac
-    ;;
-esac
-
 AM_CONDITIONAL([ENABLE_DIODMOUNT], [test "x${enable_diodmount}" != "xno"])
-AM_CONDITIONAL([USE_IMPERSONATION_LINUX], [test "x${enable_impersonation}" = "xlinux"])
-AM_CONDITIONAL([USE_IMPERSONATION_GANESHA], [test "x${enable_impersonation}" = "xganesha"])
-
-if test "x${enable_impersonation}" = "xlinux"; then
-  AC_DEFINE([USE_IMPERSONATION_LINUX], [1], [Use Linux setfsuid])
-fi
-if test "x${enable_impersonation}" = "xganesha"; then
-  AC_DEFINE([USE_IMPERSONATION_GANESHA], [1], [Use nfs-ganesha-kmod syscalls])
-fi
+AM_CONDITIONAL([MULTIUSER], [test "x${enable_multiuser}" != "xno"])
+AM_CONDITIONAL([USE_GANESHA_KMOD], [test "x${with_ganesha_kmod}" = "xyes"])
 
 ##
 # Check for systemd

diff --git a/src/cmd/diod.c b/src/cmd/diod.c
@@ -18,7 +18,7 @@
 #include <stdint.h>
 #include <sys/types.h>
 #include <unistd.h>
-#if USE_IMPERSONATION_LINUX
+#ifndef USE_GANESHA_KMOD
 #include <sys/syscall.h>
 #endif
 #include <stdio.h>
@@ -48,7 +48,7 @@
 
 #include "src/libdiod/diod_ops.h"
 
-#if USE_IMPERSONATION_GANESHA
+#if USE_GANESHA_KMOD
 #include "src/libnpfs/ganesha-syscalls.h"
 #endif
 
@@ -455,7 +455,7 @@ _service_sigsetup (void)
         err_exit ("sigprocmask");
 }
 
-#if USE_IMPERSONATION_LINUX
+#if defined(MULTIUSER) && !defined(USE_GANESHA_KMOD)
 /* POSIX setgroups(2) is per process but in Linux the underlying system call
  * is per-thread and the per-process bit is handled in glibc, so we can use
  * SYS_setgroups directly in the server thread pool when switching users.
@@ -505,7 +505,7 @@ _test_setgroups (void)
     free (sg);
     return rc;
 }
-#endif /* USE_IMPERSONATION_LINUX */
+#endif
 
 /* Look up user name of effective uid.
  * The result is only valid until the next call, and this is not thread safe.
@@ -597,21 +597,23 @@ _service_run (srvmode_t mode, int rfdno, int wfdno)
     flags |= SRV_FLAGS_AUTHCONN;
     //flags |= SRV_FLAGS_FLUSHSIG;      /* XXX temporarily off */
     if (geteuid () == 0) {
+#if MULTIUSER
         flags |= SRV_FLAGS_SETFSID;
         flags |= SRV_FLAGS_DAC_BYPASS;
-#if USE_IMPERSONATION_LINUX
+#ifndef USE_GANESHA_KMOD
         if (_test_setgroups ())
             flags |= SRV_FLAGS_SETGROUPS;
         else {
             msg ("warning: supplemental group membership will be ignored."
                 "  Some accesses might be inappropriately denied.");
         }
-#elif USE_IMPERSONATION_GANESHA
+#else
         if (init_ganesha_syscalls() < 0)
             msg ("nfs-ganesha-kmod not loaded: changing user/group will fail");
         /* SRV_FLAGS_SETGROUPS is ignored in user-freebsd.c */
+#endif
 #else
-        msg ("warning: cannot change user/group (built with --disable-impersonation)");
+        msg ("warning: cannot change user/group (built with --disable-multiuser)");
 #endif
     }
 

diff --git a/src/libnpfs/Makefile.am b/src/libnpfs/Makefile.am
@@ -24,14 +24,14 @@ libnpfs_a_SOURCES = \
 	ctl.c \
 	xpthread.h
 
-if USE_IMPERSONATION_LINUX
-libnpfs_a_SOURCES += user-linux.c
-else
-if USE_IMPERSONATION_GANESHA
+if MULTIUSER
+if USE_GANESHA_KMOD
 libnpfs_a_SOURCES += user-freebsd.c
 else
-libnpfs_a_SOURCES += user-stub.c
+libnpfs_a_SOURCES += user-linux.c
 endif
+else
+libnpfs_a_SOURCES += user-stub.c
 endif
 
 if RDMA