On 02/19/2010 06:05 PM, Jeff Layton wrote:
> The current mount, umount and showmount code uses
> authunix_create_default to get an auth handle. The one provided by glibc
> returned a truncated list of groups when there were more than 16 groups.
> libtirpc however currently does an abort() in this case, which causes
> the program to crash and dump core.
>
> nfs-utils just uses these auth handles for the MNT protocol, so the
> group list doesn't make a lot of difference here. Add a new function
> that creates an auth handle with a supplemental gids list that consists
> only of the primary gid. Have nfs-utils use that function anywhere that
> it currently uses authunix_create_default. Also, have the caller
> properly check for a NULL return from that function.
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> support/include/nfsrpc.h | 3 +++
> support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
> utils/mount/network.c | 15 ++++++++++++---
> utils/showmount/showmount.c | 8 +++++++-
> 4 files changed, 43 insertions(+), 4 deletions(-)
>
> diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
> index 4db35ab..6ebefca 100644
> --- a/support/include/nfsrpc.h
> +++ b/support/include/nfsrpc.h
> @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
> const unsigned short protocol,
> const struct timeval *timeout);
>
> +/* create AUTH_SYS handle with no supplemental groups */
> +extern AUTH * nfs_authsys_create(void);
> +
> #endif /* !__NFS_UTILS_NFSRPC_H */
> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
> index 0e20824..aa6a205 100644
> --- a/support/nfs/rpc_socket.c
> +++ b/support/nfs/rpc_socket.c
> @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
>
> return program;
> }
> +
> +/*
> + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
> + * If there are more than that, trying to determine which ones to include
> + * in the list is problematic. This function creates an auth handle that
> + * only has the primary gid in the supplemental gids list. It's intended to
> + * be used for protocols where credentials really don't matter much (the MNT
> + * protocol, for instance).
> + */
> +AUTH *
> +nfs_authsys_create(void)
> +{
> + char machname[MAXHOSTNAMELEN + 1];
> + uid_t uid = geteuid();
> + gid_t gid = getegid();
> +
> + if (gethostname(machname, sizeof(machname)) == -1)
> + return NULL;
> +
> + return authsys_create(machname, uid, gid, 1, &gid);
> +}
The following patch is needed to fix regression when tirpc is
disabled:
steved.
Author: Steve Dickson <steved@xxxxxxxxxx>
Date: Mon Mar 8 10:24:44 2010 -0500
Use authunix_create() instead of authsys_create() to fix regression.
Commit 409b8 introduced a regression when the --disable-tirpc
configuration flag is set. The authsys_create() interface, which
was introduced, does not exist in the legacy glibc library.
Since the authsys_create() interface is a redefined of the
authunix_create() interface, which is defined in glibc, using
authunix_create() resolves the regression,
Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
index aa6a205..c14efe8 100644
--- a/support/nfs/rpc_socket.c
+++ b/support/nfs/rpc_socket.c
@@ -576,5 +576,5 @@ nfs_authsys_create(void)
if (gethostname(machname, sizeof(machname)) == -1)
return NULL;
- return authsys_create(machname, uid, gid, 1, &gid);
+ return authunix_create(machname, uid, gid, 1, &gid);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
