18 char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
21 #define IDMAP_NAMESZ 128
25 #define PROCKEYS "/proc/keys"
26 #ifndef DEFAULT_KEYRING
27 #define DEFAULT_KEYRING "id_resolver"
30 #ifndef PATH_IDMAPDCONF
31 #define PATH_IDMAPDCONF "/etc/idmapd.conf"
34 static int keyring_clear(char *keyring);
40 * Check to the config file for the verbosity level
43 get_config_verbose(char *path)
47 return conf_get_num("General", "Verbosity", 0);
51 * Find either a user or group id based on the name@domain string
53 int id_lookup(char *name_at_domain, key_serial_t key, int type)
61 rc = nfs4_owner_to_uid(name_at_domain, &uid);
62 sprintf(id, "%u", uid);
64 rc = nfs4_group_owner_to_gid(name_at_domain, &gid);
65 sprintf(id, "%u", gid);
68 xlog_err("id_lookup: %s: failed: %m",
69 (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
72 rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
79 * The keyring is full. Clear the keyring and try again
81 rc = keyring_clear(DEFAULT_KEYRING);
83 rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
90 xlog_err("id_lookup: keyctl_instantiate failed: %m");
97 * Find the name@domain string from either a user or group id
99 int name_lookup(char *id, key_serial_t key, int type)
101 char name[IDMAP_NAMESZ];
102 char domain[NFS4_MAX_DOMAIN_LEN];
107 rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN);
110 xlog_err("name_lookup: nfs4_get_default_domain failed: %m");
116 rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ);
119 rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ);
122 xlog_err("name_lookup: %s: failed: %m",
123 (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
126 rc = keyctl_instantiate(key, &name, strlen(name), 0);
128 xlog_err("name_lookup: keyctl_instantiate failed: %m");
134 * Clear all the keys on the given keyring
136 static int keyring_clear(char *keyring)
143 keyring = DEFAULT_KEYRING;
145 if ((fp = fopen(PROCKEYS, "r")) == NULL) {
146 xlog_err("fopen(%s) failed: %m", PROCKEYS);
150 while(fgets(buf, BUFSIZ, fp) != NULL) {
151 if (strstr(buf, "keyring") == NULL)
153 if (strstr(buf, keyring) == NULL)
156 *(strchr(buf, '\n')) = '\0';
157 xlog_warn("clearing '%s'", buf);
160 * The key is the first arugment in the string
162 *(strchr(buf, ' ')) = '\0';
163 sscanf(buf, "%x", &key);
164 if (keyctl_clear(key) < 0) {
165 xlog_err("keyctl_clear(0x%x) failed: %m", key);
172 xlog_err("'%s' keyring was not found.", keyring);
179 static int key_revoke(char *keystr, int keymask)
182 char buf[BUFSIZ], *ptr;
188 if ((fp = fopen(PROCKEYS, "r")) == NULL) {
189 xlog_err("fopen(%s) failed: %m", PROCKEYS);
193 while(fgets(buf, BUFSIZ, fp) != NULL) {
194 if (strstr(buf, "keyring") != NULL)
198 if ((ptr = strstr(buf, "uid:")) != NULL)
200 else if ((ptr = strstr(buf, "gid:")) != NULL)
205 if ((keymask & mask) == 0)
208 if (strncmp(ptr+4, keystr, strlen(keystr)) != 0)
212 *(strchr(buf, '\n')) = '\0';
213 xlog_warn("revoking '%s'", buf);
216 * The key is the first arugment in the string
218 *(strchr(buf, ' ')) = '\0';
219 sscanf(buf, "%x", &key);
221 if (keyctl_revoke(key) < 0) {
222 xlog_err("keyctl_revoke(0x%x) failed: %m", key);
233 xlog_err("'%s' key was not found.", keystr);
238 int main(int argc, char **argv)
246 char *progname, *keystr = NULL;
247 int clearing = 0, keymask = 0;
249 /* Set the basename */
250 if ((progname = strrchr(argv[0], '/')) != NULL)
257 while ((opt = getopt(argc, argv, "u:g:r:ct:v")) != -1) {
261 keystr = strdup(optarg);
265 keystr = strdup(optarg);
268 keymask = GIDKEYS|UIDKEYS;
269 keystr = strdup(optarg);
278 timeout = atoi(optarg);
281 xlog_warn(usage, progname);
286 verbose = get_config_verbose(PATH_IDMAPDCONF);
289 rc = key_revoke(keystr, keymask);
294 rc = keyring_clear(DEFAULT_KEYRING);
299 if ((argc - optind) != 2) {
300 xlog_err("Bad arg count. Check /etc/request-key.conf");
301 xlog_warn(usage, progname);
306 nfs4_set_debug(verbose, NULL);
308 key = strtol(argv[optind++], NULL, 10);
310 arg = strdup(argv[optind]);
312 xlog_err("strdup failed: %m");
315 type = strtok(arg, ":");
316 value = strtok(NULL, ":");
319 xlog_warn("key: 0x%lx type: %s value: %s timeout %ld",
320 key, type, value, timeout);
323 if (strcmp(type, "uid") == 0)
324 rc = id_lookup(value, key, USER);
325 else if (strcmp(type, "gid") == 0)
326 rc = id_lookup(value, key, GROUP);
327 else if (strcmp(type, "user") == 0)
328 rc = name_lookup(value, key, USER);
329 else if (strcmp(type, "group") == 0)
330 rc = name_lookup(value, key, GROUP);
332 /* Set timeout to 10 (600 seconds) minutes */
334 keyctl_set_timeout(key, timeout);