From patchwork Fri Jul 31 22:13:36 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 6920641 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id A54EEC05AC for ; Fri, 31 Jul 2015 22:13:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8CE5C20631 for ; Fri, 31 Jul 2015 22:13:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 73EDB205B7 for ; Fri, 31 Jul 2015 22:13:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751880AbbGaWNk (ORCPT ); Fri, 31 Jul 2015 18:13:40 -0400 Received: from mail-qg0-f46.google.com ([209.85.192.46]:33935 "EHLO mail-qg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751596AbbGaWNj (ORCPT ); Fri, 31 Jul 2015 18:13:39 -0400 Received: by qgeu79 with SMTP id u79so55686752qge.1 for ; Fri, 31 Jul 2015 15:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:from:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-type:content-transfer-encoding; bh=FddtQW8BHnRd9hjgtP8kFCXu3vn14TY0i1Az+f1pXbk=; b=VRBZfsiqmiwjSj10MDUczop0IBupYHshrehvxdcfgPKTU2QHe626ZAW2o9ZfSAcJNN Mm6IDX8A9vc4S6/43XcUTp3mFVj23X4ZPN2O8R+FwTMZKNO5E9Fbd5VHCdn6FIhtqzO8 /JD8HLUYapIfwm/UZS0vovxH81RkKu+VyyCpjiEprvWoFtzLrWnFYTNIeK5HTTl+DVmj BJjGieY6i1A2bFOAPYe0fsk0gPNFj7TJ0OBvB/IhJTQQFHEh5clCEBYN0UvX2GuCuWTl nvezsAcDUf0B+jdc4prgVAb3rZPD1NV9NKGuAlHbTEjILqDG5NjYpB4Qeotnx01VUJKf U2jQ== X-Received: by 10.140.235.10 with SMTP id g10mr8875377qhc.39.1438380819264; Fri, 31 Jul 2015 15:13:39 -0700 (PDT) Received: from seurat.1015granger.net ([2604:8800:100:81fc:20c:29ff:fe44:ec31]) by smtp.gmail.com with ESMTPSA id h34sm281176qge.35.2015.07.31.15.13.38 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 Jul 2015 15:13:38 -0700 (PDT) Subject: [PATCH 1/6] nfsidmap: Display the effective NFSv4 domain name From: Chuck Lever To: linux-nfs@vger.kernel.org Cc: dhowells@redhat.com Date: Fri, 31 Jul 2015 15:13:36 -0700 Message-ID: <20150731221336.50685.89208.stgit@seurat.1015granger.net> In-Reply-To: <20150731220914.50685.32887.stgit@seurat.1015granger.net> References: <20150731220914.50685.32887.stgit@seurat.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Sorry for the extensive man page changes. I added the description for the new "-d" option, then realized there was no explanation about what an "NFSv4 domain name" is. Signed-off-by: Chuck Lever --- utils/nfsidmap/nfsidmap.c | 24 ++++++++++++++++- utils/nfsidmap/nfsidmap.man | 59 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 70 insertions(+), 13 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c index 1f5ba67..85177bf 100644 --- a/utils/nfsidmap/nfsidmap.c +++ b/utils/nfsidmap/nfsidmap.c @@ -37,6 +37,21 @@ static int keyring_clear(char *keyring); #define UIDKEYS 0x1 #define GIDKEYS 0x2 +static int display_default_domain(void) +{ + char domain[NFS4_MAX_DOMAIN_LEN]; + int rc; + + rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN); + if (rc) { + xlog_errno(rc, "nfs4_get_default_domain failed: %m"); + return EXIT_FAILURE; + } + + printf("%s\n", domain); + return EXIT_SUCCESS; +} + /* * Find either a user or group id based on the name@domain string */ @@ -248,7 +263,7 @@ int main(int argc, char **argv) int timeout = 600; key_serial_t key; char *progname, *keystr = NULL; - int clearing = 0, keymask = 0; + int clearing = 0, keymask = 0, display = 0; /* Set the basename */ if ((progname = strrchr(argv[0], '/')) != NULL) @@ -258,8 +273,11 @@ int main(int argc, char **argv) xlog_open(progname); - while ((opt = getopt(argc, argv, "u:g:r:ct:v")) != -1) { + while ((opt = getopt(argc, argv, "du:g:r:ct:v")) != -1) { switch (opt) { + case 'd': + display++; + break; case 'u': keymask = UIDKEYS; keystr = strdup(optarg); @@ -294,6 +312,8 @@ int main(int argc, char **argv) if (!verbose) verbose = conf_get_num("General", "Verbosity", 0); + if (display) + return display_default_domain(); if (keystr) { rc = key_invalidate(keystr, keymask); return rc; diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man index 3a3a523..04ddff6 100644 --- a/utils/nfsidmap/nfsidmap.man +++ b/utils/nfsidmap/nfsidmap.man @@ -11,27 +11,54 @@ nfsidmap \- The NFS idmapper upcall program .B "nfsidmap [-v] [-c]" .br .B "nfsidmap [-v] [-u|-g|-r user]" +.br +.B "nfsidmap -d" .SH DESCRIPTION -The file +The NFSv4 protocol represents the local system's UID and GID values +on the wire as strings of the form +.IR user@domain . +The process of translating from UID to string and string to UID is +referred to as "ID mapping." +.PP +The system derives the +.I user +part of the string by performing a password or group lookup. +The lookup mechanism is configured in +.IR /etc/idmapd.conf . +.PP +By default, the +.I domain +part of the string is the system's DNS domain name. +It can also be specified in +.I /etc/idmapd.conf +if the system is multi-homed, +or if the system's DNS domain name does +not match the name of the system's Kerberos realm. +.PP +The .I /usr/sbin/nfsidmap -is used by the NFS idmapper to translate user and group ids into names, and to -translate user and group names into ids. Idmapper uses request-key to perform -the upcall and cache the result. +program performs translations on behalf of the kernel. +The kernel uses the request-key mechanism to perform +an upcall. .I /usr/sbin/nfsidmap -is called by /sbin/request-key, and will perform the translation and -initialize a key with the resulting information. +is invoked by /sbin/request-key, performs the translation, +and initializes a key with the resulting information. +The kernel then caches the translation results in the key. .PP .I nfsidmap -can also used to clear the keyring of all the keys or -revoke one particular key. -This is useful when the id mappings have failed to due -to a lookup error resulting in all the cached uids/gids to be set -to the user id nobody. +can also clear cached ID map results in the kernel, +or revoke one particular key. +An incorrect cached key can result in file and directory ownership +reverting to "nobody" on NFSv4 mount points. .SH OPTIONS .TP .B -c Clear the keyring of all the keys. .TP +.B -d +Display the system's effective NFSv4 domain name on +.IR stdout . +.TP .B -g user Revoke the gid key of the given user. .TP @@ -89,5 +116,15 @@ Notice that the new line was added above the line for the generic program. request-key will find the first matching line and run the corresponding program. In this case, /some/other/program will handle all uid lookups, and /usr/sbin/nfsidmap will handle gid, user, and group lookups. +.SH FILES +.TP +.I /etc/idmapd.conf +ID mapping configuration file +.TP +.I /etc/request-key.conf +Request key configuration file +.SH "SEE ALSO" +.BR idmapd.conf (5), +.BR request-key (8) .SH AUTHOR Bryan Schumaker,