| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
xstrdup() prints a messages and exits, except in statd where
is prints a message and fails. So there is no point printing
an extra message when xstrdup() fails, and except in statd,
no point calling exit() as well.
So remove some pointless code.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Describe how the NFSv4 domain name can be
now be found using the _nfsv4idmapdomain DNS
TXT record
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Use the correct exit code when an invalid option
use or the -h option.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
xlog_err() never returns. Change the xlog_err(),
when invalid arguments are use, to xlog_warn()
so the second xlog_warn, displaying the usage,
will be called.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Use the verbose command flag to turn on or off
logging to stderr.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the id_resolver keyring doesn't exist, the kernel has no cached
idmap information to expunge. AFAIK it's not an error.
If nfsidmap is run by a non-privileged user, the id_resolver keyring
is never visible. IMO that should be reported, but the error message
should report the privilege problem, not the missing keyring.
Reported-by: Amy Shi <amy.shi@oracle.com>
Fixes: 69aa69e7de80 ('nfsidmap: Allow keys to be cleared from the ')
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Make it unambiguous where 0 or 1 represent an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of name_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of id_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
User space can see the keys, but not their contents.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Recent versions of libkeyutils have find_key_by_type_and_desc()
which replaces the open-coded keyring search in keyring_clear().
I don't quite understand what's going on in key_invalidate(),
so I didn't touch it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Sorry for the extensive man page changes. I added the description
for the new "-d" option, then realized there was no explanation
about what an "NFSv4 domain name" is.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Detect when a given argument is invalid. Log
the error and exit gracefully
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add mention of new files, remove mention of old files,
and cause "make dist" to create something very similar to
the current distributions.
systemd files are not currently included in "make dist" and some
files generated by "rpcgen" are (though they aren't in official
distribution).
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The caller must be a possesor of the key to set the attributes, so link the
destination keyring to the current thread's keyring before instantiation so
that after instantiation the timeout can be set.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change the keyctl_invalidate call to use the syscall interface
directly so that when building with libkeyutils missing keyctl_invalidate
the build succeeds. Attempt to use _invalidate and fall back to
_revoke if the current kernel is missing _invalidate.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
According POSIX basename(3) should have an #include <libgen.h>
There are a different GNU implementation too, that can be used with
_GNU_SOURCE, but the POSIX version is good enough and more portable.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
With some recent kernel changes to the key ring
for a key to be removed they need to be invalidated
instead of revoked.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Errors were logged with xlog_err function relying on errno, but these
functions don't set it.
Fix the problem by introducing xlog_errno which set errno
Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
nfsidmap is not calling the nfs4_init_name_mapping()
function which initializes the default domain from
either the DNS domain or the Domain variable in /etc/idmap.conf
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
To make it easier to enable ID mapping debugging, nfsidmap
should read /etc/idmap.conf to see if the verbosity level
is set, similar to what rpc.idmapd does
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a key can not be added to a keyring because
the keyring is full or there is no memory for
the playload, keyctl_instantiate() will fail
and set the errno to -EDQUOT, -ENFILE or
-ENOMEM
When this happens, purge the keyring to
free things up and then try to re-add
the key.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...as that makes that library get linked into every binary. Also,
replace "hardcoded" -lnfsidmap linker flag in Makefiles with
a AC_SUBST variable.
This fixes a regression introduced in commit d7c64dd.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
|
| |
The 'clearing' variable was not being initialized
to zero which was cause the default key ring to
always be cleared.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introducing three new command line arguments
that allow particular keys to be revoke
-u will remove a uid key
-g will revoke a gid key
-r will revoke both the uid and gid keys
A user name has also needs to be supply with
these new flags.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Added the '-c' command line argument that will
clear all the keys from the keyring.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To aid in debugging, the -v flag can now be specified,
multiple time, on the command line to enable verbose
logging in both the nfsidmap command and libnfsidmap
library routines.
Also converted the timeout argument to use a -t flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Since this binary is being called by the kernel, errors
need to be logged to the syslog for help in debugging problems.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
I recently upgraded to 1.2.4 to use the new nfsidmap feature. While
following the manpage and the kernel documentation I noticed a
difference. Kernel docs mention key TYPE id_resolver while the manpage
states nfs_idmap. The following patch changes the manpage to the proper
type.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
This patch adds the nfsidmap program to nfs-utils. This program is
called by the nfs idmapper through request-keys to map between
uid / user name and gid / group name.
Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
