diff options
| author | Jeff Layton <jlayton@redhat.com> | 2010-03-01 08:07:34 -0500 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2010-03-01 08:07:34 -0500 |
| commit | 409b89cc7106154780400c6b2bdce46bc9d5db4b (patch) | |
| tree | 885dcd25423f99f588ffa7b042033f0d9b2fa362 /support | |
| parent | 9c8c2cd50d3cf0316c2a1bdf6cb9efc7e1a20be9 (diff) | |
| download | nfs-utils-409b89cc7106154780400c6b2bdce46bc9d5db4b.tar.gz nfs-utils-409b89cc7106154780400c6b2bdce46bc9d5db4b.tar.xz nfs-utils-409b89cc7106154780400c6b2bdce46bc9d5db4b.zip | |
nfs-utils: add and use nfs_authsys_create
The current mount, umount and showmount code uses
authunix_create_default to get an auth handle. The one provided by glibc
returned a truncated list of groups when there were more than 16 groups.
libtirpc however currently does an abort() in this case, which causes
the program to crash and dump core.
nfs-utils just uses these auth handles for the MNT protocol, so the
group list doesn't make a lot of difference here. Add a new function
that creates an auth handle with a supplemental gids list that consists
only of the primary gid. Have nfs-utils use that function anywhere that
it currently uses authunix_create_default. Also, have the caller
properly check for a NULL return from that function.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'support')
| -rw-r--r-- | support/include/nfsrpc.h | 3 | ||||
| -rw-r--r-- | support/nfs/rpc_socket.c | 21 |
2 files changed, 24 insertions, 0 deletions
diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h index 4db35ab..6ebefca 100644 --- a/support/include/nfsrpc.h +++ b/support/include/nfsrpc.h @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap, const unsigned short protocol, const struct timeval *timeout); +/* create AUTH_SYS handle with no supplemental groups */ +extern AUTH * nfs_authsys_create(void); + #endif /* !__NFS_UTILS_NFSRPC_H */ diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c index 0e20824..aa6a205 100644 --- a/support/nfs/rpc_socket.c +++ b/support/nfs/rpc_socket.c @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[]) return program; } + +/* + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list. + * If there are more than that, trying to determine which ones to include + * in the list is problematic. This function creates an auth handle that + * only has the primary gid in the supplemental gids list. It's intended to + * be used for protocols where credentials really don't matter much (the MNT + * protocol, for instance). + */ +AUTH * +nfs_authsys_create(void) +{ + char machname[MAXHOSTNAMELEN + 1]; + uid_t uid = geteuid(); + gid_t gid = getegid(); + + if (gethostname(machname, sizeof(machname)) == -1) + return NULL; + + return authsys_create(machname, uid, gid, 1, &gid); +} |