18 char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
21 #define IDMAP_NAMESZ 128
25 #define PROCKEYS "/proc/keys"
26 #ifndef DEFAULT_KEYRING
27 #define DEFAULT_KEYRING "id_resolver"
30 #ifndef PATH_IDMAPDCONF
31 #define PATH_IDMAPDCONF "/etc/idmapd.conf"
34 static int keyring_clear(char *keyring);
40 * Find either a user or group id based on the name@domain string
42 int id_lookup(char *name_at_domain, key_serial_t key, int type)
50 rc = nfs4_owner_to_uid(name_at_domain, &uid);
51 sprintf(id, "%u", uid);
53 rc = nfs4_group_owner_to_gid(name_at_domain, &gid);
54 sprintf(id, "%u", gid);
57 xlog_err("id_lookup: %s: failed: %m",
58 (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
61 rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
68 * The keyring is full. Clear the keyring and try again
70 rc = keyring_clear(DEFAULT_KEYRING);
72 rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
79 xlog_err("id_lookup: keyctl_instantiate failed: %m");
86 * Find the name@domain string from either a user or group id
88 int name_lookup(char *id, key_serial_t key, int type)
90 char name[IDMAP_NAMESZ];
91 char domain[NFS4_MAX_DOMAIN_LEN];
96 rc = nfs4_get_default_domain(NULL, domain, NFS4_MAX_DOMAIN_LEN);
99 xlog_err("name_lookup: nfs4_get_default_domain failed: %m");
105 rc = nfs4_uid_to_name(uid, domain, name, IDMAP_NAMESZ);
108 rc = nfs4_gid_to_name(gid, domain, name, IDMAP_NAMESZ);
111 xlog_err("name_lookup: %s: failed: %m",
112 (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
115 rc = keyctl_instantiate(key, &name, strlen(name), 0);
117 xlog_err("name_lookup: keyctl_instantiate failed: %m");
123 * Clear all the keys on the given keyring
125 static int keyring_clear(char *keyring)
132 keyring = DEFAULT_KEYRING;
134 if ((fp = fopen(PROCKEYS, "r")) == NULL) {
135 xlog_err("fopen(%s) failed: %m", PROCKEYS);
139 while(fgets(buf, BUFSIZ, fp) != NULL) {
140 if (strstr(buf, "keyring") == NULL)
142 if (strstr(buf, keyring) == NULL)
145 *(strchr(buf, '\n')) = '\0';
146 xlog_warn("clearing '%s'", buf);
149 * The key is the first arugment in the string
151 *(strchr(buf, ' ')) = '\0';
152 sscanf(buf, "%x", &key);
153 if (keyctl_clear(key) < 0) {
154 xlog_err("keyctl_clear(0x%x) failed: %m", key);
161 xlog_err("'%s' keyring was not found.", keyring);
168 static int key_revoke(char *keystr, int keymask)
171 char buf[BUFSIZ], *ptr;
177 if ((fp = fopen(PROCKEYS, "r")) == NULL) {
178 xlog_err("fopen(%s) failed: %m", PROCKEYS);
182 while(fgets(buf, BUFSIZ, fp) != NULL) {
183 if (strstr(buf, "keyring") != NULL)
187 if ((ptr = strstr(buf, "uid:")) != NULL)
189 else if ((ptr = strstr(buf, "gid:")) != NULL)
194 if ((keymask & mask) == 0)
197 if (strncmp(ptr+4, keystr, strlen(keystr)) != 0)
201 *(strchr(buf, '\n')) = '\0';
202 xlog_warn("revoking '%s'", buf);
205 * The key is the first arugment in the string
207 *(strchr(buf, ' ')) = '\0';
208 sscanf(buf, "%x", &key);
210 if (keyctl_revoke(key) < 0) {
211 xlog_err("keyctl_revoke(0x%x) failed: %m", key);
222 xlog_err("'%s' key was not found.", keystr);
227 int main(int argc, char **argv)
235 char *progname, *keystr = NULL;
236 int clearing = 0, keymask = 0;
238 /* Set the basename */
239 if ((progname = strrchr(argv[0], '/')) != NULL)
246 while ((opt = getopt(argc, argv, "u:g:r:ct:v")) != -1) {
250 keystr = strdup(optarg);
254 keystr = strdup(optarg);
257 keymask = GIDKEYS|UIDKEYS;
258 keystr = strdup(optarg);
267 timeout = atoi(optarg);
270 xlog_warn(usage, progname);
275 if (nfs4_init_name_mapping(PATH_IDMAPDCONF)) {
276 xlog_err("Unable to create name to user id mappings.");
280 verbose = conf_get_num("General", "Verbosity", 0);
283 rc = key_revoke(keystr, keymask);
288 rc = keyring_clear(DEFAULT_KEYRING);
293 if ((argc - optind) != 2) {
294 xlog_err("Bad arg count. Check /etc/request-key.conf");
295 xlog_warn(usage, progname);
300 nfs4_set_debug(verbose, NULL);
302 key = strtol(argv[optind++], NULL, 10);
304 arg = strdup(argv[optind]);
306 xlog_err("strdup failed: %m");
309 type = strtok(arg, ":");
310 value = strtok(NULL, ":");
313 xlog_warn("key: 0x%lx type: %s value: %s timeout %ld",
314 key, type, value, timeout);
317 if (strcmp(type, "uid") == 0)
318 rc = id_lookup(value, key, USER);
319 else if (strcmp(type, "gid") == 0)
320 rc = id_lookup(value, key, GROUP);
321 else if (strcmp(type, "user") == 0)
322 rc = name_lookup(value, key, USER);
323 else if (strcmp(type, "group") == 0)
324 rc = name_lookup(value, key, GROUP);
326 /* Set timeout to 10 (600 seconds) minutes */
328 keyctl_set_timeout(key, timeout);