nfsidmap: keyring_clear() should succeed if id_resolver keyring not found

If the id_resolver keyring doesn't exist, the kernel has no cached
idmap information to expunge. AFAIK it's not an error.

If nfsidmap is run by a non-privileged user, the id_resolver keyring
is never visible. IMO that should be reported, but the error message
should report the privilege problem, not the missing keyring.

Reported-by: Amy Shi <amy.shi@oracle.com>
Fixes: 69aa69e7de80 ('nfsidmap: Allow keys to be cleared from the ')
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1 files changed, 9 insertions, 4 deletions

diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
index 507193b..15b4a51 100644
--- a/utils/nfsidmap/nfsidmap.c
+++ b/utils/nfsidmap/nfsidmap.c
@@ -80,8 +80,9 @@ static int keyring_clear(const char *keyring)
 
 	key = find_key_by_type_and_desc("keyring", keyring, 0);
 	if (key == -1) {
-		xlog_err("'%s' keyring was not found.", keyring);
-		return EXIT_FAILURE;
+		if (verbose)
+			xlog_warn("'%s' keyring was not found.", keyring);
+		return EXIT_SUCCESS;
 	}
 
 	if (keyctl_clear(key) < 0) {
@@ -89,10 +90,9 @@ static int keyring_clear(const char *keyring)
 				(unsigned int)key);
 		return EXIT_FAILURE;
 	}
-	
+
 	if (verbose)
 		xlog_warn("'%s' cleared", keyring);
-
 	return EXIT_SUCCESS;
 }
 
@@ -404,6 +404,11 @@ int main(int argc, char **argv)
 		}
 	}
 
+	if (geteuid() != 0) {
+		xlog_err("Must be run as root.");
+		return EXIT_FAILURE;
+	}
+
 	if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF)))  {
 		xlog_errno(rc, "Unable to create name to user id mappings.");
 		return EXIT_FAILURE;