16 char *usage="Usage: %s [-v] [-c || [-t timeout] key desc]";
19 #define IDMAP_NAMESZ 128
23 #define PROCKEYS "/proc/keys"
24 #ifndef DEFAULT_KEYRING
25 #define DEFAULT_KEYRING "id_resolver"
30 * Find either a user or group id based on the name@domain string
32 int id_lookup(char *name_at_domain, key_serial_t key, int type)
40 rc = nfs4_owner_to_uid(name_at_domain, &uid);
41 sprintf(id, "%u", uid);
43 rc = nfs4_group_owner_to_gid(name_at_domain, &gid);
44 sprintf(id, "%u", gid);
47 xlog_err("id_lookup: %s: failed: %m",
48 (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
51 rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
53 xlog_err("id_lookup: keyctl_instantiate failed: %m");
60 * Find the name@domain string from either a user or group id
62 int name_lookup(char *id, key_serial_t key, int type)
64 char name[IDMAP_NAMESZ];
65 char domain[NFS4_MAX_DOMAIN_LEN];
70 rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN);
73 xlog_err("name_lookup: nfs4_get_default_domain failed: %m");
79 rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ);
82 rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ);
85 xlog_err("name_lookup: %s: failed: %m",
86 (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
89 rc = keyctl_instantiate(key, &name, strlen(name), 0);
91 xlog_err("name_lookup: keyctl_instantiate failed: %m");
97 * Clear all the keys on the given keyring
99 static int keyring_clear(char *keyring)
107 keyring = DEFAULT_KEYRING;
109 if ((fp = fopen(PROCKEYS, "r")) == NULL) {
110 xlog_err("fopen(%s) failed: %m", PROCKEYS);
114 while(fgets(buf, BUFSIZ, fp) != NULL) {
115 if (strstr(buf, "keyring") == NULL)
117 if (strstr(buf, keyring) == NULL)
120 *(strchr(buf, '\n')) = '\0';
121 xlog_warn("clearing '%s'", buf);
124 * The key is the first arugment in the string
126 *(strchr(buf, ' ')) = '\0';
127 sscanf(buf, "%x", &key);
128 if (keyctl_clear(key) < 0) {
129 xlog_err("keyctl_clear(0x%x) failed: %m", key);
136 xlog_err("'%s' keyring was not found.", keyring);
141 int main(int argc, char **argv)
152 /* Set the basename */
153 if ((progname = strrchr(argv[0], '/')) != NULL)
160 while ((opt = getopt(argc, argv, "ct:v")) != -1) {
169 timeout = atoi(optarg);
172 xlog_warn(usage, progname);
178 rc = keyring_clear(DEFAULT_KEYRING);
183 if ((argc - optind) != 2) {
184 xlog_err("Bad arg count. Check /etc/request-key.conf");
185 xlog_warn(usage, progname);
190 nfs4_set_debug(verbose, NULL);
192 key = strtol(argv[optind++], NULL, 10);
194 arg = strdup(argv[optind]);
196 xlog_err("strdup failed: %m");
199 type = strtok(arg, ":");
200 value = strtok(NULL, ":");
203 xlog_warn("key: %ld type: %s value: %s timeout %ld",
204 key, type, value, timeout);
207 if (strcmp(type, "uid") == 0)
208 rc = id_lookup(value, key, USER);
209 else if (strcmp(type, "gid") == 0)
210 rc = id_lookup(value, key, GROUP);
211 else if (strcmp(type, "user") == 0)
212 rc = name_lookup(value, key, USER);
213 else if (strcmp(type, "group") == 0)
214 rc = name_lookup(value, key, GROUP);
216 /* Set timeout to 10 (600 seconds) minutes */
218 keyctl_set_timeout(key, timeout);