#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
-#include <syslog.h>
#include <pwd.h>
#include <grp.h>
#include <limits.h>
#include "config.h"
#endif /* HAVE_CONFIG_H */
+#include "xlog.h"
#include "cfg.h"
#include "queue.h"
#include "nfslib.h"
static void idtonameres(struct idmap_msg *);
static void nametoidres(struct idmap_msg *);
-static int nfsdopen();
+static int nfsdopen(void);
static int nfsdopenone(struct idmap_client *);
static void nfsdreopen(void);
size_t strlcat(char *, const char *, size_t);
size_t strlcpy(char *, const char *, size_t);
-ssize_t atomicio(ssize_t (*)(), int, void *, size_t);
+ssize_t atomicio(ssize_t (*f) (int, void*, size_t),
+ int, void *, size_t);
void mydaemon(int, int);
-void release_parent();
+void release_parent(void);
static int verbose = 0;
#define DEFAULT_IDMAP_CACHE_EXPIRY 600 /* seconds */
return ret;
}
-static void
-msg_format(char *rtnbuff, int rtnbuffsize, int errval,
- const char *fmt, va_list args)
-{
- char buff[1024];
- int n;
-
- vsnprintf(buff, sizeof(buff), fmt, args);
-
- if ((n = strlen(buff)) > 0 && buff[n-1] == '\n')
- buff[--n] = '\0';
-
- snprintf(rtnbuff, rtnbuffsize, "%s: %s", buff, strerror(errval));
-}
-
-static void
-idmapd_warn(const char *fmt, ...)
-{
- int errval = errno; /* save this! */
- char buff[1024];
- va_list args;
-
- va_start(args, fmt);
- msg_format(buff, sizeof(buff), errval, fmt, args);
- va_end(args);
-
- syslog(LOG_WARNING, "%s", buff);
-}
-
-static void
-idmapd_warnx(const char *fmt, ...)
-{
- va_list args;
-
- va_start(args, fmt);
- vsyslog(LOG_WARNING, fmt, args);
- va_end(args);
-}
-
-static void
-idmapd_err(int eval, const char *fmt, ...)
-{
- int errval = errno; /* save this! */
- char buff[1024];
- va_list args;
-
- va_start(args, fmt);
- msg_format(buff, sizeof(buff), errval, fmt, args);
- va_end(args);
-
- syslog(LOG_ERR, "%s", buff);
- exit(eval);
-}
-
-static void
-idmapd_errx(int eval, const char *fmt, ...)
-{
- va_list args;
-
- va_start(args, fmt);
- vsyslog(LOG_ERR, fmt, args);
- va_end(args);
- exit(eval);
-}
-
int
main(int argc, char **argv)
{
progname++;
else
progname = argv[0];
- openlog(progname, LOG_PID, LOG_DAEMON);
+ xlog_open(progname);
#define GETOPTSTR "vfd:p:U:G:c:CS"
opterr=0; /* Turn off error messages */
errx(1, "Could not find group \"%s\"", nobodygroup);
nobodygid = gr->gr_gid;
- nfs4_set_debug(verbose, idmapd_warnx);
+#ifdef HAVE_NFS4_SET_DEBUG
+ nfs4_set_debug(verbose, xlog_warn);
+#endif
if (conf_path == NULL)
conf_path = _PATH_IDMAPDCONF;
if (nfs4_init_name_mapping(conf_path))
event_init();
if (verbose > 0)
- idmapd_warnx("Expiration time is %d seconds.",
+ xlog_warn("Expiration time is %d seconds.",
cache_entry_expiration);
if (serverstart) {
nfsdret = nfsdopen();
if (nfsdret == 0) {
ret = flush_nfsd_idmap_cache();
if (ret)
- idmapd_errx(1,
- "main: Failed to flush nfsd idmap cache\n");
+ xlog_err("main: Failed to flush nfsd idmap cache\n: %s", strerror(errno));
}
}
char timeout_buf[12];
if ((timeout_fd = open(CLIENT_CACHE_TIMEOUT_FILE,
O_RDWR)) == -1) {
- idmapd_warnx("Unable to open '%s' to set "
+ xlog_warn("Unable to open '%s' to set "
"client cache expiration time "
"to %d seconds\n",
CLIENT_CACHE_TIMEOUT_FILE,
len = snprintf(timeout_buf, sizeof(timeout_buf),
"%d", cache_entry_expiration);
if ((write(timeout_fd, timeout_buf, len)) != len)
- idmapd_warnx("Error writing '%s' to "
+ xlog_warn("Error writing '%s' to "
"'%s' to set client "
"cache expiration time\n",
timeout_buf,
}
if ((fd = open(pipefsdir, O_RDONLY)) == -1)
- idmapd_err(1, "main: open(%s)", pipefsdir);
+ xlog_err("main: open(%s): %s", pipefsdir, strerror(errno));
if (fcntl(fd, F_SETSIG, SIGUSR1) == -1)
- idmapd_err(1, "main: fcntl(%s)", pipefsdir);
+ xlog_err("main: fcntl(%s): %s", pipefsdir, strerror(errno));
if (fcntl(fd, F_NOTIFY,
DN_CREATE | DN_DELETE | DN_MODIFY | DN_MULTISHOT) == -1)
- idmapd_err(1, "main: fcntl(%s)", pipefsdir);
+ xlog_err("main: fcntl(%s): %s", pipefsdir, strerror(errno));
TAILQ_INIT(&icq);
}
if (nfsdret != 0 && fd == 0)
- idmapd_errx(1, "main: Neither NFS client nor NFSd found");
+ xlog_err("main: Neither NFS client nor NFSd found");
release_parent();
if (event_dispatch() < 0)
- idmapd_errx(1, "main: event_dispatch returns errno %d (%s)",
+ xlog_err("main: event_dispatch returns errno %d (%s)",
errno, strerror(errno));
/* NOTREACHED */
return 1;
{
int nent, i;
struct dirent **ents;
- struct idmap_client *ic;
+ struct idmap_client *ic, *nextic;
char path[PATH_MAX];
struct idmap_clientq *icq = data;
nent = scandir(pipefsdir, &ents, NULL, alphasort);
if (nent == -1) {
- idmapd_warn("dirscancb: scandir(%s)", pipefsdir);
+ xlog_warn("dirscancb: scandir(%s): %s", pipefsdir, strerror(errno));
return;
}
goto next;
if ((ic = calloc(1, sizeof(*ic))) == NULL)
- return;
+ goto out;
strlcpy(ic->ic_clid, ents[i]->d_name + 4,
sizeof(ic->ic_clid));
path[0] = '\0';
pipefsdir, ents[i]->d_name);
if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
- idmapd_warn("dirscancb: open(%s)", path);
+ xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
free(ic);
- return;
+ goto out;
}
strlcat(path, "/idmap", sizeof(path));
strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
if (verbose > 0)
- idmapd_warnx("New client: %s", ic->ic_clid);
+ xlog_warn("New client: %s", ic->ic_clid);
if (nfsopen(ic) == -1) {
close(ic->ic_dirfd);
free(ic);
- return;
+ goto out;
}
ic->ic_id = "Client";
}
}
- TAILQ_FOREACH(ic, icq, ic_next) {
+ ic = TAILQ_FIRST(icq);
+ while(ic != NULL) {
+ nextic=TAILQ_NEXT(ic, ic_next);
if (!ic->ic_scanned) {
event_del(&ic->ic_event);
close(ic->ic_fd);
close(ic->ic_dirfd);
TAILQ_REMOVE(icq, ic, ic_next);
if (verbose > 0) {
- idmapd_warnx("Stale client: %s", ic->ic_clid);
- idmapd_warnx("\t-> closed %s", ic->ic_path);
+ xlog_warn("Stale client: %s", ic->ic_clid);
+ xlog_warn("\t-> closed %s", ic->ic_path);
}
free(ic);
} else
ic->ic_scanned = 0;
+ ic = nextic;
}
+
+out:
+ for (i = 0; i < nent; i++)
+ free(ents[i]);
+ free(ents);
return;
}
struct idmap_client *ic = data;
struct idmap_msg im;
u_char buf[IDMAP_MAXMSGSZ + 1];
- size_t len, bsiz;
+ size_t len;
+ ssize_t bsiz;
char *bp, typebuf[IDMAP_MAXMSGSZ],
buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p;
unsigned long tmp;
goto out;
if ((len = read(ic->ic_fd, buf, sizeof(buf))) <= 0) {
- idmapd_warnx("nfsdcb: read(%s) failed: errno %d (%s)",
+ xlog_warn("nfsdcb: read(%s) failed: errno %d (%s)",
ic->ic_path, len?errno:0,
len?strerror(errno):"End of File");
goto out;
/* Get rid of newline and terminate buffer*/
buf[len - 1] = '\0';
- bp = buf;
+ bp = (char *)buf;
memset(&im, 0, sizeof(im));
/* Authentication name -- ignored for now*/
if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
- idmapd_warnx("nfsdcb: bad authentication name in upcall\n");
+ xlog_warn("nfsdcb: bad authentication name in upcall\n");
return;
}
if (getfield(&bp, typebuf, sizeof(typebuf)) == -1) {
- idmapd_warnx("nfsdcb: bad type in upcall\n");
+ xlog_warn("nfsdcb: bad type in upcall\n");
return;
}
if (verbose > 0)
- idmapd_warnx("nfsdcb: authbuf=%s authtype=%s",
+ xlog_warn("nfsdcb: authbuf=%s authtype=%s",
authbuf, typebuf);
im.im_type = strcmp(typebuf, "user") == 0 ?
case IC_NAMEID:
im.im_conv = IDMAP_CONV_NAMETOID;
if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
- idmapd_warnx("nfsdcb: bad name in upcall\n");
+ xlog_warn("nfsdcb: bad name in upcall\n");
return;
}
break;
case IC_IDNAME:
im.im_conv = IDMAP_CONV_IDTONAME;
if (getfield(&bp, buf1, sizeof(buf1)) == -1) {
- idmapd_warnx("nfsdcb: bad id in upcall\n");
+ xlog_warn("nfsdcb: bad id in upcall\n");
return;
}
tmp = strtoul(buf1, (char **)NULL, 10);
im.im_id = (u_int32_t)tmp;
if ((tmp == ULONG_MAX && errno == ERANGE)
|| (unsigned long)im.im_id != tmp) {
- idmapd_warnx("nfsdcb: id '%s' too big!\n", buf1);
+ xlog_warn("nfsdcb: id '%s' too big!\n", buf1);
return;
}
break;
default:
- idmapd_warnx("nfsdcb: Unknown which type %d", ic->ic_which);
+ xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
return;
}
imconv(ic, &im);
buf[0] = '\0';
- bp = buf;
+ bp = (char *)buf;
bsiz = sizeof(buf);
/* Authentication name */
snprintf(buf1, sizeof(buf1), "%lu",
time(NULL) + cache_entry_expiration);
addfield(&bp, &bsiz, buf1);
- /* ID */
- snprintf(buf1, sizeof(buf1), "%u", im.im_id);
- addfield(&bp, &bsiz, buf1);
+ /* Note that we don't want to write the id if the mapping
+ * failed; instead, by leaving it off, we write a negative
+ * cache entry which will result in an error returned to
+ * the client. We don't want a chown or setacl referring
+ * to an unknown user to result in giving permissions to
+ * "nobody"! */
+ if (im.im_status == IDMAP_STATUS_SUCCESS) {
+ /* ID */
+ snprintf(buf1, sizeof(buf1), "%u", im.im_id);
+ addfield(&bp, &bsiz, buf1);
+ }
//if (bsiz == sizeof(buf)) /* XXX */
bp[-1] = '\n';
snprintf(buf1, sizeof(buf1), "%lu",
time(NULL) + cache_entry_expiration);
addfield(&bp, &bsiz, buf1);
+ /* Note we're ignoring the status field in this case; we'll
+ * just map to nobody instead. */
/* Name */
addfield(&bp, &bsiz, im.im_name);
break;
default:
- idmapd_warnx("nfsdcb: Unknown which type %d", ic->ic_which);
+ xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
return;
}
bsiz = sizeof(buf) - bsiz;
- if (atomicio(write, ic->ic_fd, buf, bsiz) != bsiz)
- idmapd_warnx("nfsdcb: write(%s) failed: errno %d (%s)",
+ if (atomicio((void*)write, ic->ic_fd, buf, bsiz) != bsiz)
+ xlog_warn("nfsdcb: write(%s) failed: errno %d (%s)",
ic->ic_path, errno, strerror(errno));
out:
case IDMAP_CONV_IDTONAME:
idtonameres(im);
if (verbose > 1)
- idmapd_warnx("%s %s: (%s) id \"%d\" -> name \"%s\"",
+ xlog_warn("%s %s: (%s) id \"%d\" -> name \"%s\"",
ic->ic_id, ic->ic_clid,
im->im_type == IDMAP_TYPE_USER ? "user" : "group",
im->im_id, im->im_name);
}
nametoidres(im);
if (verbose > 1)
- idmapd_warnx("%s %s: (%s) name \"%s\" -> id \"%d\"",
+ xlog_warn("%s %s: (%s) name \"%s\" -> id \"%d\"",
ic->ic_id, ic->ic_clid,
im->im_type == IDMAP_TYPE_USER ? "user" : "group",
im->im_name, im->im_id);
break;
default:
- idmapd_warnx("imconv: Invalid conversion type (%d) in message",
+ xlog_warn("imconv: Invalid conversion type (%d) in message",
im->im_conv);
im->im_status |= IDMAP_STATUS_INVALIDMSG;
break;
if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
if (verbose > 0)
- idmapd_warn("nfscb: read(%s)", ic->ic_path);
+ xlog_warn("nfscb: read(%s): %s", ic->ic_path, strerror(errno));
if (errno == EPIPE)
return;
goto out;
imconv(ic, &im);
- if (atomicio(write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
- idmapd_warn("nfscb: write(%s)", ic->ic_path);
+ /* XXX: I don't like ignoring this error in the id->name case,
+ * but we've never returned it, and I need to check that the client
+ * can handle it gracefully before starting to return it now. */
+
+ if (im.im_status == IDMAP_STATUS_LOOKUPFAIL)
+ im.im_status = IDMAP_STATUS_SUCCESS;
+
+ if (atomicio((void*)write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
+ xlog_warn("nfscb: write(%s): %s", ic->ic_path, strerror(errno));
out:
event_add(&ic->ic_event, NULL);
}
int fd;
if (verbose > 0)
- idmapd_warnx("ReOpening %s", ic->ic_path);
+ xlog_warn("ReOpening %s", ic->ic_path);
if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
if ((ic->ic_event.ev_flags & EVLIST_INIT))
event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
event_add(&ic->ic_event, NULL);
} else {
- idmapd_warnx("nfsdreopen: Opening '%s' failed: errno %d (%s)",
+ xlog_warn("nfsdreopen: Opening '%s' failed: errno %d (%s)",
ic->ic_path, errno, strerror(errno));
}
}
}
static int
-nfsdopen()
+nfsdopen(void)
{
return ((nfsdopenone(&nfsd_ic[IC_NAMEID]) == 0 &&
nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1);
{
if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
if (verbose > 0)
- idmapd_warnx("nfsdopenone: Opening %s failed: "
+ xlog_warn("nfsdopenone: Opening %s failed: "
"errno %d (%s)",
ic->ic_path, errno, strerror(errno));
return (-1);
event_add(&ic->ic_event, NULL);
if (verbose > 0)
- idmapd_warnx("Opened %s", ic->ic_path);
+ xlog_warn("Opened %s", ic->ic_path);
return (0);
}
DN_CREATE | DN_DELETE | DN_MULTISHOT);
break;
default:
- idmapd_warn("nfsopen: open(%s)", ic->ic_path);
+ xlog_warn("nfsopen: open(%s): %s", ic->ic_path, strerror(errno));
return (-1);
}
} else {
fcntl(ic->ic_dirfd, F_SETSIG, 0);
fcntl(ic->ic_dirfd, F_NOTIFY, 0);
if (verbose > 0)
- idmapd_warnx("Opened %s", ic->ic_path);
+ xlog_warn("Opened %s", ic->ic_path);
}
return (0);
}
break;
}
- /* XXX Hack? */
- im->im_status = IDMAP_STATUS_SUCCESS;
+ if (ret)
+ im->im_status = IDMAP_STATUS_LOOKUPFAIL;
+ else
+ im->im_status = IDMAP_STATUS_SUCCESS;
}
static void
gid_t gid;
int ret = 0;
- /* XXX: nobody fallbacks shouldn't always happen:
- * server id -> name should be OK
- * client name -> id should be OK
- * but not otherwise */
/* XXX: move nobody stuff to library calls
* (nfs4_get_nobody_user(domain), nfs4_get_nobody_group(domain)) */
- /* XXX: should make this call higher up in the call chain (so we'd
- * have a chance on looking up server/whatever. */
+
+ im->im_status = IDMAP_STATUS_SUCCESS;
+
switch (im->im_type) {
case IDMAP_TYPE_USER:
ret = nfs4_name_to_uid(im->im_name, &uid);
im->im_id = (u_int32_t) uid;
- if (ret)
+ if (ret) {
+ im->im_status = IDMAP_STATUS_LOOKUPFAIL;
im->im_id = nobodyuid;
- break;
+ }
+ return;
case IDMAP_TYPE_GROUP:
ret = nfs4_name_to_gid(im->im_name, &gid);
im->im_id = (u_int32_t) gid;
- if (ret)
+ if (ret) {
+ im->im_status = IDMAP_STATUS_LOOKUPFAIL;
im->im_id = nobodygid;
- break;
+ }
+ return;
}
- /* XXX? */
- im->im_status = IDMAP_STATUS_SUCCESS;
}
static int
return (-1);
}
- if (string[i] != '\0')
+ if ((i >= len) || string[i] != '\0')
return (-1);
return (i + 1);
if (noclose == 0) {
tempfd = open("/dev/null", O_RDWR);
- dup2(tempfd, 0);
- dup2(tempfd, 1);
- dup2(tempfd, 2);
- closeall(3);
+ if (tempfd < 0)
+ tempfd = open("/", O_RDONLY);
+ if (tempfd >= 0) {
+ dup2(tempfd, 0);
+ dup2(tempfd, 1);
+ dup2(tempfd, 2);
+ closeall(3);
+ } else
+ closeall(0);
}
return;
}
void
-release_parent()
+release_parent(void)
{
int status;