diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2015-09-16 10:19:36 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2015-09-16 11:21:41 -0400 |
| commit | 8903d75ed4abd4207873b315885b559abfaa2af8 (patch) | |
| tree | 9695895a4079a1f88d9e4cc14d54ab9d7ce05eb1 /utils/nfsidmap/nfsidmap.c | |
| parent | 5135a70fd0917986a575f9f01d0a29b5c93c4041 (diff) | |
| download | nfs-utils-8903d75ed4abd4207873b315885b559abfaa2af8.tar.gz nfs-utils-8903d75ed4abd4207873b315885b559abfaa2af8.tar.xz nfs-utils-8903d75ed4abd4207873b315885b559abfaa2af8.zip | |
nfsidmap: Use find_key_by_type_and_desc() if available
Recent versions of libkeyutils have find_key_by_type_and_desc()
which replaces the open-coded keyring search in keyring_clear().
I don't quite understand what's going on in key_invalidate(),
so I didn't touch it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils/nfsidmap/nfsidmap.c')
| -rw-r--r-- | utils/nfsidmap/nfsidmap.c | 105 |
1 files changed, 61 insertions, 44 deletions
diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c index dd490aa..7a38d52 100644 --- a/utils/nfsidmap/nfsidmap.c +++ b/utils/nfsidmap/nfsidmap.c @@ -1,3 +1,4 @@ +#include "config.h" #include <stdarg.h> #include <stdio.h> @@ -32,11 +33,69 @@ char *usage = "Usage: %s [-v] [-c || [-u|-g|-r key] || -d || [-t timeout] key de #define PATH_IDMAPDCONF "/etc/idmapd.conf" #endif -static int keyring_clear(char *keyring); - #define UIDKEYS 0x1 #define GIDKEYS 0x2 +#ifndef HAVE_FIND_KEY_BY_TYPE_AND_DESC +static key_serial_t find_key_by_type_and_desc(const char *type, + const char *desc, key_serial_t destringid) +{ + char buf[BUFSIZ]; + key_serial_t key; + FILE *fp; + + if ((fp = fopen(PROCKEYS, "r")) == NULL) { + xlog_err("fopen(%s) failed: %m", PROCKEYS); + return -1; + } + + key = -1; + while(fgets(buf, BUFSIZ, fp) != NULL) { + unsigned int id; + + if (strstr(buf, type) == NULL) + continue; + if (strstr(buf, desc) == NULL) + continue; + if (sscanf(buf, "%x %*s", &id) != 1) { + xlog_err("Unparsable keyring entry in %s", PROCKEYS); + continue; + } + + key = (key_serial_t)id; + break; + } + + fclose(fp); + return key; +} +#endif + +/* + * Clear all the keys on the given keyring + */ +static int keyring_clear(const char *keyring) +{ + key_serial_t key; + + key = find_key_by_type_and_desc("keyring", keyring, 0); + if (key == -1) { + xlog_err("'%s' keyring was not found.", keyring); + return EXIT_FAILURE; + } + + if (keyctl_clear(key) < 0) { + xlog_err("keyctl_clear(0x%x) failed: %m", + (unsigned int)key); + return EXIT_FAILURE; + } + + if (verbose) + xlog_warn("'%s' cleared", keyring); + + return EXIT_SUCCESS; +} + static int display_default_domain(void) { char domain[NFS4_MAX_DOMAIN_LEN]; @@ -136,49 +195,7 @@ int name_lookup(char *id, key_serial_t key, int type) out: return rc; } -/* - * Clear all the keys on the given keyring - */ -static int keyring_clear(char *keyring) -{ - FILE *fp; - char buf[BUFSIZ]; - key_serial_t key; - - if (keyring == NULL) - keyring = DEFAULT_KEYRING; - - if ((fp = fopen(PROCKEYS, "r")) == NULL) { - xlog_err("fopen(%s) failed: %m", PROCKEYS); - return 1; - } - while(fgets(buf, BUFSIZ, fp) != NULL) { - if (strstr(buf, "keyring") == NULL) - continue; - if (strstr(buf, keyring) == NULL) - continue; - if (verbose) { - *(strchr(buf, '\n')) = '\0'; - xlog_warn("clearing '%s'", buf); - } - /* - * The key is the first arugment in the string - */ - *(strchr(buf, ' ')) = '\0'; - sscanf(buf, "%x", &key); - if (keyctl_clear(key) < 0) { - xlog_err("keyctl_clear(0x%x) failed: %m", key); - fclose(fp); - return 1; - } - fclose(fp); - return 0; - } - xlog_err("'%s' keyring was not found.", keyring); - fclose(fp); - return 1; -} /* * Revoke a key */ |