On 11/17/2011 03:36 PM, Tigran Mkrtchyan wrote:
> On Thu, Nov 17, 2011 at 9:26 PM, Steve Dickson <steved@xxxxxxxxxx> wrote:
>> Introduce the '-c [keyring]' command line argument
>> which will clear the giving keyring of the keys.
>> If a keyring not supplied the default 'id_resolver'
>> keyring will be used.
>>
>> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>> ---
>> utils/nfsidmap/nfsidmap.c | 62 +++++++++++++++++++++++++++++++++++++++---
>> utils/nfsidmap/nfsidmap.man | 14 ++++++++-
>> 2 files changed, 69 insertions(+), 7 deletions(-)
>>
>> diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
>> index 6a09f38..2625dc1 100644
>> --- a/utils/nfsidmap/nfsidmap.c
>> +++ b/utils/nfsidmap/nfsidmap.c
>> @@ -13,12 +13,14 @@
>> #include "xlog.h"
>>
>> int verbose = 0;
>> -char *usage="Usage: %s [-v] [-t timeout] key desc";
>> +char *usage="Usage: %s [-v] [-c [keyring]] [-t timeout] key desc";
>>
>> #define MAX_ID_LEN 11
>> #define IDMAP_NAMESZ 128
>> #define USER 1
>> #define GROUP 0
>> +#define DEFAULT_KEYRING "id_resolver"
>> +#define PROCKEYS "/proc/keys"
>>
>> /*
>> * Find either a user or group id based on the name@domain string
>> @@ -87,6 +89,47 @@ int name_lookup(char *id, key_serial_t key, int type)
>> out:
>> return rc;
>> }
>> +/*
>> + * Clear all the keys on the given keyring
>> + */
>> +static int keyring_clear(char *keyring)
>> +{
>> + FILE *fp;
>> + char buf[BUFSIZ];
>> + key_serial_t key;
>> +
>> + xlog_syslog(0);
>> + if (keyring == NULL)
>> + keyring = DEFAULT_KEYRING;
>> +
>> + if ((fp = fopen(PROCKEYS, "r")) == NULL) {
>
> The same comment here: fp never closed.
Got it..
steved.
>
> Tigran.
>> + xlog_err("fopen(%s) failed: %m", PROCKEYS);
>> + return 1;
>> + }
>> +
>> + while(fgets(buf, BUFSIZ, fp) != NULL) {
>> + if (strstr(buf, "keyring") == NULL)
>> + continue;
>> + if (strstr(buf, keyring) == NULL)
>> + continue;
>> + if (verbose) {
>> + *(strchr(buf, '\n')) = '\0';
>> + xlog_warn("clearing '%s'", buf);
>> + }
>> + /*
>> + * The key is the first arugment in the string
>> + */
>> + *(strchr(buf, ' ')) = '\0';
>> + sscanf(buf, "%x", &key);
>> + if (keyctl_clear(key) < 0) {
>> + xlog_err("keyctl_clear(0x%x) failed: %m", key);
>> + return 1;
>> + }
>> + return 0;
>> + }
>> + xlog_err("'%s' keyring was not found.", keyring);
>> + return 1;
>> +}
>>
>> int main(int argc, char **argv)
>> {
>> @@ -96,7 +139,8 @@ int main(int argc, char **argv)
>> int rc = 1, opt;
>> int timeout = 600;
>> key_serial_t key;
>> - char *progname;
>> + char *progname, *keyring = NULL;
>> + int clearring;
>>
>> /* Set the basename */
>> if ((progname = strrchr(argv[0], '/')) != NULL)
>> @@ -105,11 +149,12 @@ int main(int argc, char **argv)
>> progname = argv[0];
>>
>> xlog_open(progname);
>> - xlog_syslog(1);
>> - xlog_stderr(0);
>>
>> - while ((opt = getopt(argc, argv, "t:v")) != -1) {
>> + while ((opt = getopt(argc, argv, "ct:v")) != -1) {
>> switch (opt) {
>> + case 'c':
>> + clearring++;
>> + break;
>> case 'v':
>> verbose++;
>> break;
>> @@ -122,6 +167,13 @@ int main(int argc, char **argv)
>> }
>> }
>>
>> + if (clearring) {
>> + keyring = ((argc - optind) ? argv[optind] : NULL);
>> + rc = keyring_clear(keyring);
>> + return rc;
>> + }
>> +
>> + xlog_stderr(0);
>> if ((argc - optind) != 2) {
>> xlog_err("Bad arg count. Check /etc/request-key.conf");
>> xlog_warn(usage, progname);
>> diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
>> index c67aab6..db65a1f 100644
>> --- a/utils/nfsidmap/nfsidmap.man
>> +++ b/utils/nfsidmap/nfsidmap.man
>> @@ -6,7 +6,7 @@
>> .SH NAME
>> nfsidmap \- The NFS idmapper upcall program
>> .SH SYNOPSIS
>> -.B "nfsidmap [-v] [-t timeout] key desc"
>> +.B "nfsidmap [-v] [-c [keyring]] [-t timeout] key desc"
>> .SH DESCRIPTION
>> The file
>> .I /usr/sbin/nfsidmap
>> @@ -14,10 +14,20 @@ is used by the NFS idmapper to translate user and group ids into names, and to
>> translate user and group names into ids. Idmapper uses request-key to perform
>> the upcall and cache the result.
>> .I /usr/sbin/nfsidmap
>> -should only be called by request-key, and will perform the translation and
>> +is called by /sbin/request-key, and will perform the translation and
>> initialize a key with the resulting information.
>> +.PP
>> +.I nfsidmap
>> +can also used to clear the keyring of all the keys.
>> +This is useful when all the mappings have failed to due to an DNS outage
>> +or some other error resulting in all the cached uid/gid to be invalid.
>> .SH OPTIONS
>> .TP
>> +.B -c [keyring]
>> +Clear the keyring of all the keys. If a
>> +keyring is not supplied the default
>> +keyring 'id_resolver' will be used.
>> +.TP
>> .B -t timeout
>> Set the expiration timer, in seconds, on the key.
>> The default is 600 seconds (10 mins).
>> --
>> 1.7.7
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
