/*
* Find the name@domain string from either a user or group id
*/
int name_lookup(char *id, key_serial_t key, int type)
{
char name[IDMAP_NAMESZ];
char domain[NFS4_MAX_DOMAIN_LEN];
uid_t uid;
gid_t gid;
int rc;
rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN);
if (rc != 0) {
xlog_errno(rc,
"name_lookup: nfs4_get_default_domain failed: %m");
rc = -1;
goto out;
}
if (type == USER) {
uid = atoi(id);
rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ);
} else {
gid = atoi(id);
rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ);
}
if (rc < 0)
xlog_errno(rc, "name_lookup: %s: failed: %m",
(type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
if (rc == 0) {
rc = keyctl_instantiate(key, &name, strlen(name), 0);
if (rc < 0)
xlog_err("name_lookup: keyctl_instantiate failed: %m");
}
out:
return rc;
}
static int display_default_domain(void)
{
char domain[NFS4_MAX_DOMAIN_LEN];
int rc;
rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN);
if (rc) {
xlog_errno(rc, "nfs4_get_default_domain failed: %m");
return EXIT_FAILURE;
}
printf("%s\n", domain);
return EXIT_SUCCESS;
}
/*
* Find either a user or group id based on the name@domain string
*/
static int id_lookup(char *name_at_domain, key_serial_t key, int type)
{
char id[MAX_ID_LEN];
uid_t uid = 0;
gid_t gid = 0;
int rc;
if (type == USER) {
rc = nfs4_owner_to_uid(name_at_domain, &uid);
sprintf(id, "%u", uid);
} else {
rc = nfs4_group_owner_to_gid(name_at_domain, &gid);
sprintf(id, "%u", gid);
}
if (rc < 0) {
xlog_errno(rc, "id_lookup: %s: failed: %m",
(type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
return EXIT_FAILURE;
}
rc = EXIT_SUCCESS;
if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
switch (errno) {
case EDQUOT:
case ENFILE:
case ENOMEM:
/*
* The keyring is full. Clear the keyring and try again
*/
rc = keyring_clear(DEFAULT_KEYRING);
if (rc)
break;
if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
rc = EXIT_FAILURE;
xlog_err("id_lookup: keyctl_instantiate failed: %m");
}
break;
default:
rc = EXIT_FAILURE;
break;
}
}
return rc;
}
int main(int argc, char **argv)
{
char *arg;
char *value;
char *type;
int rc = 1, opt;
int timeout = 600;
key_serial_t key;
char *progname, *keystr = NULL;
int clearing = 0, keymask = 0, display = 0, list = 0;
/* Set the basename */
if ((progname = strrchr(argv[0], '/')) != NULL)
progname++;
else
progname = argv[0];
xlog_open(progname);
while ((opt = getopt(argc, argv, "du:g:r:ct:vl")) != -1) {
switch (opt) {
case 'd':
display++;
break;
case 'l':
list++;
break;
case 'u':
keymask = UIDKEYS;
keystr = strdup(optarg);
break;
case 'g':
keymask = GIDKEYS;
keystr = strdup(optarg);
break;
case 'r':
keymask = GIDKEYS|UIDKEYS;
keystr = strdup(optarg);
break;
case 'c':
clearing++;
break;
case 'v':
verbose++;
break;
case 't':
timeout = atoi(optarg);
break;
default:
xlog_warn(usage, progname);
break;
}
}
if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF))) {
xlog_errno(rc, "Unable to create name to user id mappings.");
return EXIT_FAILURE;
}
if (!verbose)
verbose = conf_get_num("General", "Verbosity", 0);
if (display)
return display_default_domain();
if (list)
return list_keyring(DEFAULT_KEYRING);
if (keystr) {
return key_invalidate(keystr, keymask);
}
if (clearing) {
xlog_syslog(0);
return keyring_clear(DEFAULT_KEYRING);
}
xlog_stderr(0);
if ((argc - optind) != 2) {
xlog_err("Bad arg count. Check /etc/request-key.conf");
xlog_warn(usage, progname);
return EXIT_FAILURE;
}
if (verbose)
nfs4_set_debug(verbose, NULL);
key = strtol(argv[optind++], NULL, 10);
arg = strdup(argv[optind]);
if (arg == NULL) {
xlog_err("strdup failed: %m");
return EXIT_FAILURE;
}
type = strtok(arg, ":");
value = strtok(NULL, ":");
if (value == NULL) {
free(arg);
xlog_err("Error: Null uid/gid value.");
return EXIT_FAILURE;
}
if (verbose) {
xlog_warn("key: 0x%lx type: %s value: %s timeout %ld",
key, type, value, timeout);
}
/* Become a possesor of the to-be-instantiated key to set the key's timeout */
request_key("keyring", DEFAULT_KEYRING, NULL, KEY_SPEC_THREAD_KEYRING);
if (strcmp(type, "uid") == 0)
rc = id_lookup(value, key, USER);
else if (strcmp(type, "gid") == 0)
rc = id_lookup(value, key, GROUP);
else if (strcmp(type, "user") == 0)
rc = name_lookup(value, key, USER);
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
/* Set timeout to 10 (600 seconds) minutes */
if (rc == EXIT_SUCCESS)
keyctl_set_timeout(key, timeout);
free(arg);
return rc;
}
