Add support for mount export for fuse-nfs

[afbjorklund]

mount: only root can use "--options" option

Led me to: https://github.com/sahlberg/fuse-nfs

It wants to list the exported file systems, for mount.

$ fuse-nfs -n "nfs://127.0.0.1/mount?nfsport=46335&mountport=46335" -m /tmp/nfs
... [ERROR] No handler for 100005.5
Failed to mount nfs share : zdr_replymsg failed in rpc_process_reply: libnfs_rpc_msg failed to decode REPLY, ret=0: libnfs_rpc_reply_body failed to decode ACCEPTED

But currently the nullauth ignores the dirpath anyway.

$ nfs-ls -D "nfs://127.0.0.1?nfsport=46335&mountport=46335"
nfs://127.0.0.1/mount
$ nfs-ls "nfs://127.0.0.1/mount?nfsport=46335&mountport=46335"
-rw-rw-rw-  1     0     0           11 hello.txt

[willscott]

I'm okay with the general structure of allowing a custom auth handler to implement Export. I think the degraded case for null auth probably should be closer to 'not supporting it'

[afbjorklund]

I couldn't figure out if ex_groups was allowed to be empty or not, so added "anonymous" (a synonym for *)

https://www.ietf.org/rfc/rfc1813.html#section-5.2.5

[afbjorklund]

I used nfs-ls rather than showmount, because it was easier to add port support in libnfs.

• Allow getexports to use a different mountport sahlberg/libnfs#534

[willscott]

My reading is that groups can be nil, since it's defined as a pointer.
can you try that and see if nfs-ls still works?

[afbjorklund]

Sure, it still works even without the groups.

 // List of all exported file systems.
 func (h *NullAuthHandler) Export(context.Context) []nfs.Export {
-       groups := []nfs.Group{{Name: []byte("anonymous")}}
-       return []nfs.Export{{Dir: []byte("/mount"), Groups: groups}}
+       return []nfs.Export{{Dir: []byte("/mount")}}
 }
 

[willscott]

I believe this is *Group rather than []Group - in that it is either nil or the next group in a linked list, right?

[afbjorklund]

It is, but the Go wrapper "helpfully" dereferences all pointers - so we declare it as an array instead.

[afbjorklund]

They are documented as equivalent in XDR: https://datatracker.ietf.org/doc/html/rfc1014#section-3.18

[willscott]

The pattern in the rest of this library has been to write the individual fields with the extra 0 to signify the end of the list

e.g. https://github.com/willscott/go-nfs/blob/master/nfs_onreaddir.go#L116

while this is more fiddly, it makes the type 'logically correct', so that the caller doesn't have to understand the nuance.

[willscott]

The main consideration I've been trying to think through is whether this is a good 'core type' for ACL groups - since the rest of auth is not implemented here, I worry that a partial type would be hard for a separate implementation of an auth handler / auth to be able to integrate.

That makes me wonder if there's either a way to more generally stub out this part of mounting for implementation in a custom authentication handler, or if there's a complete but still simple authentication example that can do both this and use of the opaque group object.

I'm not asking for that from you, but I'm going to take a couple more days to go back to the spec to make sure the interface for the library is decent.

[willscott]

The pattern in the rest of this library has been to write the individual fields with the extra 0 to signify the end of the list

e.g. https://github.com/willscott/go-nfs/blob/master/nfs_onreaddir.go#L116

while this is more fiddly, it makes the type 'logically correct', so that the caller doesn't have to understand the nuance.