On Mon, 08 Mar 2010 10:36:36 -0500
Steve Dickson <SteveD@xxxxxxxxxx> wrote:
>
>
> On 02/19/2010 06:05 PM, Jeff Layton wrote:
> > The current mount, umount and showmount code uses
> > authunix_create_default to get an auth handle. The one provided by glibc
> > returned a truncated list of groups when there were more than 16 groups.
> > libtirpc however currently does an abort() in this case, which causes
> > the program to crash and dump core.
> >
> > nfs-utils just uses these auth handles for the MNT protocol, so the
> > group list doesn't make a lot of difference here. Add a new function
> > that creates an auth handle with a supplemental gids list that consists
> > only of the primary gid. Have nfs-utils use that function anywhere that
> > it currently uses authunix_create_default. Also, have the caller
> > properly check for a NULL return from that function.
> >
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> > support/include/nfsrpc.h | 3 +++
> > support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
> > utils/mount/network.c | 15 ++++++++++++---
> > utils/showmount/showmount.c | 8 +++++++-
> > 4 files changed, 43 insertions(+), 4 deletions(-)
> >
> > diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
> > index 4db35ab..6ebefca 100644
> > --- a/support/include/nfsrpc.h
> > +++ b/support/include/nfsrpc.h
> > @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
> > const unsigned short protocol,
> > const struct timeval *timeout);
> >
> > +/* create AUTH_SYS handle with no supplemental groups */
> > +extern AUTH * nfs_authsys_create(void);
> > +
> > #endif /* !__NFS_UTILS_NFSRPC_H */
> > diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
> > index 0e20824..aa6a205 100644
> > --- a/support/nfs/rpc_socket.c
> > +++ b/support/nfs/rpc_socket.c
> > @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
> >
> > return program;
> > }
> > +
> > +/*
> > + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
> > + * If there are more than that, trying to determine which ones to include
> > + * in the list is problematic. This function creates an auth handle that
> > + * only has the primary gid in the supplemental gids list. It's intended to
> > + * be used for protocols where credentials really don't matter much (the MNT
> > + * protocol, for instance).
> > + */
> > +AUTH *
> > +nfs_authsys_create(void)
> > +{
> > + char machname[MAXHOSTNAMELEN + 1];
> > + uid_t uid = geteuid();
> > + gid_t gid = getegid();
> > +
> > + if (gethostname(machname, sizeof(machname)) == -1)
> > + return NULL;
> > +
> > + return authsys_create(machname, uid, gid, 1, &gid);
> > +}
> The following patch is needed to fix regression when tirpc is
> disabled:
>
> steved.
>
> Author: Steve Dickson <steved@xxxxxxxxxx>
> Date: Mon Mar 8 10:24:44 2010 -0500
>
> Use authunix_create() instead of authsys_create() to fix regression.
>
> Commit 409b8 introduced a regression when the --disable-tirpc
> configuration flag is set. The authsys_create() interface, which
> was introduced, does not exist in the legacy glibc library.
>
> Since the authsys_create() interface is a redefined of the
> authunix_create() interface, which is defined in glibc, using
> authunix_create() resolves the regression,
>
> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>
> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
> index aa6a205..c14efe8 100644
> --- a/support/nfs/rpc_socket.c
> +++ b/support/nfs/rpc_socket.c
> @@ -576,5 +576,5 @@ nfs_authsys_create(void)
> if (gethostname(machname, sizeof(machname)) == -1)
> return NULL;
>
> - return authsys_create(machname, uid, gid, 1, &gid);
> + return authunix_create(machname, uid, gid, 1, &gid);
> }
>
Acked-by: Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
