Re: [PATCH 1/2] nfsidmap: Allow all keys to clear on the keyring

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 11/17/2011 03:36 PM, Tigran Mkrtchyan wrote:
> On Thu, Nov 17, 2011 at 9:26 PM, Steve Dickson <steved@xxxxxxxxxx> wrote:
>> Introduce the '-c [keyring]' command line argument
>> which will clear the giving keyring of the keys.
>> If a keyring not supplied the default 'id_resolver'
>> keyring will be used.
>>
>> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>> ---
>>  utils/nfsidmap/nfsidmap.c   |   62 +++++++++++++++++++++++++++++++++++++++---
>>  utils/nfsidmap/nfsidmap.man |   14 ++++++++-
>>  2 files changed, 69 insertions(+), 7 deletions(-)
>>
>> diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
>> index 6a09f38..2625dc1 100644
>> --- a/utils/nfsidmap/nfsidmap.c
>> +++ b/utils/nfsidmap/nfsidmap.c
>> @@ -13,12 +13,14 @@
>>  #include "xlog.h"
>>
>>  int verbose = 0;
>> -char *usage="Usage: %s [-v] [-t timeout] key desc";
>> +char *usage="Usage: %s [-v] [-c [keyring]] [-t timeout] key desc";
>>
>>  #define MAX_ID_LEN   11
>>  #define IDMAP_NAMESZ 128
>>  #define USER  1
>>  #define GROUP 0
>> +#define DEFAULT_KEYRING "id_resolver"
>> +#define PROCKEYS "/proc/keys"
>>
>>  /*
>>  * Find either a user or group id based on the name@domain string
>> @@ -87,6 +89,47 @@ int name_lookup(char *id, key_serial_t key, int type)
>>  out:
>>        return rc;
>>  }
>> +/*
>> + * Clear all the keys on the given keyring
>> + */
>> +static int keyring_clear(char *keyring)
>> +{
>> +       FILE *fp;
>> +       char buf[BUFSIZ];
>> +       key_serial_t key;
>> +
>> +       xlog_syslog(0);
>> +       if (keyring == NULL)
>> +               keyring = DEFAULT_KEYRING;
>> +
>> +       if ((fp = fopen(PROCKEYS, "r")) == NULL) {
> 
> The same comment here: fp never closed.
Got it..

steved.
> 
> Tigran.
>> +               xlog_err("fopen(%s) failed: %m", PROCKEYS);
>> +               return 1;
>> +       }
>> +
>> +       while(fgets(buf, BUFSIZ, fp) != NULL) {
>> +               if (strstr(buf, "keyring") == NULL)
>> +                       continue;
>> +               if (strstr(buf, keyring) == NULL)
>> +                       continue;
>> +               if (verbose) {
>> +                       *(strchr(buf, '\n')) = '\0';
>> +                       xlog_warn("clearing '%s'", buf);
>> +               }
>> +               /*
>> +                * The key is the first arugment in the string
>> +                */
>> +               *(strchr(buf, ' ')) = '\0';
>> +               sscanf(buf, "%x", &key);
>> +               if (keyctl_clear(key) < 0) {
>> +                       xlog_err("keyctl_clear(0x%x) failed: %m", key);
>> +                       return 1;
>> +               }
>> +               return 0;
>> +       }
>> +       xlog_err("'%s' keyring was not found.", keyring);
>> +       return 1;
>> +}
>>
>>  int main(int argc, char **argv)
>>  {
>> @@ -96,7 +139,8 @@ int main(int argc, char **argv)
>>        int rc = 1, opt;
>>        int timeout = 600;
>>        key_serial_t key;
>> -       char *progname;
>> +       char *progname, *keyring = NULL;
>> +       int clearring;
>>
>>        /* Set the basename */
>>        if ((progname = strrchr(argv[0], '/')) != NULL)
>> @@ -105,11 +149,12 @@ int main(int argc, char **argv)
>>                progname = argv[0];
>>
>>        xlog_open(progname);
>> -       xlog_syslog(1);
>> -       xlog_stderr(0);
>>
>> -       while ((opt = getopt(argc, argv, "t:v")) != -1) {
>> +       while ((opt = getopt(argc, argv, "ct:v")) != -1) {
>>                switch (opt) {
>> +               case 'c':
>> +                       clearring++;
>> +                       break;
>>                case 'v':
>>                        verbose++;
>>                        break;
>> @@ -122,6 +167,13 @@ int main(int argc, char **argv)
>>                }
>>        }
>>
>> +       if (clearring) {
>> +               keyring = ((argc - optind) ? argv[optind] : NULL);
>> +               rc = keyring_clear(keyring);
>> +               return rc;
>> +       }
>> +
>> +       xlog_stderr(0);
>>        if ((argc - optind) != 2) {
>>                xlog_err("Bad arg count. Check /etc/request-key.conf");
>>                xlog_warn(usage, progname);
>> diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
>> index c67aab6..db65a1f 100644
>> --- a/utils/nfsidmap/nfsidmap.man
>> +++ b/utils/nfsidmap/nfsidmap.man
>> @@ -6,7 +6,7 @@
>>  .SH NAME
>>  nfsidmap \- The NFS idmapper upcall program
>>  .SH SYNOPSIS
>> -.B "nfsidmap [-v] [-t timeout] key desc"
>> +.B "nfsidmap [-v] [-c [keyring]] [-t timeout] key desc"
>>  .SH DESCRIPTION
>>  The file
>>  .I /usr/sbin/nfsidmap
>> @@ -14,10 +14,20 @@ is used by the NFS idmapper to translate user and group ids into names, and to
>>  translate user and group names into ids. Idmapper uses request-key to perform
>>  the upcall and cache the result.
>>  .I /usr/sbin/nfsidmap
>> -should only be called by request-key, and will perform the translation and
>> +is called by /sbin/request-key, and will perform the translation and
>>  initialize a key with the resulting information.
>> +.PP
>> +.I nfsidmap
>> +can also used to clear the keyring of all the keys.
>> +This is useful when all the mappings have failed to due to an DNS outage
>> +or some other error resulting in all the cached uid/gid to be invalid.
>>  .SH OPTIONS
>>  .TP
>> +.B -c [keyring]
>> +Clear the keyring of all the keys. If a
>> +keyring is not supplied the default
>> +keyring 'id_resolver' will be used.
>> +.TP
>>  .B -t timeout
>>  Set the expiration timer, in seconds, on the key.
>>  The default is 600 seconds (10 mins).
>> --
>> 1.7.7
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux