/* * Find the name@domain string from either a user or group id */ int name_lookup(char *id, key_serial_t key, int type) { char name[IDMAP_NAMESZ]; char domain[NFS4_MAX_DOMAIN_LEN]; uid_t uid; gid_t gid; int rc; rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN); if (rc != 0) { xlog_errno(rc, "name_lookup: nfs4_get_default_domain failed: %m"); rc = -1; goto out; } if (type == USER) { uid = atoi(id); rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ); } else { gid = atoi(id); rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ); } if (rc < 0) xlog_errno(rc, "name_lookup: %s: failed: %m", (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name")); if (rc == 0) { rc = keyctl_instantiate(key, &name, strlen(name), 0); if (rc < 0) xlog_err("name_lookup: keyctl_instantiate failed: %m"); } out: return rc; }
static int display_default_domain(void) { char domain[NFS4_MAX_DOMAIN_LEN]; int rc; rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN); if (rc) { xlog_errno(rc, "nfs4_get_default_domain failed: %m"); return EXIT_FAILURE; } printf("%s\n", domain); return EXIT_SUCCESS; }
/* * Find either a user or group id based on the name@domain string */ static int id_lookup(char *name_at_domain, key_serial_t key, int type) { char id[MAX_ID_LEN]; uid_t uid = 0; gid_t gid = 0; int rc; if (type == USER) { rc = nfs4_owner_to_uid(name_at_domain, &uid); sprintf(id, "%u", uid); } else { rc = nfs4_group_owner_to_gid(name_at_domain, &gid); sprintf(id, "%u", gid); } if (rc < 0) { xlog_errno(rc, "id_lookup: %s: failed: %m", (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid")); return EXIT_FAILURE; } rc = EXIT_SUCCESS; if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) { switch (errno) { case EDQUOT: case ENFILE: case ENOMEM: /* * The keyring is full. Clear the keyring and try again */ rc = keyring_clear(DEFAULT_KEYRING); if (rc) break; if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) { rc = EXIT_FAILURE; xlog_err("id_lookup: keyctl_instantiate failed: %m"); } break; default: rc = EXIT_FAILURE; break; } } return rc; }
int main(int argc, char **argv) { char *arg; char *value; char *type; int rc = 1, opt; int timeout = 600; key_serial_t key; char *progname, *keystr = NULL; int clearing = 0, keymask = 0, display = 0, list = 0; /* Set the basename */ if ((progname = strrchr(argv[0], '/')) != NULL) progname++; else progname = argv[0]; xlog_open(progname); while ((opt = getopt(argc, argv, "du:g:r:ct:vl")) != -1) { switch (opt) { case 'd': display++; break; case 'l': list++; break; case 'u': keymask = UIDKEYS; keystr = strdup(optarg); break; case 'g': keymask = GIDKEYS; keystr = strdup(optarg); break; case 'r': keymask = GIDKEYS|UIDKEYS; keystr = strdup(optarg); break; case 'c': clearing++; break; case 'v': verbose++; break; case 't': timeout = atoi(optarg); break; default: xlog_warn(usage, progname); break; } } if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF))) { xlog_errno(rc, "Unable to create name to user id mappings."); return EXIT_FAILURE; } if (!verbose) verbose = conf_get_num("General", "Verbosity", 0); if (display) return display_default_domain(); if (list) return list_keyring(DEFAULT_KEYRING); if (keystr) { return key_invalidate(keystr, keymask); } if (clearing) { xlog_syslog(0); return keyring_clear(DEFAULT_KEYRING); } xlog_stderr(0); if ((argc - optind) != 2) { xlog_err("Bad arg count. Check /etc/request-key.conf"); xlog_warn(usage, progname); return EXIT_FAILURE; } if (verbose) nfs4_set_debug(verbose, NULL); key = strtol(argv[optind++], NULL, 10); arg = strdup(argv[optind]); if (arg == NULL) { xlog_err("strdup failed: %m"); return EXIT_FAILURE; } type = strtok(arg, ":"); value = strtok(NULL, ":"); if (value == NULL) { free(arg); xlog_err("Error: Null uid/gid value."); return EXIT_FAILURE; } if (verbose) { xlog_warn("key: 0x%lx type: %s value: %s timeout %ld", key, type, value, timeout); } /* Become a possesor of the to-be-instantiated key to set the key's timeout */ request_key("keyring", DEFAULT_KEYRING, NULL, KEY_SPEC_THREAD_KEYRING); if (strcmp(type, "uid") == 0) rc = id_lookup(value, key, USER); else if (strcmp(type, "gid") == 0) rc = id_lookup(value, key, GROUP); else if (strcmp(type, "user") == 0) rc = name_lookup(value, key, USER); else if (strcmp(type, "group") == 0) rc = name_lookup(value, key, GROUP); /* Set timeout to 10 (600 seconds) minutes */ if (rc == EXIT_SUCCESS) keyctl_set_timeout(key, timeout); free(arg); return rc; }