To aid in debugging, the -v flag can now be specified,
multiple time, on the command line to enable verbose
logging in both the nfsidmap command and libnfsidmap
library routines.
Also converted the timeout argument to use a -t flag.
Signed-off-by: Steve Dickson <steved@redhat.com>
#include <keyutils.h>
#include <nfsidmap.h>
#include <keyutils.h>
#include <nfsidmap.h>
-/* gcc nfsidmap.c -o nfsidmap -l nfsidmap -l keyutils */
+int verbose = 0;
+char *usage="Usage: %s [-v] [-t timeout] key desc";
#define MAX_ID_LEN 11
#define IDMAP_NAMESZ 128
#define USER 1
#define GROUP 0
#define MAX_ID_LEN 11
#define IDMAP_NAMESZ 128
#define USER 1
#define GROUP 0
/*
* Find either a user or group id based on the name@domain string
*/
/*
* Find either a user or group id based on the name@domain string
*/
char *arg;
char *value;
char *type;
char *arg;
char *value;
char *type;
int timeout = 600;
key_serial_t key;
char *progname;
int timeout = 600;
key_serial_t key;
char *progname;
xlog_syslog(1);
xlog_stderr(0);
xlog_syslog(1);
xlog_stderr(0);
+ while ((opt = getopt(argc, argv, "t:v")) != -1) {
+ switch (opt) {
+ case 'v':
+ verbose++;
+ break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
+ default:
+ xlog_warn(usage, progname);
+ break;
+ }
+ }
+
+ if ((argc - optind) != 2) {
xlog_err("Bad arg count. Check /etc/request-key.conf");
xlog_err("Bad arg count. Check /etc/request-key.conf");
+ xlog_warn(usage, progname);
- arg = malloc(sizeof(char) * strlen(argv[2]) + 1);
- strcpy(arg, argv[2]);
+ if (verbose)
+ nfs4_set_debug(verbose, NULL);
+
+ key = strtol(argv[optind++], NULL, 10);
+
+ arg = strdup(argv[optind]);
+ if (arg == NULL) {
+ xlog_err("strdup failed: %m");
+ return 1;
+ }
type = strtok(arg, ":");
value = strtok(NULL, ":");
type = strtok(arg, ":");
value = strtok(NULL, ":");
- if (argc == 4) {
- timeout = atoi(argv[3]);
- if (timeout < 0)
- timeout = 0;
+ if (verbose) {
+ xlog_warn("key: %ld type: %s value: %s timeout %ld",
+ key, type, value, timeout);
- key = strtol(argv[1], NULL, 10);
-
if (strcmp(type, "uid") == 0)
rc = id_lookup(value, key, USER);
else if (strcmp(type, "gid") == 0)
if (strcmp(type, "uid") == 0)
rc = id_lookup(value, key, USER);
else if (strcmp(type, "gid") == 0)
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
- /* Set timeout to 5 (600 seconds) minutes */
+ /* Set timeout to 10 (600 seconds) minutes */
if (rc == 0)
keyctl_set_timeout(key, timeout);
if (rc == 0)
keyctl_set_timeout(key, timeout);
.TH nfsidmap 5 "1 October 2010"
.SH NAME
nfsidmap \- The NFS idmapper upcall program
.TH nfsidmap 5 "1 October 2010"
.SH NAME
nfsidmap \- The NFS idmapper upcall program
+.SH SYNOPSIS
+.B "nfsidmap [-v] [-t timeout] key desc"
.SH DESCRIPTION
The file
.I /usr/sbin/nfsidmap
.SH DESCRIPTION
The file
.I /usr/sbin/nfsidmap
.I /usr/sbin/nfsidmap
should only be called by request-key, and will perform the translation and
initialize a key with the resulting information.
.I /usr/sbin/nfsidmap
should only be called by request-key, and will perform the translation and
initialize a key with the resulting information.
-.PP
-NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this
-feature.
+.SH OPTIONS
+.TP
+.B -t timeout
+Set the expiration timer, in seconds, on the key.
+The default is 600 seconds (10 mins).
+.TP
+.B -v
+Increases the verbosity of the output to syslog
+(can be specified multiple times).
.SH CONFIGURING
The file
.I /etc/request-key.conf
.SH CONFIGURING
The file
.I /etc/request-key.conf
can properly direct the upcall. The following line should be added before a call
to keyctl negate:
.PP
can properly direct the upcall. The following line should be added before a call
to keyctl negate:
.PP
-create id_resolver * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
.PP
This will direct all id_resolver requests to the program
.PP
This will direct all id_resolver requests to the program
-.I /usr/sbin/nfsidmap
-The last parameter, 600, defines how many seconds into the future the key will
+.I /usr/sbin/nfsidmap.
+The
+.B -t 600
+defines how many seconds into the future the key will
expire. This is an optional parameter for
.I /usr/sbin/nfsidmap
and will default to 600 seconds when not specified.
expire. This is an optional parameter for
.I /usr/sbin/nfsidmap
and will default to 600 seconds when not specified.
generic upcall program. If you would like to use your own program for a uid
lookup then you would edit your request-key.conf so it looks similar to this:
.PP
generic upcall program. If you would like to use your own program for a uid
lookup then you would edit your request-key.conf so it looks similar to this:
.PP
-create id_resolver uid:* * /some/other/program %k %d 600
+create id_resolver uid:* * /some/other/program %k %d
-create id_resolver * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap %k %d
.PP
Notice that the new line was added above the line for the generic program.
request-key will find the first matching line and run the corresponding program.
.PP
Notice that the new line was added above the line for the generic program.
request-key will find the first matching line and run the corresponding program.