int main(int argc, char *argv[]) { int get_creds = 1; int fg = 0; int verbosity = 0; int rpc_verbosity = 0; int idmap_verbosity = 0; int opt, status; extern char *optarg; char *progname; char *principal = NULL; while ((opt = getopt(argc, argv, "fivrnp:")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'i': idmap_verbosity++; break; case 'n': get_creds = 0; break; case 'v': verbosity++; break; case 'r': rpc_verbosity++; break; case 'p': principal = optarg; break; default: usage(argv[0]); break; } } if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; initerr(progname, verbosity, fg); #ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL if (verbosity && rpc_verbosity == 0) rpc_verbosity = verbosity; authgss_set_debug_level(rpc_verbosity); #elif HAVE_LIBTIRPC_SET_DEBUG /* * Only set the libtirpc debug level if explicitly requested via -r... * svcgssd is chatty enough as it is. */ if (rpc_verbosity > 0) libtirpc_set_debug(progname, rpc_verbosity, fg); #else if (rpc_verbosity > 0) printerr(0, "Warning: rpcsec_gss library does not " "support setting debug level\n"); #endif #ifdef HAVE_NFS4_SET_DEBUG if (verbosity && idmap_verbosity == 0) idmap_verbosity = verbosity; nfs4_set_debug(idmap_verbosity, NULL); #else if (idmap_verbosity > 0) printerr(0, "Warning: your nfsidmap library does not " "support setting debug level\n"); #endif if (gssd_check_mechs() != 0) { printerr(0, "ERROR: Problem with gssapi library\n"); exit(1); } daemon_init(fg); signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); if (get_creds) { if (principal) status = gssd_acquire_cred(principal, ((const gss_OID)GSS_C_NT_USER_NAME)); else status = gssd_acquire_cred(GSSD_SERVICE_NAME, (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE); if (status == FALSE) { printerr(0, "unable to obtain root (machine) credentials\n"); printerr(0, "do you have a keytab entry for " "nfs/<your.host>@<YOUR.REALM> in " "/etc/krb5.keytab?\n"); exit(1); } } else { status = gssd_acquire_cred(NULL, (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE); if (status == FALSE) { printerr(0, "unable to obtain nameless credentials\n"); exit(1); } } daemon_ready(); nfs4_init_name_mapping(NULL); /* XXX: should only do this once */ gssd_run(); printerr(0, "gssd_run returned!\n"); abort(); }
int main(int argc, char **argv) { char *arg; char *value; char *type; int rc = 1, opt; int timeout = 600; key_serial_t key; char *progname, *keystr = NULL; int clearing = 0, keymask = 0, display = 0, list = 0; /* Set the basename */ if ((progname = strrchr(argv[0], '/')) != NULL) progname++; else progname = argv[0]; xlog_open(progname); while ((opt = getopt(argc, argv, "du:g:r:ct:vl")) != -1) { switch (opt) { case 'd': display++; break; case 'l': list++; break; case 'u': keymask = UIDKEYS; keystr = strdup(optarg); break; case 'g': keymask = GIDKEYS; keystr = strdup(optarg); break; case 'r': keymask = GIDKEYS|UIDKEYS; keystr = strdup(optarg); break; case 'c': clearing++; break; case 'v': verbose++; break; case 't': timeout = atoi(optarg); break; default: xlog_warn(usage, progname); break; } } if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF))) { xlog_errno(rc, "Unable to create name to user id mappings."); return EXIT_FAILURE; } if (!verbose) verbose = conf_get_num("General", "Verbosity", 0); if (display) return display_default_domain(); if (list) return list_keyring(DEFAULT_KEYRING); if (keystr) { return key_invalidate(keystr, keymask); } if (clearing) { xlog_syslog(0); return keyring_clear(DEFAULT_KEYRING); } xlog_stderr(0); if ((argc - optind) != 2) { xlog_err("Bad arg count. Check /etc/request-key.conf"); xlog_warn(usage, progname); return EXIT_FAILURE; } if (verbose) nfs4_set_debug(verbose, NULL); key = strtol(argv[optind++], NULL, 10); arg = strdup(argv[optind]); if (arg == NULL) { xlog_err("strdup failed: %m"); return EXIT_FAILURE; } type = strtok(arg, ":"); value = strtok(NULL, ":"); if (value == NULL) { free(arg); xlog_err("Error: Null uid/gid value."); return EXIT_FAILURE; } if (verbose) { xlog_warn("key: 0x%lx type: %s value: %s timeout %ld", key, type, value, timeout); } /* Become a possesor of the to-be-instantiated key to set the key's timeout */ request_key("keyring", DEFAULT_KEYRING, NULL, KEY_SPEC_THREAD_KEYRING); if (strcmp(type, "uid") == 0) rc = id_lookup(value, key, USER); else if (strcmp(type, "gid") == 0) rc = id_lookup(value, key, GROUP); else if (strcmp(type, "user") == 0) rc = name_lookup(value, key, USER); else if (strcmp(type, "group") == 0) rc = name_lookup(value, key, GROUP); /* Set timeout to 10 (600 seconds) minutes */ if (rc == EXIT_SUCCESS) keyctl_set_timeout(key, timeout); free(arg); return rc; }