I thought we were going to call this nfs.idmap ... ? On Oct 25, 2010, at 6:40 PM, Trond Myklebust wrote: > From: Bryan Schumaker <bjschuma@xxxxxxxxxx> > > Add nfs.upcall > > This patch adds the nfs.upcall program to nfs-utils. This program is called by > the nfs idmapper through request-keys to map between uid / user name and > gid / group name. > > Signed-off-by: Bryan Schumaker <bjschuma@xxxxxxxxxx> > Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx> > --- > aclocal/keyutils.m4 | 11 ++++ > configure.ac | 4 ++ > utils/Makefile.am | 1 + > utils/nfs.upcall/Makefile.am | 7 +++ > utils/nfs.upcall/nfs.upcall.c | 120 +++++++++++++++++++++++++++++++++++++++++ > 5 files changed, 143 insertions(+), 0 deletions(-) > create mode 100644 aclocal/keyutils.m4 > create mode 100644 utils/nfs.upcall/Makefile.am > create mode 100644 utils/nfs.upcall/nfs.upcall.c > > diff --git a/aclocal/keyutils.m4 b/aclocal/keyutils.m4 > new file mode 100644 > index 0000000..8aea646 > --- /dev/null > +++ b/aclocal/keyutils.m4 > @@ -0,0 +1,11 @@ > +dnl Checks for keyutils library and headers > +dnl > +AC_DEFUN([AC_KEYUTILS], [ > + > + dnl Check for libkeyutils; do not add to LIBS if found > + AC_CHECK_LIB([keyutils], [keyctl_instantiate], [LIBKEYUTILS=-lkeyutils], ,) > + AC_SUBST(LIBKEYUTILS) > + > + AC_CHECK_HEADERS([keyutils.h], , > + [AC_MSG_ERROR([keyutils.h header not found.])]) > +])dnl > diff --git a/configure.ac b/configure.ac > index 3058be6..a5e8620 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -247,6 +247,9 @@ if test "$enable_nfsv4" = yes; then > dnl check for nfsidmap libraries and headers > AC_LIBNFSIDMAP > > + dnl check for the keyutils libraries and headers > + AC_KEYUTILS > + > dnl librpcsecgss already has a dependency on libgssapi, > dnl but we need to make sure we get the right version > if test "$enable_gss" = yes; then > @@ -435,6 +438,7 @@ AC_CONFIG_FILES([ > utils/mountd/Makefile > utils/nfsd/Makefile > utils/nfsstat/Makefile > + utils/nfs.upcall/Makefile > utils/showmount/Makefile > utils/statd/Makefile > tests/Makefile > diff --git a/utils/Makefile.am b/utils/Makefile.am > index 8665183..0104a6c 100644 > --- a/utils/Makefile.am > +++ b/utils/Makefile.am > @@ -4,6 +4,7 @@ OPTDIRS = > > if CONFIG_NFSV4 > OPTDIRS += idmapd > +OPTDIRS += nfs.upcall > endif > > if CONFIG_GSS > diff --git a/utils/nfs.upcall/Makefile.am b/utils/nfs.upcall/Makefile.am > new file mode 100644 > index 0000000..52afd3d > --- /dev/null > +++ b/utils/nfs.upcall/Makefile.am > @@ -0,0 +1,7 @@ > +## Process this file with automake to produce Makefile.in > + > +sbin_PROGRAMS = nfs.upcall > +nfs_upcall_SOURCES = nfs.upcall.c > +nfs_upcall_LDADD = -lnfsidmap -lkeyutils > + > +MAINTAINERCLEANFILES = Makefile.in > diff --git a/utils/nfs.upcall/nfs.upcall.c b/utils/nfs.upcall/nfs.upcall.c > new file mode 100644 > index 0000000..11b9a01 > --- /dev/null > +++ b/utils/nfs.upcall/nfs.upcall.c > @@ -0,0 +1,120 @@ > + > +#include <stdarg.h> > +#include <stdio.h> > +#include <stdlib.h> > +#include <string.h> > + > +#include <pwd.h> > +#include <grp.h> > +#include <keyutils.h> > +#include <nfsidmap.h> > + > +#include <syslog.h> > + > +/* gcc nfs.upcall.c -o nfs.upcall -l nfsidmap -l keyutils */ > + > +#define MAX_ID_LEN 11 > +#define IDMAP_NAMESZ 128 > +#define USER 1 > +#define GROUP 0 > + > + > +/* > + * Find either a user or group id based on the name@domain string > + */ > +int id_lookup(char *name_at_domain, key_serial_t key, int type) > +{ > + char id[MAX_ID_LEN]; > + uid_t uid = 0; > + gid_t gid = 0; > + > + if (type == USER) { > + nfs4_owner_to_uid(name_at_domain, &uid); > + sprintf(id, "%u", uid); > + } else { > + nfs4_group_owner_to_gid(name_at_domain, &gid); > + sprintf(id, "%u", gid); > + } > + > + return keyctl_instantiate(key, id, strlen(id) + 1, 0); > +} > + > +/* > + * Find the name@domain string from either a user or group id > + */ > +int name_lookup(char *id, key_serial_t key, int type) > +{ > + char name[IDMAP_NAMESZ]; > + char domain[NFS4_MAX_DOMAIN_LEN]; > + uid_t uid; > + gid_t gid; > + int rc = 0; > + > + rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN); > + if (rc != 0) { > + rc = -1; > + goto out; > + } > + > + if (type == USER) { > + uid = atoi(id); > + rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ); > + } else { > + gid = atoi(id); > + rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ); > + } > + > + if (rc == 0) > + rc = keyctl_instantiate(key, &name, strlen(name), 0); > + > +out: > + return rc; > +} > + > +int main(int argc, char **argv) > +{ > + char *arg; > + char *value; > + char *type; > + int rc = 1; > + int timeout = 600; > + key_serial_t key; > + > + /*openlog("nfs.upcall", 0, LOG_DAEMON);*/ > + > + if (argc < 3) > + return 1; > + > + arg = malloc(sizeof(char) * strlen(argv[2]) + 1); > + strcpy(arg, argv[2]); > + type = strtok(arg, ":"); > + value = strtok(NULL, ":"); > + > + if (argc == 4) { > + timeout = atoi(argv[3]); > + if (timeout < 0) > + timeout = 0; > + } > + > + /*syslog(LOG_ERR, "type: %s", type); > + syslog(LOG_ERR, "value: %s", value); > + syslog(LOG_ERR, "timeout: %d", timeout);*/ > + > + key = strtol(argv[1], NULL, 10); > + > + if (strcmp(type, "uid") == 0) > + rc = id_lookup(value, key, USER); > + else if (strcmp(type, "gid") == 0) > + rc = id_lookup(value, key, GROUP); > + else if (strcmp(type, "user") == 0) > + rc = name_lookup(value, key, USER); > + else if (strcmp(type, "group") == 0) > + rc = name_lookup(value, key, GROUP); > + > + /* Set timeout to 5 (600 seconds) minutes */ > + keyctl_set_timeout(key, timeout); > + > + free(arg); > + /*closelog();*/ > + return rc; > +} > -- > 1.7.2.3 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Chuck Lever chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html